We are committed to keeping your information secure. Please read this Policy so that you understand your rights with respect to data protection, including how your information will be collected, stored, used and processed.
This Privacy Policy outlines the policies and practices regarding the collection, use, and protection of personal data in connection with the operation of ConnectiveOne (KWIZbot) and the website
https://evergreens.com.ua/
The
https://evergreens.com.ua/ website and the services provided by ConnectiveOne (KWIZbot) are jointly operated by the affiliates listed in the "Contact Us" section, collectively referred to in this Privacy Policy as "Company", "we" or "our" in the respective cases.
This Privacy Policy has been developed in accordance with the Law of Ukraine On the Protection of Personal Data dated June 1, 2010, № 2297-VI, and is further aligned with the principles and provisions set forth in Regulation (EU) 2016/679 of the European Parliament and Council, dated April 27, 2016, regarding the protection of natural persons with respect to the processing of personal data and on the free movement of such data (General Data Protection Regulation, GDPR).
This Privacy Policy applies to the processing of personal data of all natural persons who use the services of ConnectiveOne (KWIZbot) and/or visit the website
https://evergreens.com.ua/ (hereinafter referred to as "Data Subjects"). Company shall serve as both the Data Controller and Data Processor for such personal data processing activities, as defined under the GDPR.
By using ConnectiveOne (KWIZbot) and the website
https://evergreens.com.ua/, Data Subjects hereby consent to the collection, processing, and use of their personal information in accordance with this Agreement. The name ConnectiveOne is a rebranding of the previous (old) name of the Kwizbot Program.
1. Definitions1.1.
Personal Data or Personal Information – means any information relating to an identified or identifiable natural person, as defined in the Law of Ukraine On the Protection of Personal Data dated June 1, 2010, № 2297-VI (hereinafter referred to as the "Law") and Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR) (hereinafter referred to as the "GDPR").
1.2.
Data Subject – means an identified or identifiable natural person whose personal data is processed, as defined in the GDPR.
1.3.
Data Controller – means Company, the entity that determines the purposes and means of processing personal data, as defined in the GDPR.
1.4.
Data Processor – means Company, the entity that processes personal data on behalf of the Data Controller, as defined in the GDPR.
1.5.
Processing – means any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, as defined in the GDPR.
1.6.
Consent – means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which they signify agreement to the processing of their personal data, as defined in the GDPR.
1.7.
ConnectiveOne (KWIZbot) – means the software application and associated services provided by Company.
1.8.
Website – means the website located at https://evergreens.com.ua/, operated by Company.
1.9.
User – means any natural person who uses or accesses ConnectiveOne (KWIZbot).
1.10.
Visitor – means any natural person who visits or accesses the Website.
2. Data Collection and Use
2.1.
Types of Personal Data Collected. In the course of providing our services, we may collect and process the following categories of personal data:
(a) Identification and contact information, such as name, email address, phone number, and physical address.
(b) Payment information, such as credit or debit card details, billing address, and payment history.
(c) Usage data, such as information about how you use our services, including browsing history, search queries, and interactions with our website or applications.
(d) Technical data, such as IP address, device information, and browser type.
(e) Marketing and communications data, such as your preferences for receiving marketing communications from us and our third parties.
2.2.
Sources of Personal Data. We may collect personal data from the following sources:
(a) Directly from you, when you provide it to us through our website, applications, or other means.
(b) Automatically, through the use of cookies and other tracking technologies on our website and applications.
(c) From third-party sources, such as analytics providers, advertising networks, and data brokers.
2.3.
Purposes of Data Processing. We may process your personal data for the following purposes:
(a) To provide and maintain our services, including processing transactions, responding to inquiries, and providing customer support.
(b) To personalize and improve our services, including analyzing usage data and developing new features and functionality.
(c) To communicate with you about our services, including sending updates, promotional materials, and other marketing communications.
(d) To comply with legal obligations, such as responding to lawful requests from public authorities or cooperating with investigations.
(e) To protect our rights and interests, as well as those of our users and third parties.
2.4.
Legal Basis for Data Processing. We process personal data based on one or more of the following legal grounds:
(a) Consent: Where you have given us your explicit consent to process your personal data for specific purposes.
(b) Contract: Where the processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract.
(c) Legal Obligation: Where the processing is necessary for compliance with a legal obligation to which we are subject.
(d) Legitimate Interests: Where the processing is necessary for our legitimate interests or those of a third party, and such interests are not overridden by your interests or fundamental rights and freedoms.
2.5.
Automated Decision-Making and Profiling. We may use automated decision-making processes, including profiling, to analyze your personal data and make decisions about you or your interests. These processes may be used for purposes such as targeted advertising, fraud prevention, and risk assessment. You have the right to object to such processing and to request human intervention and an explanation of the decision-making process.
2.6.
Data Minimization and Retention. We will only collect and process personal data that is necessary for the purposes for which it was obtained. We will retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
2.7.
Consent and Choice. In certain circumstances, we may seek your consent to process your personal data. You have the right to withdraw your consent at any time by contacting us using the information provided in the "Contact Information" section of this Privacy Policy. You may also have the ability to manage certain preferences regarding the collection and use of your personal data through our website or applications.
2.8.
Third-Party Data Sharing. We may share your personal data with third parties in the following circumstances:
(a) With service providers that perform services on our behalf, such as payment processors, data analytics providers, and marketing agencies.
(b) With our affiliates and subsidiaries for purposes consistent with this Privacy Policy.
(c) In connection with a merger, acquisition, or other corporate restructuring event.
(d) As required by law or to comply with legal processes, such as court orders or government investigations.
(e) To protect our rights, property, or safety, or the rights, property, or safety of others.
2.9.
International Data Transfers. Your personal data may be transferred to and processed in countries other than the country in which you reside. We will ensure that appropriate safeguards are in place to protect your personal data when it is transferred internationally, such as by relying on adequacy decisions, standard contractual clauses, or other legally recognized mechanisms.
3.Data Sharing and Disclosure
3.1. Company may share or disclose personal data to third parties in the following limited circumstances:
(a) To comply with legal obligations, court orders, or requests from government authorities, law enforcement agencies, or regulatory bodies, to the extent required by applicable laws and regulations.
(b) To protect the vital interests of the data subject or other individuals, in cases of emergency or threat to life, health, or safety.
(c) To perform a contract with the data subject or take steps at the data subject's request prior to entering into a contract.
(d) For the legitimate interests of the Company or a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject.
3.2. Third parties to whom personal data may be shared or disclosed include:
(a) Service providers, contractors, or other third parties engaged by the Company to perform services or functions on its behalf, such as hosting, data analysis, payment processing, or customer support.
(b) Law enforcement agencies, government authorities, or other third parties as required by applicable laws and regulations.
(c) Companyʼs Affiliates or subsidiaries for internal administrative purposes.
(d) Potential buyers or investors in the event of a merger, acquisition, or sale of all or a portion of Company's assets.
3.3. Company shall ensure that any third party to whom personal data is shared or disclosed is bound by appropriate confidentiality and data protection obligations, and required to implement adequate technical and organizational measures to protect the personal data.
3.4. In the event that any Personal Data is transferred outside the European Economic Area (EEA) or to any third country, the Parties shall ensure that such transfers are carried out in accordance with the requirements of the GDPR and other applicable data protection laws.
3.5. Data subjects have the right to object to the sharing or disclosure of their personal data for direct marketing purposes or on grounds relating to their particular situation, unless the Company can demonstrate compelling legitimate grounds for such sharing or disclosure that override the interests, rights, and freedoms of the data subject.
3.6. The Company shall implement appropriate technical and organizational measures to protect personal data from unauthorized access, use, or disclosure during the sharing or transfer process, such as encryption, access controls, and secure communication protocols.
3.7. The sharing or disclosure of personal data shall be limited to what is strictly necessary for the specific purpose, and shall be subject to any applicable exceptions or limitations under applicable laws and regulations.
4. Data Security
4.1. The Company shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with the processing of Personal Data, including, as appropriate:
(a) The pseudonymization and encryption of Personal Data;
(b) The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) The ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
(d) A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
4.2. The Company shall implement access controls and authentication mechanisms to ensure that access to Personal Data is restricted to authorized personnel only, based on the principles of least privilege and need-to-know.
4.3. The Company shall maintain and regularly review access logs and audit trails to monitor access to Personal Data.
4.4. The Company shall implement role-based access controls and segregation of duties to prevent unauthorized access, modification, or misuse of Personal Data.
4.5. The Company shall ensure the physical security of its facilities and data centers where Personal Data is stored or processed, including appropriate access controls, monitoring, and security measures.
4.6. The Company shall conduct background checks and require all personnel with access to Personal Data to execute confidentiality agreements and undergo regular security awareness training and education.
4.7. The Company shall establish and maintain incident response and breach notification procedures to detect, respond to, and report data breaches in a timely manner, including notification obligations to Data Subjects and relevant authorities as required by applicable laws and regulations.
4.8. The Company shall adhere to industry-recognized security standards and best practices, such as ISO 27001, and shall conduct regular audits and assessments of its security measures.
4.9. The Company shall ensure that any subprocessors engaged in the processing of Personal Data implement appropriate technical and organizational measures to protect the security and confidentiality of Personal Data, as required by this Privacy Policy, GDPR and other applicable laws and regulations.
4.10. The Company shall regularly review and update its security measures to incorporate new technologies, industry best practices, and emerging threats, and shall continuously strive to improve the security and protection of Personal Data.
5. Data Retention and Disposal
5.1. The Company shall retain personal data collected from Data Subjects only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by applicable laws and regulations.
5.2. The criteria and principles used to determine the retention period for different categories of personal data shall be based on the following:
(a) The nature and sensitivity of the personal data;
(b) The purposes for which the personal data was collected and processed;
(c) Any legal or regulatory requirements for data retention;
(d) The potential risks associated with the continued retention of the personal data.
5.3. Upon the expiration of the applicable retention period, or when the personal data is no longer necessary for the purposes for which it was collected, Company shall securely dispose of or permanently delete such personal data, using appropriate technical and organizational measures to ensure its secure disposal.
5.4. Notwithstanding the foregoing, Company may retain personal data for longer periods if required by applicable laws, regulations, or legal obligations, such as tax or accounting purposes, or for the establishment, exercise, or defense of legal claims.
5.5. The Company shall regularly review and audit its data retention and disposal practices to ensure compliance with applicable laws and regulations, and may update or modify such practices as necessary to comply with changes in legal or regulatory requirements.
5.6. Data Subjects have the right to request the erasure or deletion of their personal data, subject to the exceptions and legal requirements set forth in this section. Data Subjects may exercise this right by contacting the Company using the contact information provided in Section 11 of this Privacy Policy.
6. Data Subjects Rights
6.1. Data Subjects have the right to obtain confirmation from the Company as to whether their personal data is being processed, and if so, to access their personal data and receive a copy of it. The Company shall provide the personal data in a commonly used and machine-readable format.
6.2. Data Subjects have the right to request the rectification of inaccurate or incomplete personal data concerning them. The Company shall rectify such personal data without undue delay.
6.3. Data Subjects have the right to request the erasure of their personal data without undue delay in the following circumstances:
(a) The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
(b) The Data Subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
(c) The Data Subject objects to the processing, and there are no overriding legitimate grounds for the processing;
(d) The personal data has been unlawfully processed;
6.3.1. The Company shall erase the personal data without undue delay, unless the processing is necessary for the establishment, exercise, or defense of legal claims or for compliance with a legal obligation under applicable law.
6.4. Data Subjects have the right to request the restriction of processing of their personal data in the following circumstances:
(a) The accuracy of the personal data is contested by the Data Subject, for a period enabling the Company to verify the accuracy of the personal data;
(b) The processing is unlawful, and the Data Subject opposes the erasure of the personal data and requests the restriction of its use instead;
(c) The Company no longer needs the personal data for the purposes of the processing, but the Data Subject requires the data for the establishment, exercise, or defense of legal claims;
(d) The Data Subject has objected to processing pending the verification whether the legitimate grounds of the Company override those of the Data Subject.
6.5. Data Subjects have the right to receive their personal data, which they have provided to the Company in a structured, commonly used, and machine-readable format.
6.6. Data Subjects have the right to object, on grounds relating to their particular situation, at any time to the processing of their personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.
6.7. Data Subjects have the right to object to the processing of their personal data for purposes other than direct marketing, where the processing is based on the legitimate interests of the Company, unless the Company demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject or for the establishment, exercise, or defense of legal claims.
6.8. Data Subjects may exercise their rights under this Section 6 by submitting a request to the Company using the contact information provided in Section 11 of this Privacy Policy.
6.9. The Company shall respond to such requests without undue delay and in any event within one month of receipt of the request, unless the request is particularly complex or numerous, in which case the Company may extend the time limit by a further two months, informing the Data Subject of the extension and the reasons for the delay.
7. Cross-Border Data Transfers7.1. In the course of providing our services and operating our business, we may need to transfer personal data across international borders, including to countries outside the European Economic Area (EEA) and the United Kingdom (UK). Such transfers may be necessary for the performance of contracts with data subjects, for the implementation of pre-contractual measures taken at the data subject's request, or for the purposes of our legitimate interests.
7.2. When transferring personal data outside the EEA or UK, we will ensure that appropriate safeguards are in place to protect the data and comply with applicable data protection laws, including GDPR and the Law.
7.3. We may transfer personal data to countries or organizations that have been deemed by the relevant authorities to provide an adequate level of data protection. Alternatively, we may rely on appropriate safeguards such as standard contractual clauses approved by the European Commission or binding corporate rules.
7.4. In certain circumstances, we may also transfer personal data to third-party service providers or partners located in other countries for the purposes of providing our services or conducting our business operations. In such cases, we will ensure that appropriate safeguards are in place to protect the data and that the transfer is carried out in accordance with applicable laws and regulations.
7.5. Data subjects have the right to be informed about any cross-border transfers of their personal data and the safeguards in place to protect their data. Data subjects may exercise their rights or raise objections to such transfers by contacting us using the information provided in the "Contact Information" section of this Privacy Policy.
7.6. We will comply with all applicable laws and regulations regarding cross-border data transfers, including the GDPR, the Law and the data protection laws of England and Wales.
7.7. We may update or modify our practices regarding cross-border data transfers from time to time.
7.8. Any changes will be reflected in an updated version of this Privacy Policy, and data subjects will be notified of such changes in accordance with applicable laws and regulations.
8. Cookies and Tracking Technologies
8.1. ConnectiveOne (KWIZbot) and the website https://evergreens.com.ua/ use cookies and other tracking technologies to collect and process personal data for various purposes, including personalizing user experience, analyzing website traffic, and delivering targeted advertising.
8.2. Cookies are small text files that are stored on a user's device when they visit a website. Tracking technologies include web beacons, pixels, and other similar technologies that collect information about a user's device and browsing activities.
8.3. The types of cookies and tracking technologies used by ConnectiveOne (KWIZbot) and the website https://evergreens.com.ua/ may include, but are not limited to, session cookies, persistent cookies, and web beacons.
8.4. The use of cookies and tracking technologies is subject to the user's consent. Users may manage their cookie preferences and opt-out of certain types of cookies or tracking technologies through their browser settings or by using the cookie consent management tool provided on the website.
8.5. Disabling cookies or tracking technologies may affect the functionality and user experience of ConnectiveOne (KWIZbot) and the website https://evergreens.com.ua/.
8.6. ConnectiveOne (KWIZbot) and the website https://evergreens.com.ua/ may use third-party cookies and tracking technologies for various purposes, such as delivering targeted advertising or analyzing website traffic. The organization does not control these third-party technologies and encourages users to review the respective privacy policies of these third parties.
8.7. The data collected through cookies and tracking technologies is secured using appropriate technical and organizational measures and is retained for a period necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.
8.8. The Company's practices regarding cookies and tracking technologies may be updated or changed from time to time. Users will be notified of any significant changes to these practices through the website or other appropriate means.
9. Children's Privacy9.1. For the purposes of this Privacy Policy, a "child" is defined as an individual under the age of 16 years old, in accordance GDPR and the UK Data Protection Act 2018. In Ukraine, a "child" is defined as an individual under the age of 14 years old, in accordance with the Law of Ukraine On the Protection of Personal Data.
9.2. ConnectiveOne (KWIZbot) does not knowingly collect or process personal data from children. If the Company becomes aware that it has collected personal data from a child without parental consent, it will take reasonable steps to delete such data as soon as possible.
10. Changes to the Privacy Policy
10.1. The Company reserves the right to modify, update, or amend this Privacy Policy at any time, in its sole discretion, to reflect changes in legal requirements, business practices, or technological advancements.
10.2. Any changes to this Privacy Policy will be communicated to Data Subjects through appropriate means, such as by posting a notice on the website, sending an email notification, or other reasonable methods.
10.3. The Company shall provide reasonable advance notice of any material changes to this Privacy Policy, allowing Data Subjects sufficient time to review the updated terms.
10.4. The effective date of any changes to this Privacy Policy will be clearly stated in the updated version, and Data Subjects' continued use of the services or website after the effective date shall constitute acceptance of the updated Privacy Policy.
10.5. Data Subjects may request access to previous versions of this Privacy Policy for reference or comparison purposes by contacting the Company using the contact information provided in Section 11 of this Privacy Policy.
10.6. The Company shall periodically review and update this Privacy Policy as necessary to ensure compliance with applicable laws and regulations.
10.7. Data Subjects are encouraged to review this Privacy Policy regularly for any updates or changes. Any questions or concerns regarding changes to this Privacy Policy should be directed to the Company using the contact information provided in this Privacy Policy.
11. Contact Information
Evergreen IT Development Ltd.7 Bell Yard, London, United Kingdom, WC2A 2JR
Evergreen Development LLCCreative State of Senator, BC Senator
32/2, Kniaziv Ostrozkykh St., Kyiv, 01010, Ukraine
Evergreen Enterprise LLCCreative State of Senator, BC Senator
32/2, Kniaziv Ostrozkykh St., Kyiv, 01010, Ukraine
Authorized person for reviewing complaints on violations of confidentiality – Maria Kravtsova, phone + 38 (096) 292-58-88, email:
mgerman@evergreens.in.ua