Privacy Policy for the WordCraft Mobile App and Website

1. Introduction

1.1 Purpose of this Privacy Policy

This Privacy Policy explains how the WordCraft mobile app and website (https://www.surdo.org.ua/) collect, use, disclose, and protect your personal information. We are committed to ensuring the confidentiality and security of your data in accordance with current legislation.

1.2 Who We Are

WordCraft is a mobile application and website specializing in providing sign language translation services and video conferencing for people with hearing impairments. Our company is committed to protecting your privacy and providing secure services.

1.3 Application of this Policy

This Privacy Policy applies to all personal information we collect through our website and mobile app, as well as any other interactions with us. By using our services, you agree to the terms of this Policy. If you do not agree with these terms, please do not use our services.

1.4 Changes to the Privacy Policy

We reserve the right to change this Privacy Policy at any time. All changes will be published on our website and will take effect immediately after publication. We recommend regularly checking this page for updates on our Privacy Policy. Your continued use of our services after any changes indicates your acceptance of those changes.

1.5 Contact Information

If you have any questions or suggestions regarding this Privacy Policy, please contact us via email at surdo.translater@gmail.com.

1.6 Definitions of Key Terms

• Personal Data: Any information relating to you as an individually identifiable person, such as name, surname, email address, phone number, etc.

• Data Processing: Any operation or set of operations performed on personal data, such as collection, recording, systematization, accumulation, storage, updating (changing), use, transfer (distribution, provision of access), anonymization, blocking, deletion, and destruction of personal data.

• User: Any individual using our services or visiting our site or mobile app.

1.7 Data Protection Principles

We adhere to the following principles when processing your personal data:

• Lawfulness, Fairness, and Transparency: We process data legally, fairly, and transparently.

• Purpose Limitation: We collect data for specific, clear, and legitimate purposes and do not process it further in a manner incompatible with those purposes.

• Data Minimization: We collect only the data necessary to achieve the purposes for which it is processed.

• Accuracy: We ensure that data is accurate and updated when necessary.

• Storage Limitation: We store data in a form that allows identification of users no longer than necessary for the purposes of processing.

• Integrity and Confidentiality: We process data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

This Privacy Policy is part of our commitment to ensuring your privacy and data security. We will continue to improve our protection measures to ensure the highest level of security for your personal data.

2. Information Collection

This section details what information we collect from users when they interact with our WordCraft mobile app and website. We categorize this information based on the source and method of collection.

2.1 Information You Provide

2.1.1 Account Registration

• Personal Information: When creating an account, we ask for your phone number, name, surname, date of birth, and email address. You may also add a profile photo and other additional data.

• Contact Information: We may ask for your contact details such as phone number and email address to ensure communication with you.

2.1.2 User Support

• Support Data: When contacting support, we collect information about your query, including your contact information, issue details, screenshots, and other relevant information needed to resolve your issue.

2.1.3 Use of Services

• Usage Data: We collect data about your activity on our website and mobile app, including visited pages, clicked links, time spent on pages, and other actions.

2.2 Automatically Collected Information

2.2.1 Device Information

• Technical Data: We collect information about your device, including IP address, browser type, operating system, device model, unique device identifiers, app version, time zone, and other technical data.

• Log Data: Our servers automatically store information about your interactions with our services in logs. This may include IP address, access time, viewed pages, referral URLs, browser type, and other actions.

2.2.2 Cookies and Other Tracking Technologies

• Cookies: We use cookies to collect information about your activity on our website, including the pages you visit, the links you click, and other actions. Cookies also allow us to save your preferences and settings to improve your user experience.

• Web Beacons: We may use web beacons (also known as pixels) to collect information about your activity on our website. Web beacons help us understand which pages you visit and evaluate the effectiveness of our marketing campaigns.

2.3 Information from Other Sources

2.3.1 Partner Organizations

• Service Providers: We may receive information from our partners and service providers who provide us with analytics, payment processing, and other services necessary to operate our services.

2.4 Purpose of Information Collection

We collect your information for the following reasons:

• Service Provision: To ensure the operation of our mobile app and website, including sign language translation and video conferencing.

• Service Quality Improvement: To analyze data on the use of our services and improve their quality and functionality.

• Security: To ensure the safety of our users, detect and prevent fraud, and comply with legal requirements.

• Communications: To send you updates, news, and other information that may be of interest to you.

• Marketing: To conduct market research and analyze the effectiveness of our advertising campaigns.

2.5 User Control Over Information

You have control over your information. You can:

• Update and Correct Your Data: You can update your personal data through your account settings.

• Manage Cookies: You can configure your browser to refuse cookies or delete existing cookies.

• Withdraw Consent: You can withdraw your consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

This section of the Privacy Policy details what data we collect, how we use it, and how you can manage your information. We strive to ensure maximum transparency in the collection and use of your data so that you can use our services with confidence in their security and confidentiality.

3. Use of Information

This section details how we use the collected information to provide, improve, and personalize our services. We strive to use your information transparently and responsibly.

3.1 Providing and Improving Services

3.1.1 Providing Services

• Sign Language Translation: We use your personal data to provide sign language translation services, including processing your requests and ensuring accurate translation.

• Video Conferencing: We use your data to organize and conduct video conferences between users and translators.

3.1.2 Personalization

• Personalized Settings: We use your information to save your personal settings and preferences to make the use of our services more convenient and efficient.

• Recommendations: We analyze your activity and preferences to provide you with personalized recommendations for features and services.

3.1.3 Analytics and Research

• Usage Analysis: We use collected data to analyze how users interact with our website and mobile app. This helps us determine which features are most useful and which need improvement.

• Research and Development: We use data to conduct internal research and develop new features and services to make our products more innovative and useful.

3.2 Security and Fraud Prevention

3.2.1 Ensuring Security

• Data Protection: We use your information to protect your personal data and prevent unauthorized access, use, or disclosure.

• Activity Monitoring: We monitor your activity to detect and prevent potential security threats.

3.2.2 Fraud Prevention

• Fraud Detection: We use collected data to detect and prevent fraudulent actions, including unauthorized transactions and account breaches.

• Incident Investigation: We use your information to investigate suspicious activities and incidents that may threaten the security of our users.

3.3 Communication with Users

3.3.1 Updates and Notifications

• System Notifications: We use your contact information to send important system notifications, such as updates to the privacy policy, changes to the terms of service, or notifications about technical updates and outages.

• Marketing Messages: With your consent, we may send you marketing messages, including news about our products, special offers, and promotions. You can opt-out of receiving such messages at any time.

3.3.2 User Support

• Response to Inquiries: We use your information to respond to your inquiries, provide support, and resolve any issues you may encounter while using our services.

• Surveys and Feedback: We may contact you for feedback or participation in surveys to improve the quality of our services.

3.4 Legal Purposes

3.4.1 Legal Compliance

• Legislative Requirements: We may use your information to comply with legislative requirements, court orders, or other legal processes.

3.4.2 Protection of Rights and Interests

• Law Enforcement Agencies: We may disclose your information to law enforcement agencies or other government bodies if necessary to protect our rights, security, or property, as well as to protect users and the public from fraud, abuse, or other illegal activities.

3.5 Use of Third-Party Information

3.5.1 Integrations and Partnerships

Third-Party Services: If you interact with our services through third-party services or integrations, such as social networks or payment systems, we may receive and use information from these services in accordance with their privacy policies.

3.5.2 Partner organizations

• Joint projects: We may share your information with partners to conduct joint projects, provide partner services or conduct marketing campaigns.

This section explains how we use your information to provide, improve and protect our services and to communicate with you. We are committed to using your information transparently and responsibly, adhering to the highest standards of privacy and security.

4. Disclosure of Information

This section explains when and how we may disclose your information to third parties. We strive to ensure that your privacy remains confidential and protected.

4.1 Third Parties

4.1.1 Service Providers

• Cloud Services: We may transfer your information to cloud service providers, such as Amazon Web Services, for data storage and processing. These providers are required to ensure the security and confidentiality of your data.

• Payment Processing: If you make purchases through our services, we may transfer your information to payment service providers for transaction processing. These providers are required to protect your information according to their privacy policies.

• Analytics and Marketing: We may use third-party services for analyzing usage data and conducting marketing campaigns. These services may access your information but are required to use it solely to provide these services to us.

4.1.2 Partners

• Third-Party Service Integrations: If you use integrations with other services (e.g., social networks), we may transfer information to these partners to ensure the operation of the integrations. These partners are required to adhere to their own privacy policies.

• Joint Projects: We may collaborate with partners for joint projects or to provide partner services. In such cases, we may share necessary information with partners to ensure effective collaboration.

4.2 Legal Obligations

4.2.1 Compliance with Laws

• Legal Requirements: We may disclose your information if necessary to comply with legal requirements, court orders, or other legal processes. This includes cooperation with law enforcement agencies and other government bodies.

• Protection of Rights and Safety: We may disclose your information to protect our rights, safety, or property, as well as to protect our users and the public from fraud, abuse, or other illegal activities.

4.3 Confidentiality and Security

4.3.1 Conditions for Information Transfer

• Limited Access: We provide access to your information only to those third parties who have the necessary authority and need access to the information to perform their duties.

• Confidentiality Obligations: We require all third parties who access your information to adhere to our privacy policies and ensure the protection of your information.

4.3.2 Data Protection

• Technical Measures: We use modern technical means to protect your information during its transfer and storage. This includes end-to-end data encryption and the use of secure servers.

• Organizational Measures: We limit access to your information only to those employees who have the appropriate authority and need access to perform their duties.

4.4 User Rights Regarding Information Disclosure

4.4.1 Consent for Disclosure

• Your Choice: We will not disclose your information to third parties for marketing purposes without your explicit consent. You can give or withdraw your consent for information disclosure at any time through your account settings.

4.4.2 Limiting Disclosure

• Withdrawal of Consent: You have the right to withdraw your consent for information disclosure at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

• Objection to Disclosure: You may object to the disclosure of your information if you believe that such disclosure violates your rights or legitimate interests.

This section of the Privacy Policy explains how and when we may disclose your information to third parties. We strive to ensure maximum transparency and control over your information so that you can be confident in its security and confidentiality.

5. Information Protection

This section details the measures we take to protect your information from unauthorized access, use, disclosure, or destruction. We strive to ensure the highest level of security for your information.

5.1 Technical Measures

5.1.1 Data Encryption

• Data Transmission: We use Secure Sockets Layer (SSL) certificates to confirm our identity to your browser and to encrypt any data you provide to us. Whenever information is transferred between us, you can verify it is done using SSL by finding the closed padlock symbol or another trust mark in the address bar or toolbar of your browser.

• Data Storage: Your information is stored in encrypted form on our servers, providing an additional level of protection against unauthorized access.

5.1.2 Secure Servers

• Physical Security: Our servers are located in secure data centers with restricted access. Only authorized personnel have access to these centers, ensuring the physical security of your data.

• Network Security: We use secure network protocols and firewalls to protect our servers from cyber-attacks and unauthorized access.

5.1.3 Regular Updates and Patches

• Software Updates: We regularly update our software to ensure protection against new security threats. This includes installing the latest patches and security updates.

• Vulnerability Monitoring: We continuously monitor our systems for vulnerabilities and take immediate action to eliminate them.

5.2 Organizational Measures

5.2.1 Access Policies

• Access Restriction: Access to your personal data is granted only to those employees who have the necessary authority and duties to process these data. This helps prevent unauthorized access to your information within our organization.

• Staff Training: We regularly train our employees on data privacy and security. This helps ensure that all employees understand the importance of protecting your information and comply with relevant policies and procedures.

5.2.2 Internal Policies and Procedures

• Privacy Policy: We have developed and implemented an internal privacy policy that governs the processing and protection of personal data. This policy ensures compliance with all relevant legal requirements and security standards.

• Incident Response Procedures: We have implemented procedures for responding to security incidents. This includes identifying, analyzing, and resolving incidents, as well as notifying users of any significant security breaches.

5.3 Monitoring and Audit

5.3.1 Regular Monitoring

• System Monitoring: We continuously monitor our systems to identify potential security threats and anomalies in system behavior. This helps detect and resolve any issues promptly.

• Log Analysis: We analyze logs of our servers and applications to identify suspicious activity. This allows us to detect unauthorized access attempts or other security threats.

5.3.2 Security Audits

• Internal Audits: We conduct regular internal security audits to assess the effectiveness of our protection measures and identify possible improvements.

• External Audits: We may also engage external experts to conduct independent security audits and assess our systems and processes.

5.4 Data Loss Prevention

5.4.1 Data Backup

• Regular Backups: We regularly create backups of your data to ensure its preservation in case of loss or damage to the primary data.

• Secure Backup Storage: Backups are stored in secure locations with restricted access, ensuring their safety and integrity.

5.4.2 Data Recovery

• Recovery Plans: We have developed data recovery plans in case of incidents or disasters. This allows us to quickly restore access to your data and ensure the continuity of services.

• Recovery Testing: We regularly test our data recovery procedures to ensure their effectiveness and readiness for any emergencies.

5.5 Your Security Measures

5.5.1 Protecting Your Account

• Passwords: Use strong passwords for your account and change them regularly. Do not share your password with others.

• Two-Factor Authentication: Enable two-factor authentication for additional protection of your account. This adds another level of security by requiring an additional code upon login.

5.5.2 Protecting Your Device

• Antivirus Software: Install and regularly update antivirus software on your device to protect against malicious programs.

• System Updates: Regularly update your operating system and other programs on your device to ensure protection against new security threats.

This section details the measures we take to protect your information and recommendations for ensuring the security of your account and device. We strive to ensure the highest level of security for your information and adherence to the highest standards of confidentiality.

6. Your Rights

This section describes your rights regarding your personal data that we process. We strive to ensure transparency and control over your information so you can use our services with confidence.

6.1 Right to Access

6.1.1 Obtaining a Copy of Data

• Access Request: You have the right to request a copy of your personal data that we hold. You can submit an access request by contacting our support team at surdo.translater@gmail.com.

• Provision Format: We will provide you with a copy of your personal data in a convenient format, including electronic format.

6.2 Right to Rectification

6.2.1 Correcting Inaccuracies

• Rectification Request: If you find inaccuracies or incomplete data in your information, you have the right to request correction of this data. To do so, contact our support team or use the functionality of your account.

• Confirmation of Corrections: We will notify you of the corrections and provide an updated copy of your data.

6.3 Right to Erasure (Right to be Forgotten)

6.3.1 Data Deletion

• Deletion Request: You have the right to request the deletion of your personal data if it is no longer needed for the purposes for which it was collected, or if you withdraw your consent to its processing. Contact our support team with the appropriate request.

• Conditions for Deletion: We will delete your data if one of the following conditions applies:

o The data is no longer needed for the purposes for which it was collected.

o You withdraw your consent to data processing.

o You object to the processing and there are no overriding legitimate grounds for the processing.

o The data was processed unlawfully.

o The data must be deleted to comply with legal obligations.

6.4 Right to Restriction of Processing

6.4.1 Conditions for Restriction

• Restriction Request: You have the right to request restriction of processing of your data in the following cases:

o You contest the accuracy of the data while we verify its accuracy.

o The processing is unlawful, but you do not want the data to be deleted.

o We no longer need the data for processing, but it is required by you for establishing, exercising, or defending legal claims.

o You object to the processing while we verify whether our legitimate grounds override yours.

6.5 Right to Data Portability

6.5.1 Data Portability

• Portability Request: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer this data to another data controller. Contact our support team for this request.

6.6 Right to Object

6.6.1 Objection to Processing

• Grounds for Objection: You have the right to object to the processing of your personal data based on your specific situation if the processing is based on our legitimate interests or for the performance of a task in the public interest.

• Objection Procedure: Contact our support team with the appropriate request. We will cease processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or if the processing is necessary for the establishment, exercise, or defense of legal claims.

6.7 Right to Withdraw Consent

6.7.1 Withdrawal of Consent

• Withdrawal Procedure: You have the right to withdraw your consent to the processing of personal data at any time. To do so, contact our support team or use the functionality of your account.

• Consequences of Withdrawal: Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

6.8 Right to Lodge Complaints

6.8.1 Complaints to Supervisory Authorities

• Filing Complaints: If you believe your rights regarding the processing of personal data have been violated, you have the right to file a complaint with the appropriate supervisory authority. In Ukraine, this authority is the Ukrainian Parliament Commissioner for Human Rights.

• Supervisory Authority Contact Information: Detailed information on how to file a complaint can be found on the website of the Ukrainian Parliament Commissioner for Human Rights: https://www.ombudsman.gov.ua.

6.9 Right to Protection Against Automated Decision-Making

6.9.1 Protection from Automated Decisions

• Automated Decisions: You have the right not to be subject to a decision based solely on automated processing of your data, including profiling, which produces legal effects or significantly affects you in a similar way.

• Exceptions: This right does not apply if the decision is necessary for entering into or performing a contract between you and us, is authorized by law, or is based on your explicit consent.

This section details your rights regarding your personal data that we process. We strive to ensure that you can easily and transparently exercise these rights by contacting our support team or using the functionality of your account.

7. Changes to the Privacy Policy

This section details the rules and processes by which we may update or change our Privacy Policy. We strive to ensure transparency and inform you of any changes that may affect your privacy.

7.1 Reasons for Changes

7.1.1 Legal Changes

• Compliance with Laws: We may update this Privacy Policy to comply with new legislative or regulatory requirements. This includes changes in data protection, privacy, or related areas.

7.1.2 Service Improvements

• Functionality Expansion: We may update this Policy to reflect new features, services, or technologies that we implement to improve our mobile app or website.

• Feedback: We consider feedback from our users and may make changes to enhance transparency and understanding of our Privacy Policy.

7.1.3 Business Process Changes

• Organizational Changes: We may update the Policy due to changes in our company's structure, including mergers, acquisitions, or sales of assets.

• Data Processing Methods: Changes in data processing or storage methods may also require updates to our Privacy Policy.

7.2 Change Process

7.2.1 User Notifications

• Change Notifications: We always inform our users about any significant changes to this Privacy Policy. This may be done through our website.

• Effective Date: All changes will be published on our website and will take effect immediately after publication. We recommend regularly checking this page for updates on our Privacy Policy. Your continued use of our services after any changes indicates your acceptance of those changes.

7.2.2 Document Updates

• Effective Date: The beginning of this Policy always indicates the date of the last update so you can see when the last changes were made.

• Change Archive: We retain previous versions of the Privacy Policy to ensure transparency and allow you to review the history of changes.

7.3 Your Actions in Connection with Changes

7.3.1 Familiarization with Changes

• Regular Checks: We recommend regularly checking this page for updates on our Privacy Policy.

• Acceptance of Changes: Using our services after changes to the Privacy Policy take effect means your acceptance of the new terms.

7.3.2 Questions and Feedback

• Contact Information: If you have any questions or comments regarding changes to the Privacy Policy, please contact us via email at surdo.translater@gmail.com.

This section of the Privacy Policy details the reasons, processes, and your actions in connection with changes to the Privacy Policy. We strive to ensure maximum transparency and respect for your rights in the event of any changes to our Policy.

8. Contact Information

This section provides detailed information on how you can contact us regarding any questions, comments, or requests related to our Privacy Policy or the processing of your personal data.

8.1 General Inquiries and User Support

8.1.1 Email for General Inquiries

• Contact Address: If you have any general questions or need support regarding the use of our services, please contact us at surdo.translater@gmail.com. We will respond to your inquiries as soon as possible.

8.1.2 Support through the Website

• Feedback Form: You can also use the feedback form on our website at https://www.surdo.org.ua/contact. Enter your contact details and inquiry details, and our support team will get in touch with you.

8.2 Privacy Inquiries

8.2.1 Email for Privacy Inquiries

• Contact Address: For any questions, comments, or requests related to our Privacy Policy or the processing of your personal data, please contact us at surdo.translater@gmail.com.

8.2.2 Data Access and Deletion Requests

• Request Procedure: If you wish to exercise your rights to access, correct, delete, or restrict the processing of your personal data, please send requests to surdo.translater@gmail.com with a detailed description of your request.

8.3 Request Processing Procedures

8.3.1 Receipt Confirmation

• Confirmation: After receiving your request, we will send a confirmation of receipt to the email address you provided or through other contact details specified in your request.

8.3.2 Request Processing Time

• Processing Time: We strive to respond to all requests within 30 days of receiving them. If we need more time to process your request, we will inform you and provide an estimated response date.

8.3.3 Information Clarification

• Additional Information: In some cases, we may ask you to provide additional information to verify your identity or clarify the details of your request. This helps us ensure the protection of your personal data and proper processing of your request.

8.4 Contacting Supervisory Authorities

8.4.1 Right to File Complaints

• Supervisory Authority: If you believe that your rights regarding the processing of personal data have been violated, you have the right to file a complaint with the appropriate supervisory authority. In Ukraine, this authority is the Ukrainian Parliament Commissioner for Human Rights.

This section details how you can contact us for support, submit requests, or get information about our Privacy Policy. We strive to ensure the most convenient and transparent ways of communication for our users.

9. Information We Collect

This section details what information we collect from users when they interact with our WordCraft mobile app and website. We categorize this information based on the source and method of collection.

9.1 Information You Provide

9.1.1 Account Registration

• Personal Information: When creating an account, we ask for your phone number, name, surname, date of birth, and email address. You may also add a profile photo and other additional data.

• Contact Information: We may ask for your contact details, such as phone number and email address, to ensure communication with you.

9.1.2 User Support

9.1.3 Use of Services

• Usage Data: We collect data about your activity on our website and mobile app, including visited pages, clicked links, time spent on pages, and other actions.

9.2 Automatically Collected Information

9.2.1 Device Information

9.2.2 Cookies and Other Tracking Technologies

• Cookies: We may use cookies to collect information about your activity on our website, including the pages you visit, the links you click, and other actions. Cookies also allow us to save your preferences and settings to improve your user experience.

9.3 Information from Other Sources

9.3.1 Third-Party Service Integrations

• Social Networks: If you choose to integrate your WordCraft account with social network accounts such as Facebook or Google, we may receive information from these accounts, including your name, profile photo, friends list, and other data allowed by the respective platforms.

9.3.2 Partner Organizations

• Service Providers: We may receive information from our partners and service providers who provide us with analytics, payment processing, and other services necessary to operate our services.

9.4 Purpose of Information Collection We collect your information for the following reasons:

• Service Provision: To ensure the operation of our mobile app and website, including sign language translation and video conferencing.

• Service Quality Improvement: To analyze data on the use of our services and improve their quality and functionality.

• Security: To ensure the safety of our users, detect and prevent fraud, and comply with legal requirements.

• Communications: To send you updates, news, and other information that may be of interest to you.

• Marketing: To conduct market research and analyze the effectiveness of our advertising campaigns.

9.5 Your Choices Regarding Information You have control over your information. You can:

• Update and Correct Your Data: You can update your personal data through your account settings.

• Manage Cookies: You can configure your browser to refuse cookies or delete existing cookies.

10. Data Processing

This section details how we process your personal data to provide services, fulfill our obligations, and comply with legal requirements.

10.1 Data Collection

10.1.1 Data Collection Methods

• Automated Collection: We may automatically collect data during your interaction with our website or mobile app using cookies, server logs, and other technologies.

• Manual Collection: We collect data you provide manually, such as when you register an account, fill out forms on our website, or contact support.

10.2 Data Processing The processing and storage of personal data provided by the user is carried out in data centers where the equipment that ensures the functioning of the App/Site services is located. The provided personal data is processed and may be stored in a Personal Data Database or in a separate table of the App/Site Database.

10.2.1 Purpose of Data Processing

• Service Provision: We process your personal data to ensure the functionality of our mobile app and website, including sign language translation, video conferencing, and other services.

• Analysis and Improvement: We analyze data to improve the quality of our services, develop new features, and meet user needs.

• Security: We process data to ensure the security of our systems and users, detect and prevent fraud and other threats.

10.2.2 Legal Basis for Processing

• Consent: We process your data based on your consent given during registration or the provision of our services.

• Contractual Obligations: Data processing may be necessary to fulfill our contractual obligations to you.

• Legitimate Interests: We may process data to achieve our legitimate interests if this does not infringe on your rights and freedoms.

• Legal Obligations: We may process data to comply with our legal obligations under the law.

10.3 Data Storage

10.3.1 Storage Period

• Retention Period: We store your personal data only for the necessary time to achieve the purposes defined in this Policy. The retention period may vary depending on the nature of the collected data and the laws we are subject to. After the retention period expires, your data will be deleted or anonymized in our systems. While storing your data, we comply with all relevant security and confidentiality standards.

10.3.2 Data Destruction

• Destruction Procedure: After the retention period expires or upon your request, we will destroy or anonymize your personal data in a way that prevents recovery.

10.4 Data Protection

10.4.1 Technical Measures

• Encryption: We use end-to-end encryption to protect data during transmission and storage.

• Secure Servers: Data is stored on secure servers with restricted access.

10.4.2 Organizational Measures

• Access Control: Access to your data is granted only to authorized employees who need it to perform their duties.

• Employee Training: We regularly train employees on data protection and privacy.

10.5 Data Transfer to Third Parties

• Service Providers: If necessary, personal data may be disclosed to WordCraft to ensure the operation of WordCraft and fulfill the purpose of data processing to the following third parties: any of our employees, officers, professional advisers, agencies, and other government bodies of Ukraine and other countries; third parties that provide traffic analysis for WordCraft, etc. This list is not exhaustive and may be expanded if necessary solely for providing WordCraft services, about which WordCraft will inform the user.

10.6 Exercising Your Rights

10.6.1 Data Access and Correction

• Access Request: You have the right to receive confirmation of whether your data is being processed and access your data.

• Correction Request: You have the right to request the correction of inaccurate or incomplete data, including through your account.

10.6.2 Deletion and Restriction of Processing

• Deletion Request: You have the right to request the deletion of your data in certain cases, such as when the data is no longer needed for the purposes it was collected.

• Restriction Request: You have the right to request the restriction of processing if you contest the accuracy or legality of the processing.

10.7 Data Processing Responsibility

10.7.1 Data Controller

• Controller Definition: We are the controller of your personal data and are responsible for its processing in accordance with applicable law.

10.7.2 Contact Information

• Contact Us: If you have any questions or comments regarding the processing of your data, please contact us at surdo.translater@gmail.com.

This section details how we process your personal data to ensure the proper functioning of our services, comply with legal requirements, and protect your rights and privacy. We strive to ensure maximum transparency and control over your data.

11. Information Security Measures

This section details the measures we take to protect users' information from unauthorized access, use, disclosure, or destruction. We strive to ensure the highest level of security for your information.

11.1 Technical Security Measures

11.1.1 Data Encryption

• Data Transmission: We use modern end-to-end encryption technologies to protect your data during transmission between your device and our servers. This helps prevent unauthorized access to your information during its transmission over the internet.

• Data Storage: Your information is stored in encrypted form on our servers, providing an additional level of protection against unauthorized access.

11.1.2 Secure Servers

• Physical Security: Our servers are located in secure data centers with restricted access. Only authorized personnel have access to these centers, ensuring the physical security of your data.

• Network Security: We use secure network protocols and firewalls to protect our servers from cyber-attacks and unauthorized access.

11.1.3 Regular Updates and Patches

• Software Updates: We regularly update our software to ensure protection against new security threats. This includes installing the latest patches and security updates.

• Vulnerability Monitoring: We continuously monitor our systems for vulnerabilities and take immediate action to eliminate them.

11.2 Organizational Security Measures

11.2.1 Access Policies

11.2.2 Internal Policies and Procedures

11.3 Monitoring and Audit

11.3.1 Regular Monitoring

• System Monitoring: We continuously monitor our systems to identify potential security threats and anomalies in system behavior. This helps detect and resolve any issues promptly.

• Log Analysis: We analyze logs of our servers and applications to identify suspicious activity. This allows us to detect unauthorized access attempts or other security threats.

11.3.2 Security Audits

• Internal Audits: We conduct regular internal security audits to assess the effectiveness of our protection measures and identify possible improvements.

• External Audits: We may also engage external experts to conduct independent security audits and assess our systems and processes.

11.4 Data Loss Prevention

11.4.1 Data Backup

• Regular Backups: We regularly create backups of your data to ensure its preservation in case of loss or damage to the primary data.

• Secure Backup Storage: Backups are stored in secure locations with restricted access, ensuring their safety and integrity.

11.4.2 Data Recovery

• Recovery Plans: We have developed data recovery plans in case of incidents or disasters. This allows us to quickly restore access to your data and ensure the continuity of services.

• Recovery Testing: We regularly test our data recovery procedures to ensure their effectiveness and readiness for any emergencies.

11.5 Your Security Measures

11.5.1 Protecting Your Account

• Passwords: Use strong passwords for your account and change them regularly. Do not share your password with others.

• Two-Factor Authentication: Enable two-factor authentication for additional protection of your account. This adds another level of security by requiring an additional code upon login.

11.5.2 Protecting Your Device

• Antivirus Software: Install and regularly update antivirus software on your device to protect against malicious programs.

• System Updates: Regularly update your operating system and other programs on your device to ensure protection against new security threats.

12. User Rights as Data Subjects

This section details the rights of users regarding their personal data that we process. We strive to ensure transparency and control over your information so you can exercise your rights in accordance with applicable law.

12.1 Right to Access Data

12.1.1 Obtaining Information

• Access Request: You have the right to obtain confirmation of whether your personal data is being processed and access to this information. To submit an access request, contact our support team at surdo.translater@gmail.com.

• Scope of Information: You have the right to receive information about the purposes of processing, categories of personal data, data recipients, retention period, and data sources.

12.2 Right to Rectification of Data

12.2.1 Correcting Inaccurate Data

• Rectification Request: If you find that your personal data is inaccurate or incomplete, you have the right to request correction or supplementation. To do so, contact our support team or use the functionality of your account.

• Correction Procedure: We will notify you of the corrections and provide an updated copy of your data.

12.3 Right to Erasure of Data (Right to be Forgotten)

12.3.1 Data Deletion

• Deletion Request: You have the right to request the deletion of your personal data in certain cases, such as when the data is no longer needed for the purposes for which it was collected, or if you withdraw your consent to its processing. Contact our support team with the appropriate request.

• Conditions for Deletion: We will delete your data if one of the following conditions applies:

o The data is no longer needed for the purposes for which it was collected.

o You withdraw your consent to data processing.

o You object to the processing and there are no overriding legitimate grounds for the processing.

o The data was processed unlawfully.

o The data must be deleted to comply with legal obligations.

12.4 Right to Restriction of Processing

12.4.1 Conditions for Restriction

• Restriction Request: You have the right to request restriction of processing of your data in the following cases:

o You contest the accuracy of the data while we verify its accuracy.

o The processing is unlawful, but you do not want the data to be deleted.

o We no longer need the data for processing, but it is required by you for establishing, exercising, or defending legal claims.

o You object to the processing while we verify whether our legitimate grounds override yours.

12.5 Right to Data Portability

12.5.1 Data Portability

12.6 Right to Object

12.6.1 Objection to Processing

• Objection Procedure: Contact our support team with the appropriate request. We will cease processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

12.7 Right to Withdraw Consent

12.7.1 Withdrawal of Consent

• Withdrawal Procedure: You have the right to withdraw your consent to the processing of personal data at any time. To do so, contact our support team or use the functionality of your account.

• Consequences of Withdrawal: Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

12.8 Right to Lodge Complaints

12.8.1 Complaints to Supervisory Authorities

• Filing Complaints: If you believe that your rights regarding the processing of personal data have been violated, you have the right to file a complaint with the appropriate supervisory authority. In Ukraine, this authority is the Ukrainian Parliament Commissioner for Human Rights.

12.9 Right to Protection Against Automated Decision-Making

12.9.1 Protection from Automated Decisions

• Exceptions: This right does not apply if the decision is necessary for entering into or performing a contract between you and us, is authorized by law, or is based on your explicit consent.

13. Use of Cookies and Other Tracking Technologies

This section details how we may use cookies and other tracking technologies to collect information about your activity on our website and mobile app. We strive to ensure transparency and control over the use of such technologies. Currently (as of 27.06.2024) we do not use cookies for tracking purposes.

13.1 Definition of Cookies

13.1.1 What are Cookies?

• Cookies: Cookies are small text files stored on your device when you visit a website. They are used to remember your actions and preferences (such as login details, language preferences, and other settings) over a period, so you do not have to re-enter them whenever you return to the site or browse from one page to another.

• Types of Cookies: Cookies can be "session cookies" (which are deleted after you close your browser) or "persistent cookies" (which remain on your device for a specified period or until you delete them).

13.2 Purpose of Using Cookies

13.2.1 Service Provision

• Essential Cookies: We use cookies to ensure the proper functioning of our website and mobile app. These cookies are essential for using our services and cannot be disabled in our systems.

• Authentication Cookies: We use cookies to remember your login details and provide secure access to your account.

13.2.2 Personalization and Preferences

• Preference Cookies: We use cookies to remember your settings and preferences, such as language selection and display settings.

• Personalization Cookies: We use cookies to provide you with personalized content and recommendations based on your activity and preferences.

13.2.3 Analytics and Performance

• Analytics Cookies: We use cookies to collect information about your interaction with our website and mobile app. This helps us understand how users use our services and identify areas for improvement.

• Performance Cookies: We use cookies to monitor the performance of our website and mobile app, ensuring that they operate efficiently and effectively.

13.3 Managing Cookies

13.3.1 Cookie Settings

• Browser Settings: You can configure your browser to accept or reject cookies, or to notify you when a cookie is set. Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences.

• Deleting Cookies: You can also delete cookies that have already been set on your device. However, disabling cookies may affect the functionality of our website and mobile app and limit your ability to use certain features.

13.3.2 Cookie Preferences on Our Website

• Cookie Banner: When you first visit our website, you will see a cookie banner that informs you about the use of cookies and provides you with the option to accept or reject non-essential cookies.

• Cookie Settings: You can change your cookie preferences at any time by accessing the cookie settings on our website.

13.4 Other Tracking Technologies

13.4.1 Web Beacons

• Definition: Web beacons (also known as "tracking pixels" or "clear GIFs") are tiny graphic images that may be included on our website or in emails. They are used to monitor your activity and measure the effectiveness of our campaigns.

• Purpose: We use web beacons to understand how users interact with our content and to optimize our marketing efforts.

13.4.2 Similar Technologies

• Local Storage: We may use local storage technologies, such as HTML5 Local Storage, to store information locally on your device. This helps us remember your preferences and settings without using cookies.

• Tracking Scripts: We may use tracking scripts (such as JavaScript) to collect information about your interactions with our website and mobile app.

This section details how we use cookies and other tracking technologies to collect information about your activity on our website and mobile app. We strive to ensure transparency and provide you with control over the use of such technologies.

14. Data Protection Officer

This section provides information about the Data Protection Officer (DPO) responsible for overseeing compliance with data protection regulations and addressing any questions or concerns you may have regarding your personal data.

14.1 Role and Responsibilities of the DPO

14.1.1 Compliance Monitoring

• Regulatory Compliance: The DPO is responsible for monitoring compliance with data protection laws and regulations, as well as with our internal data protection policies and procedures.

• Risk Assessment: The DPO conducts regular risk assessments to identify and mitigate potential data protection risks.

14.1.2 Advisory Role

• Guidance: The DPO provides guidance and support to our organization on data protection matters, including the implementation of data protection measures and the handling of data breaches.

• Training: The DPO ensures that employees receive regular training on data protection and privacy to enhance their awareness and understanding of their responsibilities.

14.1.3 Handling Inquiries and Complaints

• User Inquiries: The DPO is responsible for addressing any questions, concerns, or requests you may have regarding your personal data. This includes responding to access requests, rectification requests, and other data subject rights.

• Complaints: The DPO handles complaints related to data protection and ensures that they are addressed promptly and effectively.

14.2 Contact Information for the DPO

14.2.1 How to Contact the DPO

• Email: You can contact our Data Protection Officer via email at surdo.translater@gmail.com for any questions, concerns, or requests related to your personal data.

• Mail: You can also contact the DPO by mail at the following address:

o WordCraft DPO

o Kvitneva Street, House № 22

o Odessa, Odessa region, 65017

o Ukraine

This section provides information about our Data Protection Officer and their responsibilities in ensuring compliance with data protection regulations. If you have any questions or concerns about your personal data, please do not hesitate to contact our DPO.

15. Children's Privacy

This section outlines our policy regarding the collection and processing of personal data from children. We are committed to protecting the privacy of children and ensuring compliance with relevant laws and regulations.

15.1 Age Restrictions

15.1.1 Minimum Age Requirement

• User Age: Our services are not intended for use by children under the age of 13. We do not knowingly collect personal data from children under 13 without verifiable parental consent.

• Parental Consent: If we become aware that we have collected personal data from a child under 13 without verifiable parental consent, we will take steps to delete such data as soon as possible.

15.2 Parental Rights

15.2.1 Access and Control

• Parental Access: Parents or guardians have the right to access, review, and request the deletion of their child's personal data. To exercise these rights, please contact our support team at surdo.translater@gmail.com.

• Parental Consent Withdrawal: Parents or guardians can withdraw their consent for the collection and processing of their child's personal data at any time. To do so, please contact our support team.

15.3 Educational Use

15.3.1 School Programs

• School Accounts: We may provide services to educational institutions for use by students as part of school programs. In such cases, we require schools to obtain verifiable parental consent before allowing students to use our services.

• Data Protection: We implement measures to ensure the protection of students' personal data and comply with applicable data protection laws.

This section outlines our policy on children's privacy and our commitment to protecting the personal data of children. If you have any questions or concerns about the privacy of children's data, please contact our support team or Data Protection Officer.

16. Updates to the Privacy Policy

This section outlines the process and frequency of updates to our Privacy Policy. We are committed to maintaining transparency and informing you of any changes that may affect your privacy.

16.1 Frequency of Updates

16.1.1 Regular Reviews

• Policy Reviews: We regularly review our Privacy Policy to ensure compliance with applicable laws and regulations and to reflect changes in our data processing practices. Reviews are conducted at least once a year.

• Legislative Changes: We update our Privacy Policy as needed to comply with new legislative or regulatory requirements.

16.2 User Notification

16.2.1 Notification Methods

• Website Updates: We will notify users of any significant changes to our Privacy Policy by posting the updated policy on our website. The updated policy will include the effective date of the changes.

• Email Notifications: For significant changes that may affect your rights or privacy, we may also notify you via email. This includes changes to the purposes of data processing, the categories of data collected, or the transfer of data to third parties.

16.3 Effective Date of Changes

16.3.1 Immediate Effect

• Effective Date: Changes to our Privacy Policy take effect immediately upon publication on our website. We recommend regularly checking this page for updates to stay informed about our data protection practices.

• User Consent: Your continued use of our services after any changes to the Privacy Policy indicates your acceptance of the updated terms.

This section outlines the process for updating our Privacy Policy and how we notify users of changes. We strive to ensure transparency and keep you informed about any updates that may affect your privacy.

‍