1. Effective Date:
18.06.2025
2. Introduction
2.1 PRIVATE ENTERPRISE INTERNATIONAL LAW BUREAU (hereinafter referred to as the "Company", "we"), address: 49000, Ukraine, Dnipropetrovsk region, Dnipro city, Heroes of Stalingrad street, 24a, office 87, e-mail: lawyer4407@gmail.com, as a personal data controller of the website https://ilb-lawyers.com/ (hereinafter referred to as the "Site"), attaches great importance to the protection of personal data of customers, partners and visitors of the Site.
2.2 This Privacy Policy (the "Policy") describes how and for what purpose we collect, use, store and protect your personal data and explains your rights under applicable law. We comply with all applicable data protection requirements in the jurisdictions in which we operate.
3. data controller and contact details
3.1 The data controller of your personal data is PRIVATE ENTERPRISE INTERNATIONAL LAW BUREAU
3.2 If you have any questions about this Policy or the processing of your personal data, or if you wish to exercise your rights (see section "Rights of the data subject"), you can contact us:
- Email: lawoffice4407@gmail.com
- Phone: +380972415634
- Address: 49000, Ukraine, Dnipropetrovsk region, Dnipro city, Heroes of Stalingrad street, 24a, office 87.
4. Categories of data processed
4.1 We may collect and process the following categories of personal data:
- Identity Data: first name, surname, nationality, date of birth, passport number or other identification document.
- Contact details: email address, telephone number, residential or registration address.
- Financial information: bank details, information on payment transactions (if applicable).
- Data related to the use of the Site: IP-address, browser type, information about the pages visited, cookies, date and time of access, traffic source.
- Social status: information about place of work, education, family composition and other similar information (if relevant for the fulfilment of the contract or provision of services).
- 4.3. Interaction information: history of use of our services, list of products and services you have interacted with, date and time of visits to the Site, history of correspondence and contacts with Company representatives.
- 4.4. Photographs and Videos: any images and videos that you may provide to us voluntarily (e.g. for identification, identity verification, participation in marketing campaigns, etc.).
- 4.6. Special categories of data: philosophical beliefs, health conditions and other sensitive data where you have provided it voluntarily and/or necessary for the provision of services and the protection of your rights as required by law.
5. Sources of personal data collection and purposes of personal data processing
5.1 Sources of data collection:
We may receive your personal data from the following sources:
- Directly from you - when filling in online forms, submitting applications, sending documents or otherwise interacting with you.
- From public sources - where it is necessary for the conclusion and performance of a contract or on the basis of law.
- From third parties - such as our partners, intermediaries, representatives and other authorised entities - if there is a legal basis for the transfer.
5.2. Purposes of processing personal data:
Your data is processed solely for specific, legitimate and justified purposes, such as:
- Provision of services: processing applications, providing legal, consultancy, fulfilment of contractual terms and conditions.
- Compliance with legal obligations: fulfilment of legal requirements, interaction with state authorities.
- Service analytics and development: analysing user behaviour, optimising website functionality, improving the quality of services provided.
- Marketing and research purposes: conducting surveys, advertising campaigns, studying customer preferences.
6. Legal bases for processing personal data
We process your personal data on the basis of one or more of the following legal bases:
6.1. Consent of the personal data subject:
You have given your explicit and voluntary consent to the processing of your personal data - for example, when filling in forms on the website, subscribing to newsletters or applying for a service.
6.2. Conclusion and performance of a contract:
Data processing is necessary for the conclusion or performance of a contract to which you are a party, or to act on your request before it is concluded.
6.3. Fulfilment of statutory obligations:
We are obliged to process certain personal data within the scope of tax, labour, civil and other legal requirements.
6.4. Protecting legitimate interests:
Processing is necessary to protect our legitimate interests - for example, for the purposes of website security, fraud prevention, dispute resolution, and promoting our services (subject to your rights and interests).
6.5. Other statutory grounds
7. Procedure and conditions of personal data processing
7.1 General:
Processing of personal data is carried out both with the use of means of automation (including information systems) and without such means - using paper carriers. We ensure that processing complies with legal requirements, including measures to protect data from unauthorised access.
7.2. Scope and minimisation:
We only process data that is necessary to achieve the purposes set out in this Policy. Excess data is not collected or utilised.
7.3. Access to data:
Only authorised employees and partners of the Company, for whom such information is necessary within the scope of their professional duties, have access to personal data.
7.4. Data Storage:
Personal data shall be stored in a form that allows the identification of the data subject for no longer than is required for the purposes of processing, unless otherwise required by law.
7.5. Destruction and depersonalisation:
Once the purposes of the processing have been achieved or consent has been withdrawn, the data is destroyed or depersonalised, unless otherwise required by law or provided for by contract.
7.6. Data transfer to third parties:
Data transfer is possible in the following cases:
- with the written consent of the subject;
- at the request of public authorities in cases stipulated by law;
- as part of the fulfilment of a contract (e.g. when transferring data to hosting providers, lawyers, etc.).
All third parties accessing personal data are obliged to respect the confidentiality regime and the requirements of the law.
8. Measures to protect personal data
To ensure the security and confidentiality of your personal data, we apply a set of organisational, technical and physical measures:
8.1. Technical measures:
- Using modern encryption tools for data transmission and storage;
- Protecting servers and information systems with firewalls, anti-virus software and intrusion detection systems;
- Regularly updating software and patching identified vulnerabilities;
- Restrict access to data processing systems using multi-factor authentication;
- Conducting regular penetration tests and security audits.
8.2. Organisational measures:
- Appointment of employees responsible for processing and protection of personal data;
- Training of personnel on data protection requirements and internal policies;
- Development and implementation of internal regulations and instructions on personal data handling;
- Conducting regular security compliance audits.
8.3. Physical measures:
- Controlling access to premises where servers and documents are stored;
- Protecting paper and electronic media from unauthorised access.
8.4. Incident Response:
In the event of personal data security incidents (loss, theft, unauthorised access, etc.), we will:
- Immediately notify the affected data subjects and the competent supervisory authorities within the legal time limits.
- Provide information on the nature and extent of the incident, the possible consequences and the measures taken to eliminate or minimise the damage.
- Take all necessary measures to investigate the incident and prevent similar incidents in the future.
9. Rights of personal data subjects
In accordance with personal data protection legislation, you as a data subject have the following rights:
9.1 To obtain confirmation as to whether your personal data are being processed, to receive copies of such data, as well as information about their processing, location or domicile (whereabouts) of the owner or controller of the personal data;
9.2 Obtain information about the conditions of access to personal data, in particular information about third parties to whom your personal data is transferred;
9.3 To enter reservations regarding the restriction of the right to process your personal data when giving consent;
9.3 Request the correction, completion or deletion of inaccurate, incomplete or outdated data.
9.4 In cases provided for by law, you may request that your personal data be amended or deleted, for example, if it is no longer necessary for the purposes of the processing.
9.5 Request the temporary or permanent restriction of the processing of your data in certain situations.
9.6 Object to the processing of data on the basis of the Company's legitimate interests or for direct marketing purposes.
9.7. Receive your data in a structured, machine-readable format and transfer it to another operator.
9.8 Withdraw the previously given consent to the processing of personal data at any time, without this affecting the lawfulness of the processing prior to the withdrawal.
9.9 Apply legal remedies in the event of a breach of personal data protection legislation;
9.8. If you believe that your rights have been violated, you have the right to lodge a complaint with the authorised personal data protection authority.
10. Procedure for exercising the rights of personal data subjects
10.1 Requests to exercise rights:
To exercise your rights, you may send a request to process personal data or to exercise any of the rights set out in section 9 by email: lawyer4407@gmail.com or by postal address:
49000, Ukraine, Dnipropetrovsk region, Dnipro city, Heroes of Stalingrad street, 24a, office 87
10.2 Identification of the applicant:
To ensure security and confidentiality, we may request identity documents or other information.
10.3 Timeframe for review:
We will review requests within 30 calendar days of receipt, unless a different timeframe is required by law.
10.4 Response and Action:
Upon review of the request, we will provide you with a response and, if necessary, take appropriate action (correction, deletion, providing copies of data, etc.).
10.5 Denial:
In exceptional circumstances (e.g. where there are legal grounds), we may refuse to fulfil a request and will notify you of the reasons for the refusal.
11. Retention periods for personal data
11.1 General Retention Principles:
We will retain your personal data for no longer than is necessary to fulfil the purposes of the processing, except where otherwise required by law.
11.2 Approximate retention periods:
- Basic information (name, contact details, etc.): up to 5 years after the end of the co-operation.
- Data on social status (work, education, family): up to 5 years after the termination of the relationship.
- Information about interactions with the site and services: up to 3 years.
- Photos and videos: up to 2 years.
- Technical data (IP addresses, cookies, etc.): up to 1 year.
- Special categories of data (health, beliefs, etc.): up to 5 years or as required by law.
11.3 Personal data shall be deleted or destroyed in the event of:
11.3.1 Expiration of the data retention period defined by the personal data subject's consent to the processing of that data or by law;
11.3.2. Termination of the legal relationship between the personal data subject and the owner or controller, unless otherwise provided by law;
11.3.3. Issuance of a relevant instruction from the relevant authorities; 11.3.4.
11.3.4 The entry into force of a court judgement on deletion or destruction of personal data.
12. Transfer of personal data to third parties
12.1 Categories of data recipients:
We may transfer your personal data to the following categories of third parties in compliance with all legal requirements:
- IT service providers: hosting, payment processing, cloud services, technical support.
- Marketing agencies: for research and advertising campaigns.
- Legal consultants and law firms: to assist in the legal defence of our interests and fulfilment of our obligations.
- Public authorities: to fulfil legal requests and legal requirements.
12.2 Protection guarantees:
All data transfers are subject to contracts that provide an appropriate level of data protection, including international agreements and Standard Contractual Clauses (SCC) where required.
13. International data transfer
13.1 Geography of processing:
Your personal data may only be processed and stored in countries where our offices or servers, partners and suppliers are located.
13.2 Level of protection:
We apply international security standards to ensure that your data is as secure as possible, regardless of its location.
14. Security of personal data
14.1 Technical protection measures:
- Encryption of data during transmission and storage.
- Use of firewalls, anti-virus programmes, intrusion detection systems.
- Regular software updates and installation of security patches.
- Restricting access to data using multi-factor authentication.
- Conducting penetration tests and vulnerability assessments.
14.2 Organisational measures:
- Training employees on information security principles.
- Access minimisation policy - only authorised personnel have access to data.
- Regular internal and external security and privacy audits.
- Development and testing of incident response plans.
14.3 Physical measures:
- Control and restrict access to premises and server rooms (access control systems, CCTV, alarms).
- Protection of electronic and paper media from unauthorised access.
15. Notification of data security breaches
15.1 In the event of personal data security incidents (loss, theft, unauthorised access, etc.), we:
1. Immediately notify the affected data subjects and the competent supervisory authorities within the time limits set by law.
2. Provide information on the nature and extent of the incident, the possible consequences and the measures taken to eliminate or minimise the damage.
3. Take all necessary measures to investigate the incident and prevent similar incidents in the future.
16. Joint processing of data
16.1 When we jointly process personal data with other companies, we enter into agreements that strictly regulate:
- The purposes and methods of data processing.
- The scope of the data to be transferred.
- Security and confidentiality requirements.
16.2 Our partners are obliged to observe the same high standards of data protection as we do.
17. Grounds for processing special categories of data
17.1 Special categories of data (race, ethnic origin, political, religious or philosophical beliefs, biometric data, health information, etc.) shall only be processed if one of the following grounds is present:
- Explicit consent of the data subject.
- The need to fulfil a contract or to protect the vital interests of the data subject.
- Existence of legal or other regulatory obligations.
- Protection of vital interests (if the data subject is physically or legally unable to give consent).
- Legitimate interests of the company or third parties that do not infringe the data subject's fundamental rights and freedoms (if authorised by law).
18. Procedure for exercising the right to data portability
18.1 In order to exercise the right to data portability, you may send a request to our Data Protection Officer (DPO) by email to lawyer4407@gmail.com, providing information that will allow us to identify you, as well as a description of the data to be transferred and the recipient.
18.2 Within 30 days of receipt of the request (or such other time as required by law), we will provide the data in a structured, machine-readable format or transfer it to another data controller of your choice.
19 Instructions on how to restrict data processing
19.1 If you wish to restrict the processing of your data (e.g. if you wish to challenge the accuracy of your data or on other grounds), please email lawyer4407@gmail.com with your request, stating the reason and attaching supporting documentation where necessary.
19.2 We will consider your request within 30 days and notify you of the outcome. If the restriction is accepted, your data will not be processed (other than storage) until the grounds for the restriction cease.
20. Loss or theft of data
20.1 If your personal data is lost or stolen, we will promptly notify you (where required by law) and the relevant supervisory authorities.
20.2 We will also:
- Conduct an internal investigation of the incident to determine the cause and extent of the damage.
- Take measures to prevent a recurrence (improving technical and organisational safeguards).
- Provide information on possible steps you can take to reduce the risk of negative consequences (e.g. changing passwords).
21. Log and Metadata Retention Policy
21.1 We may store log files (log files) and metadata generated when you visit and use the Site in order to:
- Improving security (tracking and preventing potential attacks).
- Improving the quality of services provided.
- Facilitate the administration and diagnosis of technical problems.
21.2 The storage period of log files does not usually exceed 12 months. The data is securely protected from unauthorised access through encryption and access restrictions.
22. Methods of data anonymisation
22.1 We use anonymisation and pseudonymisation of personal data to reduce the risks associated with the identification of a specific individual.
22.2 Anonymisation means the complete elimination of the possibility of identifying the data subject. Pseudonymisation means replacing identifiers (e.g. first and last name) with unique codes that allow data processing without a direct link to your identity.
23. Regular audits and risk assessments
23.1 To ensure continued compliance with international and local laws, we conduct regular information security audits and risk assessments.
23.2 These include reviewing technical systems, assessing potential vulnerabilities, analysing legislative updates, and training employees and improving internal policies.
24. Consequences of withdrawing consent
24.1 If your consent is required for certain processing purposes and you choose not to provide or withdraw it, certain features of the Site or Company services may become unavailable or restricted.
24.2 Upon withdrawal of consent, we will cease the relevant data processing unless the processing is necessary for other legitimate reasons (e.g. fulfilment of a contract or compliance with legal obligations).
25. Processing of children's data
25.1 Our services and the Site are not intended for use by persons under the age of 18.
25.2 We do not knowingly collect personal data of children. If you notice that a child has provided us with their data, please contact us immediately at lawyer4407@gmail.com and we will promptly delete such information.
26. Reviewing and updating the Privacy Policy
26.1 We reserve the right to periodically review and update this Policy.
26.2 In the event of significant changes, we will notify users by posting the updated version on the Site and, if necessary, by sending email notices.
26.3. An up-to-date version of the Policy is always available at: https://ilb-lawyers.com/Privacy-Policy.
27. Final provisions
27.1 All legal relations not regulated by this Policy shall be governed by the applicable laws of the country of the Data Controller's location, as well as by the norms of international law binding on the parties.
27.2. The new version of the Policy comes into force from the moment of its posting on the Website, unless otherwise provided by the new version itself.