Personal Data Privacy Policy

Latest update: September 15, 2025

This Privacy Policy (hereinafter referred to as the Policy) describes the rules and procedures of the Organization regarding the collection, use, and disclosure of User information when using the Diia.Business Services (hereinafter referred to as the Service) and informs the User about their privacy rights and how the law protects them.

In accordance with paragraphs 1 and 2 of part two of Article 8, Article 11, part two of Article 12 of the Law of Ukraine «On the Protection of Personal Data» and in accordance with the European Union Regulation establishing rules for the protection of personal data of all persons within the EU and the EEA, giving them greater control over their information (GDPR).

The public organization «Consulting Center for Entrepreneurial Development» (hereinafter referred to as the Organization) in this notice on the processing of personal data informs about who collects and processes personal data, as well as the composition and purpose of the collection of personal data processed through the Service, third parties to whom such personal data is transferred, and the rights of the subject of personal data.

The Organization uses the User’s Account Data to provide and improve the Service. By using the Service, the User agrees to the collection and use of information in accordance with this Privacy Policy.

Definitions for the purposes of this Privacy Policy:

User — a person who accesses or uses the Service, or a company or other legal entity on behalf of which such person accesses or uses the Service, where applicable.

Organization — Public Organization «Consulting Center for Entrepreneurial Development»

Service Provider — a natural or legal person who processes data on behalf of the Organization. This applies to individuals or partners engaged by the Organization to assist in providing the Service, to provide the Service, to perform services related to the Service, or to assist the Organization in analyzing the use of the Service.

Third-party social networking service — any external website or social networking platform through which the User can create an account or log in to the Service.

The Diia.Business Virtual Pop-Up Zone — a modern digital platform for promoting the products of Ukrainian entrepreneurs, combining the advantages of the digital space with the national network of regional Diia.Business entrepreneur support centers.

The Service — a set of functional features of the Diia.Business ecosystem websites that enable the creation, editing, processing, publication, and display of users’ business profiles.

The Diia.Business Center Websites — the official websites of the Diia.Business entrepreneur support centers that have their own Virtual Pop-Up Zone pages integrated with the Main Website. Through these websites, users can submit their data to create business profiles, which are stored and processed within the unified Diia.Business system.

The following websites are included:

• https://pop-up.biia-business.com
• https://login.biia-business.com
• https://diiabusinessodesa.com
• https://diia-business-kremenchuk.com
• https://diia-business-uzhhorod.com
• https://diia-business-kryvyi-rih.com
• https://diia-business-ternopil.com
• https://diia-business-poltava.com
• https://diia-business-knu.com
• https://diia-business-rivne.com
• https://diia-business-lutsk.com
• https://diia-business-bucha.com
• https://diia-business-ivano-frankivsk.com
• https://diia-business-warsaw.com
• https://diia-business-dnipro.com

Account — a unique (individual) User record created to access the Service or part thereof.

Device — any technical means that can access the Service (computer, mobile phone, or digital tablet).

Cookies — small files that are placed on the User’s Device by the Website and store information about the user’s activity on the site.

Personal data — any information relating to an identified or identifiable natural person (data subject) and provided for in this Policy.

Business data — information about a legal entity or individual entrepreneur (IE) that may be provided to create a business profile and use the Service.

Usage data — technical information that is automatically collected when accessing or interacting with the Service.

Data from third-party services — information that the Organization receives from third-party authentication services or social networks if the user has decided to register or log in to the Service using them.

User account data — a set of all categories of data (personal data, business data, usage data, data from third-party services) that the Organization may collect, process, and store in accordance with this Policy.

Consent — a voluntary, specific, informed, and unambiguous expression of the User’s will to process their account data.

Account data processing — any operation or set of operations performed on account data (collection, storage, use, distribution, deletion, etc.).

Collection and use of user account data

Types of data collected

Personal data

When accessing or using the Service, the Organization may request certain personal data from the User, which may be used to identify the User or to contact them.

Personal information may include, but is not limited to:

• Email address
• First and last name
• Phone number
• Links to social networks and other communication channels
• Usage data

Information about the business

The Organization may collect and process information about the User’s business that is necessary for creating, publishing, and displaying the business profile in the Service.Personal data may include, but are not limited to:

• email address;
• first and last name;
• phone number;
• links to social media and other communication channels;
• usage data.

Usage Data

Usage data is collected automatically when accessing or interacting with the Service.

Usage data may include the following information:

• the User’s device IP address;
• browser type and version;
• Service pages visited by the User;
• date, time, and duration of visits;
• unique device identifiers;
• other technical or diagnostic data necessary to ensure the stable operation of the Service.

When using the Service via mobile devices, the Organization may also automatically collect additional technical information, including:

• mobile device type and its unique identifier;
• mobile device IP address;
• mobile operating system;
• type of mobile internet browser;
• other diagnostic parameters that help ensure proper functioning of the Service.

The Organization may also receive information that the User’s browser automatically sends when visiting or accessing the Service via a mobile device.

Information from third-party social networking services

The Organization provides the User with the ability to create an account and log in to the Service using third-party authentication services or social networks, including:

• Google
• Facebook
• ID.GOV.UA

If the User chooses to register or log in through a third-party social network service, the Organization may receive certain Personal Data already associated with the User’s account in that service, including the name, email address, and other available information related to the User’s profile or activities.

The User may also have the option to provide the Organization with additional information through their third-party social network account. Providing such information is considered the User’s consent to its use, storage, and processing in accordance with this Privacy Policy.

Monitoring technologies and cookies

The Organization uses cookies and similar monitoring technologies to further monitor activity on the Organization’s Service and to store certain information. The monitoring technologies used are beacons, tags, and scripts to collect and monitor information, as well as to improve and analyze the Service.

The technologies used by the Organization may include:

• Cookies or browser cookies. A cookie is a small file placed on the User’s Device. The User can configure their browser to refuse all Cookies or to notify them when a Cookie is sent. However, if the User does not accept Cookies, the User may not be able to use certain parts of the Service. If the User has not changed their browser settings to reject Cookies, the Organization’s Service may use Cookies.
• Web beacons. Certain sections of the Service and emails from the Organization may contain small electronic files known as web beacons (also referred to as clear GIFs, pixel tags, or single-pixel GIFs) that allow the Organization to, for example, count the number of users who have visited pages or opened an email, and to obtain other related Website statistics (such as recording the popularity of a particular section and checking the integrity of the system and server).

The Service uses cookies and similar technologies to ensure proper operation, personalize content, analyze traffic, and for marketing purposes.

Consent

1. When visiting the Service for the first time, the user sees a banner (pop-up window) with a description of cookie categories and the option to give or refuse consent.
2. The user can:

• Accept all cookies;
• Reject all non-essential cookies (only those necessary for the website to function will remain);
• Configure usage by category (e.g., «analytical, ” „functional, ” „marketing“).

1. Consent is retained only for as long as necessary to achieve the purposes for which it was collected and may be changed at any time through the browser settings.
2. Opting out of non-essential cookies does not affect access to the main functionality of the Service.

Cookies can be «Persistent» or «Session» cookies. Persistent cookies are stored on the User’s personal computer or mobile device when the User goes offline, whereas session cookies are deleted immediately when the User closes the web browser.

The Organization uses both Session and Persistent Cookies for the purposes described below:

Necessary/Essential Cookies

Type: Session cookies

Controlled by: The Organization

Purpose: These cookies are necessary to provide the User with the services available through the websites and to allow the User to use certain features. They help authenticate users and prevent fraudulent use of accounts. Without these cookies, the services cannot be provided, and the Organization uses these cookies solely to deliver the functionalities of the Service to the User.

Policy Cookies/Cookie Notice Acceptance

Type: Persistent cookies

Controlled by: The Organization

Purpose: These cookies determine whether users have agreed to the use of cookies on the websites.

Functional cookies

Type: Persistent cookies

Controlled by: The Organization

Purpose: These cookies allow the Organization to remember the choices the User makes while using the websites, such as saving login information or language preferences. The purpose of these cookies is to provide the User with a more personalized experience and to avoid the need to re-enter their settings each time they use the websites.

Withdrawal of consent

The User may change or withdraw their consent to the use of cookies at any time in the «Cookie Settings».

Use of User Account Data

The Organization may use Account Data for the following purposes:

• Provision and support of the Service: ensuring the functioning of the Service, including monitoring its use.
• Account management: registration, administration, and provision of access to the functional capabilities of the Service available to registered users.
• Communication with the User: contact via email, phone, SMS, or other equivalent electronic means (including push notifications) regarding updates, changes, or maintenance of the Service, technical support or security issues, as well as other informational messages.
• Information and marketing communications: providing news, special offers, and general information about the products, services, and events offered by the Service.
• Processing User requests: reviewing and processing User requests to the Organization.
• Analytics and improvement: analyzing data, identifying trends, determining the effectiveness of the Service, and evaluating and improving products, services, marketing tools, and user experience.

Providing certain account details is necessary to use the Service. If the User refuses to consent to the processing of data necessary to perform the functionality (e.g., creating an account, authentication, access to educational materials or consultations), the Organization will not be able to provide the User with full access to the Service.

At the same time, the User always has the right to refuse to provide non-mandatory data (for example, for marketing mailings), and such refusal does not affect basic access to the Service.

The Organization may disclose user account information in the following cases:

With service providers: The Organization may transfer User account information to service providers for monitoring and analyzing the use of the Service, as well as for communicating with Users.

With affiliates: The Organization may provide Account Data to its affiliated entities (structural divisions or organizations participating in joint projects), provided that they comply with this Policy and ensure an appropriate level of data protection.

With partners: The Organization may provide Users’ Account Data to its partners within the framework of implementing joint programs, events, or projects, if such disclosure is necessary for their execution. Disclosure is carried out exclusively on the condition that the partners comply with the requirements of this Policy and applicable data protection laws.

With other users: If the User voluntarily shares information in public sections of the Service (for example, when publishing a business profile or participating in fairs and events), such information may be accessible to other Service users and publicly disseminated beyond it. When logging in via a third-party social network service, certain elements of the User’s profile (name, photo, activity description) may be visible to contacts in that service.

With the User’s consent: The Organization may disclose the User’s Account Data for other specified purposes only with the User’s prior consent.

Storage of User Account Data

The Organization will only store User Account Data for as long as necessary for the purposes set out in this Policy. Account Data may be stored and used to the extent necessary to fulfill the Organization’s legal obligations (for example, when data retention is required by the applicable legislation of Ukraine), resolve disputes, or ensure the performance of concluded agreements and internal policies — within the limits defined by this Policy.

The Organization may also retain Usage Data for the purposes of internal analysis, performance monitoring, and platform security. Such data is generally stored for a limited period, except when it is necessary to enhance the stability or improve the functionality of the Service, or when longer retention is expressly required by law.

Transfer of User Account Data

Users’ Account Data is processed at the Organization’s office and, if necessary, at the locations of parties involved in the processing (such as service providers or partners acting on behalf of the Organization). This may involve the transfer and storage of data on servers located outside the Organization’s primary place of business.

By providing their data and confirming consent to this Policy, the User agrees to such transfer.

The Organization will take all reasonably necessary measures to ensure the secure handling of Users’ Account Data in accordance with this Policy. Data transfer to third parties is carried out only with appropriate guarantees of security and control over their processing.

International transfer of Account Data may occur only when necessary to fulfill the Organization’s contractual or partnership obligations, and only to entities that ensure an adequate level of personal data protection in accordance with the applicable legislation of Ukraine.

Removal of User Account Data

The User has the right to delete their Account Data independently or request the Organization to delete the Account Data collected about them.

The Service provides the User with the ability to delete certain Account Data directly through the account functionality.

The User may update, correct, or delete data at any time by logging into their Account (if available) and using the corresponding settings. The User may also contact the Organization to request access to the provided Account Data, make changes, or delete it.

The Organization may retain certain Account Data if it has a legal obligation or lawful basis to do so.

Disclosure of User Account Data

Law Enforcement

The Organization may be required to disclose Users’ Account Data at the request of competent authorities, including courts or law enforcement agencies, in cases provided for by the legislation of Ukraine.

Other legal requirements

• The Organization may disclose User Account Data if it believes that such actions are necessary to:
• comply with a legal obligation;
• protect and enforce the rights, legitimate interests, or property of the Organization;
• prevent, detect, or investigate potential violations related to the use of the Service;
• ensure the safety of Service Users or the public;
• protect against legal liability.

Account Data Security

The Organization pays special attention to the security of Users’ Account Data; however, it should be noted that no method of data transmission over the Internet or electronic storage can guarantee absolute security.

The Organization uses commercially reasonable and appropriate safeguards, but cannot guarantee the complete security of Account Data.

Children’s Privacy

The Service is not intended for individuals under the age of 18. The Organization does not collect personal data that can identify a person from individuals under 18 years old. If a parent or legal guardian becomes aware that a child has provided personal data to the Organization without proper consent, they should notify the Organization for the subsequent removal of such data. If the Organization determines that personal data was obtained from an individual under 18 without confirmed parental or guardian consent, it will promptly take measures to delete this information from the Organization’s servers.

Links to other websites

The Service may contain links to other websites that are not controlled by the Organization.

Clicking on such a link will redirect the User to a third-party website.

The Organization strongly recommends that Users review the privacy policies of each website they visit.

The Organization does not control and is not responsible for the content, privacy policies, or practices of any third-party websites or services.

Changes to this Privacy Policy

The Organization may update its Privacy Policy from time to time. The Organization will notify Users of any changes by posting the new Privacy Policy on this page.

The Organization will notify the User by email and/or by a prominent notice on the Service prior to the changes taking effect, and will update the «Last Updated» date at the top of this Policy.

Changes to this Policy are effective when they are posted on this page.

Contact the Organization

The Organization is currently not required to appoint a Data Protection Officer (DPO) under the requirements of the GDPR; however, it has designated a responsible person for data protection matters.

If the User has any questions regarding this Privacy Policy or other aspects related to the processing of Account Data, they may contact the Organization using the following contact details:

The following is responsible for data processing:

Public organization «CONSULTING CENTER FOR ENTREPRENEURIAL DEVELOPMENT»

88000, Ukraine, Uzhhorod district, Zakarpattia region, city Uzhhorod, Kapushanska Street, building 25, apartment 37

Email address: [email protected]