ImproveIT Solutions Privacy Policy

PRIVACY AND INFORMATION SECURITY POLICY 

1. GENERAL PROVISIONS

ImproveIT Solutions respects the confidential information of all persons without exception, paying particular attention to the strict confidentiality of personal data. 

The Company does not collect or process personal data sourced from persons with whom the Company is not bound by contractual obligations or whose permission to process is not granted by the personal data owner or personal data controller in accordance with their competence. 

The purpose of processing personal data is solely to ensure the fulfillment of the Company’s statutory activities, in particular, under the code of economic activity group 62.0 of the Classification of Economic Activities 2010, and only to the extent necessary to fulfill contractual obligations, record the results of financial and economic activities and submit reports or other information in accordance with the rules and procedures established by the state of Ukraine. 

When determining the list of information related to personal data, as well as the scope of permitted processing activities, the Company is guided by the provisions of the Law of Ukraine “On Personal Data Protection”, taking into account the principles established by the General Data Protection Regulation (GDPR)

2. COLLECTING AND USING OF PERSONAL DATA 

The owner and processor of personal data collected in the course of its activities is IMPROVE IT Solutions LLC, 25 Storozhynetska Street, Chernivtsi, 58029, Ukraine. 

When clients use the Company’s services, as well as when the Company orders services from clients, the Company processes data, in particular: 

– data on the client’s contact persons, representatives, and contractors provided for the purposes of pre-contractual communication, conclusion of the contract, and prompt circulation of information necessary to coordinate the execution of the contract; 

– data provided by the client for the purpose of fulfilling technical tasks, including surnames, names, IP addresses of endpoint equipment, parameters and settings of Internet browsers (User-agent), and other information based on the nature of a particular service. 

The Company collects only those personal data that are deliberately and voluntarily provided by the client with the consent of the personal data owner for the transfer

and processing of personal data in accordance with the purpose of their processing set forth in this Policy. 

Please note that the Company is limited to collecting the minimum amount of information necessary solely to fulfill technical tasks and perform accounting functions, giving preference to depersonalized information. 

In any case, the Company relies on the prudence, consideration, and responsibility of the client if the client provides the Company with access to the personal data of third parties. In this case, the Company proceeds from the presumption that the client is the lawful owner and has duly obtained consent to provide the Company with access to the personal data of a third party. 

For its part, the Company will take all reasonable and appropriate measures to ensure that such information is not further disseminated and will ensure other rights of the personal data owner. 

The Company does not collect any information for the processing of which certain requirements are established by law, such as information on racial or ethnic origin, political, religious, or ideological beliefs, membership in political parties and trade unions, conviction of a crime or sentence to criminal punishment, as well as data related to health, sexual life, biometric or genetic data (in accordance with Article 7 of the Law of Ukraine “On Protection of Personal Data”). 

3. RELATIONSHIPS WITH DEVELOPERS AND OTHER SPECIALISTS 

All developers and specialists engaged by the Company are checked for proper business reputation, including the absence of violations related to the handling of confidential information. 

The Company engages developers and specialists to fulfill clients’ technical assignments and perform additional functions only if they enter into non-disclosure agreements with such persons. 

The implemented non-disclosure agreements stipulate personal liability for incidents related to the disclosure of information, loss of data storage devices, failure to take measures to ensure strict confidentiality of information, response to incidents related to the processing and storage of confidential information, etc. 

The company takes special responsibility for regular monitoring of compliance with the terms of non-disclosure agreements by developers and specialists and constantly updates such agreements in accordance with best practices and standards.

In addition, the Company ensures that all developers and specialists faithfully perform information security measures, use the software properly, and comply with the highest standards of personal data protection. 

4. PERSONAL DATA PROCESSING AND PROTECTION MEASURES 

The Company uses generally accepted standards of technological and operational protection of information and personal data against loss, misuse, alteration, or disposal. However, despite its best efforts, the Company cannot guarantee absolute protection against any threats arising outside the Company’s regulation. 

To this end, the Company has implemented standard technological schemes for processing and storing personal data on MacBook Pro computers, the XTS-AES-128 encryption algorithm, and the FileVault

The Company regularly audits the following risk points: 

– installing and using the latest macOS updates with the activation of encryption of the contents of storage media; 

– a strict prohibition on using unlicensed, questionable or potentially harmful software, visiting websites, and using other Internet resources not related to the performance of tasks; 

– adherence to the password policy based on the recommendations of the National Institute of Standards and Technology (NIST) to ensure the security of the Company’s and its customers’ data and resources; 

– a strict prohibition on disclosing account identification data (logins, passwords, logical security systems) to third parties, as well as a prohibition on transferring hardware security systems to third parties; 

– a strict prohibition on the transfer of data storage devices to third parties; 

– a strict prohibition on accepting e-mail correspondence from unverified sources, as well as containers with questionable content; 

– Immediate response to any incidents of unauthorized access or suspected unauthorized access, loss, or damage to confidential information storage media, hardware security systems, etc. 

Depending on the nature of the technical tasks entrusted to the Company, the amount of confidential information, and the specifics of the information handling protocols implemented by the client, it is possible to use third-party licensed services that provide remote storage, encryption, and backup of information, and use

specialized software or hardware information security tools by a separate agreement. 

The Company’s premises where personal data is processed and stored are subject to the following access and security measures: 

● the facilities are locked; 

● all rooms are equipped with fire extinguishers, smoke and heat detectors;

● all rooms are equipped with an air conditioning system; 

● external monitoring (video surveillance), centralized alarm, and access control systems (ID cards) are installed; 

● all important documents are stored in lockable cabinets; 

● the facility is equipped with backup power sources in case of power grid failures and power outages. 

The place of processing and storage of personal data is located at the following address: 25 Storozhynetska Street, Chernivtsi, 58029, Ukraine. 

5. CONDITIONS OF ACCESS TO PERSONAL DATA 

The procedure for third-party access to personal data is determined by the terms of consent of the client or other owner of personal data in accordance with the requirements of the law. 

The owner of personal data has the right to receive any information about himself/herself from any subject of relations related to personal data, provided that the surname, name and patronymic, place of residence (place of stay), and details of the document certifying the individual submitting the request are indicated, except in cases established by law. 

The user’s access to data about themselves is free of charge. 

Delaying the user’s access to their personal data is not allowed. 

Deferral of access to the personal data of third parties is allowed if the necessary data cannot be provided within thirty calendar days from the date of receipt of the request. In this case, the total period for resolving the issues raised in the request may not exceed forty-five calendar days. 

The notice of postponement shall be communicated in writing to the third party that submitted the request, explaining the procedure for appealing such a decision. 

The decision to postpone or deny access to personal data may be appealed to the Ukrainian Parliament Commissioner for Human Rights or to the court.

6. RIGHTS OF THE PERSONAL DATA SUBJECT 

The Company informs about the rights of the personal data subject, which are regulated by the Law of Ukraine “On Personal Data Protection” in particular: 

1) to know about the sources of collection, location of their personal data, the purpose of their processing, location or place of residence (stay) of the owner or manager of personal data or to give a corresponding order to obtain this information to persons authorized by him/her, except in cases established by law; 

2) receive information about the conditions for granting access to personal data, including information about third parties to whom their personal data is transferred; 

3) access to their personal data; 

4) to receive, no later than thirty calendar days from the date of receipt of the request, except in cases provided for by law, a response on whether his or her personal data is processed, as well as to receive the content of such personal data; 

5) submit a reasoned request to the personal data controller with an objection to the processing of their personal data; 

6) to submit a reasoned request to change or destroy their personal data by any owner and administrator of personal data if this data is processed illegally or is unreliable; 

7) to the protection of own personal data from unlawful processing and accidental loss, destruction, or damage due to intentional concealment, failure to provide, or untimely provision, as well as to the protection against a provision of information that is inaccurate or discrediting to the honor, dignity, and business reputation of an individual; 

8) file complaints about the processing of their personal data to the Ukrainian Parliament Commissioner for Human Rights or to the court; 

9) apply legal remedies in case of violation of personal data protection legislation; 

10) to make warnings regarding the restriction of the right to process their personal data when giving consent; 

11) withdraw consent to the processing of personal data; 

12) to know the mechanism of automatic processing of personal data; 

13) to be protected from an automated decision that has legal consequences for them.

In order to update, access, amend, block, or delete your personal data, revoke the consent to the processing of personal data provided to the Company, or if you have any comments, requests, or claims regarding personal data processed by the Company, you can contact the Company: 

e-mail address: info@improveit.solutions 

Mailing address: IMPROVE IT Solutions LLC, 25 Storozhynetska Street, Chernivtsi, 58029, Ukraine. 

7. POLICY CHANGE 

This Policy may be amended and supplemented from time to time and without prior notice to the Client, including in case of changes in the requirements of the legislation. In any case, the requirements of the current legislation of Ukraine shall prevail (take precedence) over the provisions of this Policy. 

In the event of any material changes to this Policy, the Company will post a notice on the Website and indicate the effective date of such changes. The Client has the right to refuse to accept them in writing, and the absence of such an appeal will mean that the Client agrees to the relevant changes to the Policy. 

Please review the Policy from time to time to be aware of any changes or updates.