Privacy Policy
Effective date: 1 June 2025
1. Who we are
This website is owned and operated by Kodamity (hereafter “Company,” “we,” “us,” or “our”).
We process personal data in accordance with the Ukrainian Law “On Personal Data Protection” № 2297-VI and Regulation (EU) 2016/679 (GDPR).
2. Data we collect
| Category | Example | Source |
|---|---|---|
| Identification data | first & last name | contact form |
| Contact data | e-mail address | contact form |
| Message content | text of your enquiry | contact form |
| Technical data | IP address, browser type, language, access time | cookies & server logs |
| Analytics & cookie data | pages visited, events, referrer URL | Google Analytics / Cloudflare Web Analytics |
3. Purposes & legal bases
| Purpose | Legal basis (GDPR) |
|---|---|
| Responding to your enquiry, providing support | Art. 6 (1)(b) — contract or steps at your request |
| Internal record-keeping & security logging | Art. 6 (1)(f) — our legitimate interest to ensure service continuity & security |
| Marketing e-mails (opt-in) | Art. 6 (1)(a) — your explicit consent |
| Website analytics & UX improvement | Art. 6 (1)(f) — legitimate interest to analyse traffic & grow our business |
4. Cookies
We use two types of cookies:
- Essential cookies — required for the site to function; set automatically.
- Analytics cookies (Google Analytics, Cloudflare) — set only with your consent via our cookie banner.
You can withdraw consent at any time via your browser settings or by reopening the cookie banner.
5. Sharing & disclosure
| Recipient | Purpose | Safeguards |
|---|---|---|
| Hosting provider | website & database hosting | Data-Processing Agreement (DPA), EU data centres |
| Cloudflare, Inc. | security & CDN | ISO 27001, Standard Contractual Clauses (SCC) |
| Google LLC | web analytics | SCC, supplementary measures (post-Schrems II) |
| Telegram Bot API | receiving a copy of form submissions | HTTPS transport, token authentication |
We do not sell your data. Third-party disclosure occurs only as described here or when required by law.
6. Retention periods
- Form enquiries — 3 years from your last interaction, or until you withdraw consent.
- Marketing contacts — until consent is withdrawn.
- Log files — 12 months.
After expiry, data are irreversibly deleted or anonymised.
7. Your rights
You may request:
- Access — a copy of your data.
- Rectification — correction of inaccurate or incomplete data.
- Erasure (“right to be forgotten”).
- Restriction of processing.
- Portability — machine-readable copy.
- Objection — to processing based on legitimate interest.
- Complaint — to the Ukrainian Data Protection Authority or any EU regulator.
Send requests to privacy@kodamity.com. We will reply within one month.
8. Data security
- Traffic encrypted via HTTPS/TLS 1.3.
- Database access limited to authorised personnel on a Least-Privilege basis.
- Regular encrypted backups.
- Continuous monitoring of unauthorised access attempts (WAF, firewall).
9. International transfers
Where data are transferred outside the EEA (e.g. to the USA), we rely on Standard Contractual Clauses (SCCs) and any additional safeguards required by the GDPR.
10. Changes to this policy
We may update this Policy periodically. The latest version is always available on this page with its effective date. Material changes will be announced via e-mail or an on-site banner.
11. Contact us
Questions about data protection? Reach out:
- E-mail: privacy@kodamity.com