Meta

Last update: 12.09.2025
Use of the Operator’s services constitutes acceptance of this Policy.

MIIT LLC is a telecommunications service provider offering internet, telephony, television, hosting, VPS, colocation, mail domains, and other services. We respect your privacy and protect personal data in accordance with the Law of Ukraine “On Personal Data Protection” and Regulation (EU) 2016/679 (GDPR). This Privacy Policy transparently describes which data we collect, the purposes for which we process it, how we store and protect it, as well as your rights and our obligations when processing personal data.

What personal data we process

We collect and process the following categories of users' personal data:

Identification data: full name of the client, date of birth, as well as identity document data (passport or ID card, taxpayer identification number, etc.).
Contact information: service connection and/or residential address, mailing addresses, contact phone numbers, email address, and other contact details.
Payment details: information necessary to make payments for services – for example, bank account or card numbers, payment system data (note: MIIT does not store full payment card data and uses secure payment gateways).
Service usage data: information about your tariff plan, network connection history, consumed internet traffic, duration and time of telephone calls, list of ordered services, support requests, etc. We may also store records of your support interactions (phone calls, emails) to ensure quality service.
Technical data and online identifiers: IP address from which you connect to our services, MAC addresses of equipment, system event logs, cookies, and other unique identifiers. We also automatically collect information about your browser and device, access time, browsing history on our website, etc. – this helps us ensure proper service operation and fraud prevention.
Other information: when necessary, we may collect additional data – for example, your consent or refusal for marketing communications, feedback or survey responses, and for business clients – data of authorized persons or company details. We do not collect special categories of data (health, religion, biometric data, etc.) unless required by law or voluntarily provided by you.

You may always refuse to provide certain personal data. However, in such a case, we may be unable to connect you to services or respond to your request.

Purposes of Personal Data Processing

We process your personal data solely for specific and lawful purposes. The main purposes for which MIIT collects and uses user information are as follows:

Provision of telecommunications services. We use your data to establish, configure, and maintain internet connections, telephony, television, and other ordered services. This includes concluding and executing a contract with you, network authorization, providing access to your Personal Account, responding to technical requests, and troubleshooting.
Customer communication. Your contact information is used to communicate with you regarding service maintenance: notifications about changes in contract terms, scheduled technical works, debt notifications, or status of support requests. We also respond to inquiries, complaints, and suggestions received via phone, email, or other channels.
Service improvement and analytics. Personal data (especially technical and anonymized statistical data) is used to analyze the performance of our services and website. We monitor how clients use services and which pages they visit to make our products more convenient and effective. Such analytics allow us to optimize the network, improve service quality, and develop new beneficial offers for subscribers.
Content personalization and marketing. To provide relevant information, we may tailor website content and marketing materials according to your interests. For example, on our website or in applications, we may show personalized content and offer tariffs or promotions we believe may interest you. For existing subscribers, we may occasionally send emails or SMS messages about service updates, special offers, loyalty programs, etc. Such marketing communications are only sent with your consent or if you have not explicitly opted out. You can unsubscribe at any time using the link in the message or other convenient mechanisms.
Security and fraud prevention. We process data to ensure cybersecurity of our networks and users: monitoring traffic for abnormal activity, protecting websites and servers from unauthorized access, and performing backups. Personal data may be used to verify your identity during inquiries (to prevent unauthorized account access) and to detect and prevent fraud, piracy, and misuse of network resources.
Compliance with legal obligations. In some cases, we are required to process and store your data to comply with legal requirements. For example, laws may require storing financial documents (invoices, acts) for a specific period; providing subscriber information upon request by law enforcement agencies; blocking access to prohibited resources at the request of government regulators, etc. We process personal data to the minimum extent necessary to fulfill such lawful obligations.

We do not use your data for any incompatible purposes of which you have not been informed. If in the future it becomes necessary to use data for a new purpose, we will notify you in advance and obtain your consent if required.

Legal Grounds for Processing

We process personal data solely on legal grounds provided by the current legislation of Ukraine and Article 6 of GDPR. Depending on the situation, your data is processed based on one or more of the following grounds:

Conclusion and performance of a contract. The processing of most personal data is carried out to provide you with the ordered services under our Telecommunications Services Agreement. This includes pre-contractual relations (processing a request, checking technical feasibility of connection) and full performance of our contractual obligations. Without this data, we would not be able to properly provide communication services.
Compliance with legal obligations. We process data when necessary to comply with the law or other regulatory acts. For example, according to telecommunications and tax legislation, we store certain information about subscribers and their transactions; upon request of courts or law enforcement agencies, we may be required to provide them with certain data. Such processing is mandatory and does not require separate user consent.
Your consent. For certain types of processing, we request your voluntary consent. In particular, consent is required for the use of your data for marketing purposes (newsletters, promotional campaigns) or for setting certain cookies (analytical or advertising) on the website. If we request consent for processing – you have the right not to provide it or withdraw it later. In any case, we always clearly inform you what you are consenting to and ensure that withdrawing consent is as easy as giving it.
Legitimate interest of the company. In some cases, we process data based on our legitimate interest. We ensure that the processing does not violate your fundamental rights and freedoms. Examples of our legitimate interest include: maintaining network security and integrity (preventing cyberattacks, performing internal security audits), improving existing services and developing new ones (demand analysis, service usage statistics), direct marketing communication with existing clients regarding similar products (with the option to opt-out). Each case is carefully assessed, and additional safeguards or consent are provided if necessary.

In rare situations, personal data processing may be carried out for the protection of vital interests of the data subject or other individuals (e.g., transferring information to emergency services in urgent cases) or in the interest of society/state (e.g., if the telecom operator is officially required to provide access to data for national security purposes). Such grounds are used extremely rarely. In any case, MIIT will not process personal data without a proper legal basis.

Cookies and Third-Party Tools

To ensure website usability and marketing purposes, we use cookies and similar technologies (pixels, browser local storage, etc.). Cookies are small text files stored in your browser that allow us to recognize your device on subsequent visits. They help us remember your settings, analyze traffic, and improve website content.

Our website uses different types of cookies:

Strictly necessary (technical): required for the website to function and provide our online services (e.g., login to the Personal Account, retaining items in the cart, session security). These cookies are always enabled, as the site cannot function properly without them.
Functional (for settings): remember your choices and preferences, such as interface language or region, to make using the website more convenient for you.
Analytical: collect anonymized statistical data about visitors – which pages are viewed, how much time is spent on the site, which actions are taken. This allows us to evaluate the effectiveness of the website and our services. We use, in particular, Google Analytics – a web analytics service by Google. Google Analytics may set its own cookies and collect information about your activity on the MIIT website (e.g., pages viewed, IP address, browser data). This data is transmitted to Google servers in anonymized form and analyzed to generate reports about the site’s performance. Please note: data collected by Google Analytics is subject to Google’s privacy policy, which may differ from ours. We do not provide Google with any excessive information beyond what is necessary for analytics.
Marketing: used to track the effectiveness of our advertising campaigns and display ads that may be relevant to you. The MIIT website uses Facebook Pixel – a tool by Meta (Facebook) that helps us know whether you take certain actions after viewing our ads on Facebook/Instagram (e.g., visiting the site, registering). Facebook Pixel allows linking your actions on our site with your social media profiles (if you are logged in) and thus show you more relevant ads for our services in the future. Data collected by Pixel is processed by Meta according to its privacy policy. MIIT receives only aggregated statistics from this data to evaluate ad performance.

Cookie banner and settings. When you first visit our website, you see a banner notifying you about cookie use. We request your consent to set non-essential (analytical and marketing) cookies. You can accept all cookies, reject non-essential ones, or adjust your preferences (e.g., allow only certain categories). If you agree, the corresponding cookies will be stored in your browser; if you decline, analytical and marketing tools will not be activated. Note that technically necessary cookies always work because the site cannot function properly without them.

You can also manage cookies yourself: change settings or delete cookies in your browser settings (options like “Clear browsing data”, “Block cookies”, etc.). If all cookies are deleted or blocked, some parts of the website may not work correctly (e.g., sessions may not be retained). For more details on our cookie usage, see our separate Cookie Policy.

Transfer of Personal Data to Third Parties

MIIT is committed to keeping your personal data confidential. We do not sell or transfer personal data to third-party organizations for their independent use without your consent. However, in the course of providing our services and fulfilling legal obligations, some data may be transferred to third parties in the following cases:

Service providers (data processors). We may transfer necessary information to third-party companies that provide services on our behalf – for example, banks and payment systems (for payment processing), courier services (for delivery of equipment or invoices), technical support contractors, or call centers. Such recipients act under contracts with MIIT and are required to use the data only to provide the corresponding service and ensure its protection. We only provide them with the minimum amount of information necessary to perform their functions (the “data minimization” principle). This also includes IT providers: for example, if our website is hosted on a third-party hosting provider’s server or we use cloud services for data backup, the respective companies technically have access to your data. In all such cases, we enter into a Data Processing Agreement (DPA) that includes obligations regarding the confidentiality and security of your data.
Analytical and marketing platforms. As mentioned above, some of your data may be collected by Google and Meta (Facebook) through the tools we integrate (Analytics, Pixel). These companies act as separate data controllers for the information they receive and use it for their own purposes (e.g., improving their own services or ad targeting on other sites) according to their privacy policies. We recommend reviewing these policies (available on their official websites) to understand how these third parties process your data. You can opt out of Google Analytics and Facebook Pixel – we provide cookie management tools for this purpose (see previous section).
Partners and affiliates. If you order services from us that are provided jointly with a partner (e.g., promotional offers with other operators or content providers), or if you are a client of a corporate partner (and use our services under an agreement between MIIT and your employer), we may transfer the necessary data to these partners. This is done only at your initiative or with your knowledge, within a specific loyalty program or joint service, and the respective partners are also obliged to protect your information.
Government authorities. MIIT may disclose users’ personal data upon request by government authorities if required by law. In particular, upon receiving an official request (court order, investigative request, decision of an authorized state regulator, etc.), we are obliged to provide the requested data to the extent required by law. Additionally, we may transfer information without a request if we consider it necessary to protect our rights in legal proceedings (filing a claim or defending against claims), to comply with our agreement with you, to investigate potential fraud or cyberattacks, and to ensure the safety of our users or third parties. We always verify the legality of each such request and respond within the legal framework.

Cross-border data transfer. Normally, we process and store personal data within Ukraine. However, some of our contractors may be located or store data on servers outside Ukraine (e.g., Google services host information in data centers in different countries). If personal data is transferred to other jurisdictions, we ensure an appropriate level of protection – in particular, we only cooperate with entities that guarantee compliance with GDPR requirements or enter into standard contractual clauses for data protection. For users from the EU, we guarantee that the transfer of their data outside the European Economic Area will comply with Articles 44-49 GDPR with appropriate safeguards.

Data Retention Period

We retain personal data only for as long as necessary to achieve the specified purposes, unless a different period is required by law. That is, the retention period depends on the type of information and the purpose of processing:

Account and contract data: your primary registration information (full name, contacts, copies of documents, contract) is stored for the entire duration of your contract with MIIT. After the services are terminated, we may store these data in an archive for a certain period (typically up to 3 years) – this is necessary for potential dispute resolution, protection against claims, fulfillment of financial obligations (e.g., final payments), and according to the statute of limitations. Your account in the system will be deleted or anonymized after this period if further storage is not required.
Payment and accounting information: payment details, invoices, service reports, and other financial documentation are kept for at least 3 years (or longer if required by accounting and tax law). We cannot delete such data upon your request earlier, as we are legally obligated to retain them. After the legally prescribed period, documents will be destroyed or anonymized.
Log files and technical records: information about your connection sessions (IP addresses, connection times, traffic statistics) is stored for the period necessary to ensure the functioning of services and network security, as well as to comply with legal requirements for data retention. For example, internal log files may be stored for several months for failure or attack analysis, and phone connection records – according to telecom regulator requirements. After the retention period, such technical data are deleted or aggregated for statistical purposes.
Correspondence and inquiries: if you contact our support, we may store the history of emails or call recordings for 12 months after your issue is resolved. This is necessary for quality control and staff training, as well as to maintain context in case of repeat inquiries. After a year, these records are usually deleted unless there are reasons to keep them longer (e.g., an unresolved dispute).
Marketing data: information about your subscription to newsletters, participation in promotions, etc., is stored while the promotion lasts or until you withdraw your consent. If you unsubscribe from marketing communications, we may retain minimal data (e.g., your email in a “do not send” list) to prevent accidental resubscription.
Cookies: retention periods for cookies vary. Session cookies (e.g., for login) are stored only during the browser session; others may be kept from several months up to 2 years if not deleted earlier. Specific retention periods are indicated in the cookie declaration on our website or in browser settings. You can delete cookies at any time – in this case, we will lose the information stored in them.

After the applicable retention period, we either delete personal data or anonymize it so that it no longer identifies you. If the storage of certain data is no longer required for any purpose, we ensure its secure destruction. We will not retain personal data longer than necessary for the stated purposes or your consent, except where the law requires longer retention.

Information Security

We have implemented appropriate technical and organizational measures to ensure the security of your personal data. These include modern data encryption methods (e.g., encrypting traffic between your device and our servers using HTTPS/TLS), firewalls and intrusion detection systems to protect our internal networks, reliable user authentication methods (complexity requirements for passwords, two-factor authentication for access to administrative systems), regular software updates, and antivirus protection. Access to personal data is limited to authorized personnel who have received privacy training, and only to the extent necessary to perform their job duties. Our offices and data centers are equipped with physical security measures (access control systems, video surveillance, alarms) to prevent unauthorized entry.

We continuously monitor the development of security technologies and improve our data protection processes. The company has internal policies and instructions regarding personal data protection, and designated responsible persons (including the Data Protection Officer – DPO) who oversee compliance with established standards. Regular audits and security checks, as well as risk assessments, are conducted. In case of vulnerabilities or incidents, we take all necessary measures to resolve them as quickly as possible.

At the same time, it is important to remember that no method of transmitting data over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of information, but we assure you that we do everything possible to protect it. You also play an important role in keeping your data safe – please follow basic cyber hygiene practices. In particular, create strong passwords for access to your Personal Account and other MIIT services, do not share them with anyone, change them regularly, and use different passwords for different accounts. Always log out of your account after use, especially when using someone else's or a public device, and keep your equipment protected (update software, use antivirus). These recommendations will help further secure your information from unauthorized access.

In the event of a data security breach (e.g., cyberattack or information leak), we will act according to our response plans: promptly identify and contain the issue, minimize potential risks to users, and – if required by law – notify you and the relevant authorities of the incident within the prescribed timeframe. We value the trust of our clients and take all security matters seriously.

Data Subject Rights

According to Ukrainian legislation and GDPR, you have a number of important rights regarding your personal data. We respect these rights and have established convenient mechanisms for their exercise. Your main rights are as follows:

Right to know (right of access). You have the right to obtain confirmation from us whether we process your personal data, and if so – to receive a copy of your personal data, as well as information about: processing purposes, data categories, third-party recipients, storage periods, your rights, and safeguards for international data transfers. Most of your account’s core data can be viewed directly in your Personal Account. For full information, you can make an official request – we will provide necessary explanations and data copies (provided it does not infringe on the rights of others).
Right to rectification. If you believe any of your personal data we process is inaccurate or incomplete – you have the right to request correction or supplementation. For example, changing your surname due to marriage, updating contact phone number or email. We ask you to keep your information up to date and will promptly make corrections. Some data can be updated directly in your Personal Account (e.g., contact information). For other corrections, please contact us – in some cases, we may request documentary confirmation of changes (e.g., a copy of a new passport).
Right to erasure ("right to be forgotten"). You may request that we delete your personal data if: the data is no longer needed for the purposes for which it was collected; you have withdrawn consent and there is no other lawful basis for processing; you object to processing and no overriding lawful grounds exist; the data has been processed unlawfully; or it must be deleted to comply with a legal obligation. Note that the absolute right to erasure has exceptions. We cannot delete data if we are required to process it by law (e.g., payment records or information required for reporting). It is also not possible to immediately delete backup copies – they will be erased during the next backup cycle. However, if there is no legal basis to retain your data, we will delete it upon your request.
Right to restriction of processing. You have the right to request that we temporarily suspend processing of your data (except for storage) in the following cases: when you contest data accuracy – during verification; when processing is unlawful but you do not want erasure and request restriction instead; when we no longer need the data, but it is needed by you to establish or defend legal claims; or if you have objected to processing – while it is determined whether our lawful grounds prevail. During restriction, we only store the data and do not perform other operations without your consent (except for legal requirements). We will notify you when the restriction is lifted.
Right to object. You may object to the processing of your personal data if such processing is based on our legitimate interests. If you believe our processing negatively affects your rights or is incompatible with the original purposes – inform us. Upon objection, we must cease processing unless we can demonstrate compelling legitimate grounds that override your interests and rights, or the processing is necessary for establishing or defending legal claims (e.g., in court). Objections to direct marketing are always respected – if you no longer wish to receive marketing materials, we will stop sending them.
Right to data portability. You have the right to receive your personal data from us in a structured, machine-readable format (e.g., CSV) for transfer to another service provider (controller), or – if technically feasible – request that we transmit such data directly to another controller. This right only applies to information you provided and is processed automatically based on your consent or for contract performance. In telecom, data portability may be exercised when switching providers: you can retrieve your settings, phone number, etc. We will assist in carrying out such transfers conveniently.
Right to withdraw consent. If we process certain data based on your consent, you have the right to withdraw it at any time. For example, if you consented to participate in a loyalty program or receive marketing emails – you may change your mind, and we will cease processing accordingly. Withdrawal of consent does not affect the lawfulness of processing already carried out before the withdrawal. You can withdraw consent via the same channels through which it was given (e.g., uncheck in profile settings, click "Unsubscribe" in email, contact support).
Right to lodge a complaint. If you believe we violate your data protection rights, you may file a complaint with supervisory authorities. Citizens of Ukraine may complain to the Commissioner of the Verkhovna Rada of Ukraine for Human Rights (Ombudsman), who oversees data protection. EU residents may contact the national Data Protection Authority in their country. We recommend contacting us first – we will attempt to resolve your issue quickly and constructively. However, this does not limit your right to contact regulators directly.

To exercise your rights or obtain additional clarification, you may contact us conveniently (email, mail, via feedback form). Our contact details are provided at the end of the Policy.

Important: When making a personal data request, we may need to verify your identity to ensure information is provided to the rightful data owner. This is solely to protect your privacy. For example, we may ask you to send a request from the email listed in your contract, answer control questions, or provide a copy of a document (if in doubt). After receiving a request, we will respond no later than 30 days (standard GDPR period), and in complex cases may extend up to 60 days, notifying you of the reasons. Refusal to fulfill your rights is possible only in specific cases provided by law (e.g., if fulfilling your request may infringe on another person’s rights or impede a crime investigation). In any case, you will receive a clear response regarding the results of your request.

Additional Information for EU Users (GDPR)

MIIT acknowledges the requirements of the General Data Protection Regulation (GDPR) and complies with its provisions where applicable. Although our company is registered in Ukraine, we provide services to other countries as well, and we strive to meet GDPR’s high privacy standards for all users. If you are located in the European Union or your personal data is processed in connection with the provision of our services in the EU, the following additional conditions apply:

GDPR Compliance. Processing of data for EU users is based on lawful grounds under Art.6 GDPR and follows GDPR principles (lawfulness, transparency, minimization, accuracy, storage limitation, integrity, and confidentiality). We also comply with requirements for data subject rights and breach notifications (in case of an incident posing risks, we notify the regulator within 72 hours, and you without undue delay). Personal data of EU residents is stored on servers in Europe or on servers compliant with data transfer laws outside the EU (we use standard contractual clauses when transferring data to Ukraine or other third countries).

Data Protection Officer (DPO). We have appointed an internal responsible person for data protection. Our DPO monitors MIIT’s GDPR compliance, provides privacy advice, and acts as a contact point for regulators and users. If you have questions about the processing of your data under GDPR, you can contact our DPO. DPO contact: [email protected]. (Requests go directly to the DPO. Please write in English or Ukrainian. You will receive a response within 1 month.)
EU Representative. Pursuant to Art.27 GDPR, if we systematically process EU residents’ data without having an office in the EU, MIIT will appoint an official EU representative. Their duties include interaction with European supervisory authorities and users regarding data processing. Information about our representative (company name, address, email) will be available on request or in an appendix to this Policy (if appointed). Currently, considering the limited volume of EU data processing, MIIT acts through its DPO for all GDPR matters.
Rights under GDPR. Your rights described in the previous section are fully guaranteed under Articles 15–21 GDPR. Note: in addition to the previously mentioned rights, GDPR also provides the right not to be subject to a decision based solely on automated processing, including profiling, if such a decision has legal effects for you or significantly affects you. MIIT does not make automated decisions without human involvement that could significantly impact you (e.g., service denial, reliability scoring – we do not do this). If such processes are implemented in the future, we will notify you and ensure your rights under Art.22 GDPR. You also have the right to lodge a complaint with any EU data protection supervisory authority. We commit to cooperating with European regulators and complying with their orders.

This section reflects our commitment to transparency and accountability toward EU users. If you have any additional questions regarding GDPR in MIIT’s operations, please contact our DPO or support team.

Relation to Other Policies

This Privacy Policy is part of MIIT’s set of rules and policies regarding customer service. It is complemented and clarified by other documents. We also recommend reviewing the following policies:

Data Protection Policy (GDPR). A separate document dedicated to MIIT’s compliance with GDPR. It provides detailed information on cross-border data transfers, designation of responsible persons, adherence to GDPR principles, etc. This policy is particularly relevant for EU users. You can find it on our website (section "Policy and Terms").
Cookie Policy. A specialized document describing which cookies and similar technologies we use on the MIIT website, for what purposes, and how you can manage them. If you need details on specific cookies, their names, or retention periods – refer to this policy. It also includes the date of the last update and other related information.
Data Retention Policy. This document outlines our approaches and procedures for storing and destroying different types of data. The policy sets typical retention periods for main categories of information (e.g., client contracts are kept for N years, logs – M months, etc.) and the procedure for securely deleting data after the expiration of these periods. It complements the data retention section in this Privacy Policy and ensures that MIIT does not store data longer than necessary.
Refund Policy. This document regulates financial matters – conditions for refunding payments for services not provided or poorly provided, procedures for requesting reimbursement, and payment timelines. Although the Refund Policy does not directly concern personal data processing, it is related to client interactions and may require processing certain data (e.g., payment details for refunds). For a complete understanding of service terms, we recommend reviewing this document as well.
Terms of Use (Public Offer). This is the main agreement under which MIIT provides services to you. The Terms of Use contain key provisions on the rights and obligations of the parties, liability, dispute resolution, etc. The Privacy Policy is an integral part of these Terms, so any issues not regulated here are governed by the user agreement.

In case of any inconsistencies between this Privacy Policy and the documents mentioned above, this Privacy Policy shall prevail regarding personal data handling. If a topic is described in more detail in a specialized policy (e.g., cookies), that policy should be followed. We strive to ensure consistency across all our policies, which together form a unified system of rules designed to protect both your rights and our legitimate interests.

How to Contact Us

We are always open to your questions, comments, or requests regarding personal data protection. If you need additional information or wish to exercise your rights, please contact us in a convenient way:

Data Controller: MIIT LLC

Legal Address: 03150, Ukraine, Kyiv, 72 Velyka Vasylkivska St., 5th floor.

Email: [email protected] (general data protection inquiries), [email protected] (contact with the Data Protection Officer, DPO).

Phone: +38 (044) 300-1-300 (Monday to Friday, 9:00–18:00, the call center operator will redirect your question to a privacy specialist).

Please indicate in the email subject or when contacting that your question concerns personal data protection or privacy – this will help us direct it more quickly to the responsible department. We will review your request as promptly as possible and provide a response or necessary action within the timeframe required by law.

Thank you for reading our Privacy Policy. Protecting your data is our priority, and we value your trust. If you have any remaining questions, do not hesitate to contact us. We aim to provide high-quality service, combining modern technologies with respect for your privacy. Using MIIT services means accepting the terms of this Policy. We recommend periodically reviewing the Policy, as it may be updated (we will notify you of significant changes separately).