Privacy Policy
YourAirTest (hereinafter referred to as We, the Organization, our, us) and its partner companies strive to always adhere to the best principles of business partnership and cooperation, justifying the trust in the name of the Organization and partner companies, including compliance with the responsible treatment of your personal data. This Privacy Policy regulates the policy and procedural aspects of processing personal data provided by you when using the YourAirTest Website (https://yourairtest.com/) and its mobile versions/applications (hereinafter referred to as the Online Platforms), which are managed and administered by YourAirTest, and is an integral part of the Terms of Use of the YourAirTest Website. The Privacy Policy is developed in accordance with the provisions of the Laws of Ukraine (in particular, the Law of Ukraine “On Personal Data Protection”), taking into account the principles and requirements of European legislation on personal data protection (General Data Protection Regulation, hereinafter referred to as the GDPR). By using the Online Platforms in the future, the User acknowledges and certifies that he/she has read and agrees to this Privacy Policy (hereinafter referred to as the Policy). Our registration and contact details are specified in the “Contact Us” section, which you can use to address any questions regarding the clarification of the provisions of this Policy and the processing of your personal data.
Terms we use
Data Recipient (Controller) – a natural or legal person to whom personal data is provided and who independently determines the purposes and means of processing personal data. For the purposes of this Policy, we are the Data Recipient (Controller). Processor – an individual or legal entity that processes personal data on behalf of the Data Recipient (Controller). We have the right to engage the Processor to process personal data in the manner specified in this Policy. Processing – means any operation or set of operations performed on personal data or on sets of personal data of the Data Subject, by automatic or non-automatic means. Such operations include the collection, recording, organization, structuring, storage, adaptation or alteration, review, use, disclosure (by transmission, dissemination or otherwise making available), alignment or combination, restriction, erasure or destruction of personal data. Data subject – an individual whose personal data is processed and who can be directly or indirectly identified by the personal data provided by him or her. User – a data subject who uses the Online Platforms. Personal data – information that allows to directly or indirectly identify the individual User of the Online Platforms, as well as information about the User’s activities, for example, the use of the Online Platforms, if such use is directly related to information that allows to directly or indirectly identify the User.
Personal data we receive from the User
When the User uses our Online Platforms, we process some or all of the following personal data from the User:
Information about the User.
For example, the User’s name, surname and patronymic, postal address, e-mail address and mobile (contact) phone number, etc.
Information about correspondence (interaction) with the User.
For example, any letters, comments, suggestions, complaints, including their audiovisual content (photos, videos, audio) sent to us by the User via chats, e-mail, social networks, telephone and/or any other information about correspondence between us and the User online, in the form of an electronic and/or regular letter and/or personal correspondence between us and the User. If the User contacts us by phone, we may collect and process information about the phone number used and any information collected through call recording.
Device information and technical data.
For example, such personal data may include the User’s IP address, information about the operating system of the computer/mobile device and the type of the User’s browser, the type of the User’s mobile device, a unique device identifier or the User’s mobile equipment identifier, etc. that are processed automatically (including during downloading).
Information about the User’s visits to our Online Platforms.
For example, the route of the User’s movement to our Online Platforms, their viewing, transition from the Online Platforms to other Websites (including date and time), the pages of our Online Platforms that the User has viewed, the time of loading the page/pages of our Online Platforms, errors with loading pages, the duration of the User’s visit to certain pages, as well as information about the interaction between the pages of the Online Platforms, which are processed automatically (including when downloaded).
Review information.
For example, the User’s feedback and/or responses to marketing, advertising or informational surveys and/or research offered by us.
Sources of obtaining the User’s personal data
We receive most of the User’s personal data that we further process directly from such User or when the User interacts with us and/or our Online Platforms. We may additionally receive the User’s personal data from other sources, including from the Organization’s partner companies, maintenance companies, advertising networks, data analysis providers, information retrieval providers, anti-fraud databases and/or other third-party databases, including sanctioned (prohibited) lists, in accordance with the provisions of the Laws of Ukraine and taking into account the principles and requirements of the GDPR.
User’s control over the personal data provided by him/her
The User of our Online Platforms is in full control of all personal data provided by him/her in the application and/or registration forms and provided to us through our Online Platforms. The User has the right not to provide us with such personal data, but in this case, the Online Platforms may not function properly or some functions may not be available. At any time, when the User of our Online Platforms decides to object to the processing of personal data, decides to delete/edit (including update) the personal data provided by him/her and the data processed by us, or if the User wishes to change the settings regarding the information he/she receives from us, such User may notify us by sending us a letter by e-mail or postal mail to the address/contacts specified in this Policy, as defined in the section “Our Contacts”.
The purpose of processing the User’s personal data
In accordance with the provisions of the Laws of Ukraine, taking into account the principles and requirements of the GDPR, we must establish the identity of the User, determine and familiarize the User with the legal basis (basis) for processing the User’s personal data. At the same time, for the purposes of the Policy, the legal grounds (bases) that are permissible for processing the User’s personal data are considered to be the following:
Consent – in case the User gives his/her consent to the processing of personal data provided by him/her (for example, the User will be offered a consent form for the processing of his/her personal data, as well as the possibility and method of withdrawal of such consent, as defined by this Policy).
Explicit consent – in case the User provides explicit consent to the processing of personal data provided by him/her (for example, by performing explicit and directed actions).
Legitimate interests – when we process the User’s personal data to ensure our legitimate interest.
Execution of the agreement (contract) – if we need to process the User’s personal data to enter into an agreement (contract) with the User and/or perform it.
Legal obligations – if we need to process the User’s personal data to fulfill our legal obligations.
Legal claims – in case we need to establish the identity of the User, when we need to protect our interests, file a claim against the User or litigation against us or a third party.
Public interest – processing of personal data is necessary due to a significant public interest, in accordance with the provisions of the Laws of Ukraine, taking into account the principles and requirements of the GDPR.
Depending on how the User interacts with our Online Platforms, we may process the User’s personal data in order to:
To provide the services defined and announced to the User on our Online Platforms.
Legal basis: consent, legitimate interests, fulfillment of the agreement(s).
To conduct information/advertising campaigns for scientific and technical activities.
Legal basis: consent, legitimate interests, legal obligations, fulfillment of the agreement(s).
To carry out effective communication and its accounting (including correspondence) with the User.
Legal basis: legitimate interests, legal right of claim.
Provide (send) marketing and/or informational/advertising materials to Users who have registered through our Online Platforms and have provided the appropriate consent.
Legal basis: consent, legitimate interests.
Distribution of the User’s personal data
We may process (including disseminate) the User’s personal data within the Organization’s own structure (including the Organization’s employees) and among the Organization’s partner companies, including foreign partner companies (hereinafter referred to as partner companies). At the same time, any processing of such personal data within the Organization’s own structure (including among the Organization’s employees) and among partner companies is carried out only if there is such a need for it and in accordance with the purposes provided for in this Policy, in accordance with the requirements of this Policy and the provisions on the preservation of confidential information in agreements with such employees and/or partner companies. We may engage other companies (including foreign ones) providing IT and administrative services, including hosting services, which will process the User’s personal data on our behalf (Processors) in order to ensure the technical functioning and proper operation of our Online Platforms, provide technical support and maintenance of the Online Platforms. Such companies may access the User’s personal data only if it is necessary for the above purposes and in accordance with the provisions on the preservation of confidential information in the agreements with these companies and are not entitled to use it for any other purposes. We may engage other companies to perform marketing, development/advertising tasks of the Online Platforms. Such companies can access the User’s personal data in a generalized form (without the possibility of identifying the User), only if it is necessary for the above purposes and in accordance with the provisions on the preservation of confidential information in agreements with these companies and are not entitled to use it for any other purpose. If the User considers this possibility unacceptable, we recommend not to provide the User’s personal data when using our Online Platforms and/or to immediately stop using our Online Platforms. Under no circumstances do we sell the User’s personal data. We also do not transfer or disclose the User’s personal data to third parties outside the Organization’s structure and outside partner companies, except as provided for by this Policy, the Laws of Ukraine, taking into account the principles and requirements of the GDPR. We reserve the right to process (including disclose and/or communicate) any personal data provided by the User if required by any Law of Ukraine or other regulatory legal act or confirmed by a legal requirement of a public authority and/or local government, in order to comply with the requirements of the Laws of Ukraine, protect the integrity of the Online Platform, fulfill requests from Users, public authorities and/or local governments, or to facilitate any investigation by law enforcement agencies.
Sending marketing, informational/advertising materials to the User From time to time, with the User’s prior consent, we may send marketing, informational/advertising messages and materials regarding our scientific and technical activities (research) and competitions/events to the User. If the User does not check the box indicating the consent to receive such materials, we will not send such messages and/or materials to the User. From time to time, with the User’s prior consent, we may send marketing, information/advertising materials on behalf of our partner companies regarding contests/events and/or promotions that are planned and may be of interest to the User. If the User agrees to receive marketing, informational/advertising materials of our partner companies, we will not disclose (communicate) the User’s personal data to the partner companies, but will only send such User marketing, informational/advertising materials on behalf of our partner companies. At the same time, the User agrees/disagrees to receive marketing, informational/advertising materials and has the right to withdraw it in the future or to object to their receipt by contacting us at the contacts specified in this Policy in the “Our Contacts” section.
In addition, under certain conditions, the User of our Online Platforms has the right to:
- in cases where processing is based on consent, to withdraw such consent;
- request that we transfer the personal data provided by such User and the data still stored by us with a third party (if any) in electronic form;
- object to the application of direct marketing, information/advertising campaigns to such User at any time;
- to perform other actions provided for by this Policy, the Laws of Ukraine, and the principles of the GDPR.
These rights apply subject to certain exceptional restrictions provided for in the provisions of the Policy and/or the Laws of Ukraine, taking into account the principles and requirements of the GDPR, in particular to protect the public interest (for example, prevention or detection of crimes) and our interests (for example, confidentiality). If the User has any questions and/or requests regarding the provisions of this Policy, in particular the exercise of the User’s rights regarding the processing of his/her personal data, please contact us at the contacts specified in this Policy in the “Contact Us” section.
Protection of the User’s personal data
We undertake to take all necessary technical, organizational and administrative measures and take such measures to ensure the reliable processing of the User’s personal data in accordance with this Policy and the current Laws of Ukraine. Unfortunately, the transmission of information on the Internet is not completely secure. Although we do our best to protect the User’s personal data (including the use of pseudonyms, encryption, restriction of access to personal data, etc.), we cannot guarantee the security of such data transmitted to our Online Platforms. In this case, the User of our Online Platforms assumes the entire risk of any transfer of personal data. As soon as we receive the User’s personal data, we undertake to apply strict procedures and security measures to prevent unauthorized access to such personal data by third parties. Protection of personal data of minors Consent to the processing of personal data of the User of the Online Platforms is provided by persons who have reached the age of sixteen. Otherwise, such consent to the processing of personal data must be provided by the User’s legal representatives (parents, guardians, etc.). We use all technological and organizational capabilities available to us, as well as reasonable actions to ensure that consent is provided by a User who has reached the age of sixteen. In case the User’s legal representatives contact us regarding the absence of consent and/or it is revealed that the User’s personal data was provided by a person under the age of sixteen, all personal data provided by him/her will be immediately deleted by us.
Personal data storage periods
The User’s personal data that we process will not be stored longer than allowed by the Law of Ukraine, taking into account the principles and requirements of the GDPR, and will be stored only as long as necessary to enable the User to participate in NES scientific and technical activities (research), contests/events and/or promotions of NES, to provide any requested services or information posted (available) on our Online Platforms or for other purposes set forth in this Policy. For example, we may store certain information about correspondence until the expiration of the statute of limitations regarding claims for a gift, grant and/or other reward based on the results of a contest/event and/or NES promotion, etc. We may also store such personal data of the User in order to comply with the requirements of the Laws of Ukraine regarding the storage of such personal data.
Place of storage of personal data
The transfer and storage of the User’s personal data is carried out in compliance with the provisions of this Policy, the Laws of Ukraine, taking into account the principles and requirements of the GDPR, as well as compliance with the requirements for the protection of such personal data (including contractual) and the requirements of regional (local) legislation. In case we transfer personal data of the User who is a resident of the European Union (EU) or located within the European Economic Area (hereinafter – the EEA) and/or process personal data of the User outside the EEA, we may require the adoption of specific additional measures to protect the relevant personal data. Certain countries outside the EEA have been approved by the European Commission as providing substantially equivalent protection to the data protection laws of the EEA. Therefore, no additional data protection safeguards are required to export personal data to these countries or territories. In countries that have not received such approvals, We will use appropriate means to protect any personal data from transfer, such as model contractual clauses approved by the EU Commission or mandatory corporate rules as permitted by applicable legal requirements.
Protection of the User’s personal data
We undertake to take all necessary technical, organizational and administrative measures and take such measures to ensure the reliable processing of the User’s personal data in accordance with this Policy and the current Laws of Ukraine. Unfortunately, the transmission of information on the Internet is not completely secure. Although we do our best to protect the User’s personal data (including the use of pseudonyms, encryption, restriction of access to personal data, etc.), we cannot guarantee the security of such data transmitted to our Online Platforms. In this case, the User of our Online Platforms assumes the entire risk of any transfer of personal data. As soon as we receive the User’s personal data, we undertake to apply strict procedures and security measures to prevent unauthorized access to such personal data by third parties. Protection of personal data of minors Consent to the processing of personal data of the User of the Online Platforms is provided by persons who have reached the age of sixteen. Otherwise, such consent to the processing of personal data must be provided by the User’s legal representatives (parents, guardians, etc.). We use all technological and organizational capabilities available to us, as well as reasonable actions to ensure that consent is provided by a User who has reached the age of sixteen. In case the User’s legal representatives contact us regarding the absence of consent and/or it is revealed that the User’s personal data was provided by a person under the age of sixteen, all personal data provided by the User will be immediately deleted by us.
Personal data storage periods
The User’s personal data that we process will not be stored longer than allowed by the Law of Ukraine, taking into account the principles and requirements of the GDPR, and will be stored only as long as necessary to enable the User to participate in NES scientific and technical activities (research), contests/events and/or promotions of NES, to provide any requested services or information posted (available) on our Online Platforms or for other purposes set forth in this Policy. For example, we may store certain information about correspondence until the expiration of the statute of limitations regarding claims for a gift, grant and/or other reward based on the results of a contest/event and/or NES promotion, etc. We may also store such personal data of the User in order to comply with the requirements of the Laws of Ukraine regarding the storage of such personal data.
Place of storage of personal data
The transfer and storage of the User’s personal data is carried out in compliance with the provisions of this Policy, the Laws of Ukraine, taking into account the principles and requirements of the GDPR, as well as compliance with the requirements for the protection of such personal data (including contractual) and the requirements of regional (local) legislation. In case we transfer personal data of the User who is a resident of the European Union (EU) or located within the European Economic Area (hereinafter – the EEA) and/or process personal data of the User outside the EEA, we may require the adoption of specific additional measures to protect the relevant personal data. Certain countries outside the EEA have been approved by the European Commission as providing substantially equivalent protection to the data protection laws of the EEA. Therefore, no additional data protection safeguards are required to export personal data to these countries or territories. In countries that have not received such approvals, We will use appropriate means to protect any personal data from transfer, such as model contractual clauses approved by the EU Commission or mandatory corporate rules as permitted by applicable legal requirements.