PRIVACY POLICY

We are Limited Liability Company LABA (hereafter referred to as “Company”, “we”, “us”, and “our”) an education platform offering online courses, webinars and lectures in various fields of business (the “Services”). We understand that you care about your privacy interests and treat your rights responsibly. This Privacy policy applies to your use of the Company’s websites, available at https://skvot.io, https://laba.ua and https://robotdreams.cc (the “Website”), and explains how we process personal data obtained from the Website users and our customers.

Statement on the processing and protection of personal data

We do our best to protect the personal data we receive and further process. When processing personal data, the Company undertakes to take all necessary technical and organizational measures following the requirements of data protection legislation and using the best global practices.

This Policy applies to those persons whose personal data is processed or may be processed in the future by us as a personal data owner, including but not limited to those who use our Website, send us a registration form, contact us with inquiries, order our Services, or attend our online and offline events, which are accompanied by the collection of personal data.

When we control the methods of collecting personal data and determine the purposes for which such data are used, the Company acts as the owner of personal data within the meaning of the Law of Ukraine "On the Protection of Personal Data" dated June 1, 2010 (hereinafter the “Law”).

By using our Website or our Services or providing separate consent to the processing of your data, you agree to this Policy. If you do not agree to the processing of your personal data in accordance with this Policy, please do not provide us with data about you. In accordance with applicable law and this Policy, you have the right to ask us to delete your data at any time.

Please note that our Policy may be updated periodically, including as applicable law requires. If necessary, we suggest you return to this Policy occasionally to see if changes have been made. Your continued use of the Website or access to our Services after changes to the Policy will constitute your acceptance of such changes.

1. What we collect and how we obtain personal data

We collect and process only information about you that is necessary for us to answer your request, allow you to utilize the Website, and provide our Services, and only to the extent specifically provided in this Policy.

When you sign up for our newsletter or marketing, you consent to our collecting your name and contact details. In addition, the Company may process other personal data if you voluntarily provide it to us.

1.1. Information that we obtain when providing you with our Services

Personal data that we may collect and process for providing you with our Services are the following:

• full name;
• contact details, in a particular email address, telephone number, post address;
• birth date;
• place of work or study and your position;
• photo and video with your participation;
• a record of communication;
• data collected from the feedback form or survey.

You provide this data mainly when registering for our education events, participating in them, and communicating with our service support team.

Please note that we conduct customer satisfaction surveys regarding our Services. These surveys can be conducted through various communication channels (email, calls, and WhatsApp). We usually record communications with you and your responses to survey questions. If you provide us with permission, we can publish your feedback, particularly on the Website or in the Company's marketing materials.

1.2. Information that we may obtain from your use of our Website

We may collect the following information about you when you use the Website:

• information about your device(s), in particular, hardware model, version of the information system and mobile network information;
• Internet Protocol address (IP address);
• browser version and browser setting;
• customer account information, such as username and password for authentication and access;
• details regarding how you use our Website (using our cookies and similar technologies).

We may use “cookies” to help us manage the Website and provide functionality and customized messages to you. Please refer to our Cookie Policy for more information about cookies, and use our cookie tool to choose your preferences.

1.3. Information that we obtain from your inquiry or completed registration form

When you fill out a registration or contact form to receive information about our Services, we ask for your full name, email address, and phone number. We need your contacts to provide the answer and information you request. We can contact you through various communication channels, such as email, call, SMS, WhatsApp or Telegram messages, social media, etc.

After we start communicating with you, we may receive and store additional information about you, including personal data. In particular, we may record and keep our communication with you (recording of telephone conversations or correspondence via email, WhatsApp, etc.).

1.4. Processing of information obtained from third parties

The Company may occasionally collect personal data about you from third parties, mainly when your employer or professional association orders and pays for our educational Services in your interests. We may also collect your data from a third-party platform/website if you provide a relevant link to your profile during registration (e.g., Facebook, LinkedIn, Twitter, etc.).

We may also collect some information about potential customers from third parties to qualify the demand for our services on the market and adjust our marketing strategy. The information collected is non-identifiable (e.g., age, industry, country groups, etc.) and is not treated as personal data.

1.5. Processing the personal data of children

Please note that our Website and services do not address anyone under 16. We consider a user/customer as a child if they are under 16 unless their country has a different age limit. Accordingly, we do not knowingly collect or process information about children. If you become aware of cases of use of the Website by children or that we receive data from children without verification of parental consent, please inform us immediately. Then, we'll take steps to remove that information.

1.6. Processing of special categories of data

The Company does not collect any data about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric, health data or data concerning a natural person's sex life or sexual orientation (special categories of data).

2. Purposes and legal basis of data processing

The Company processes your data solely according to the applicable law. We process personal data for the following purposes with such legal basis (data may be processed on several legal bases):

• to register the user on the Website, create a client's personal account and provide access to our Services, including but not limited to our education events (conclusion and/or performance of a contract);
• to offer the Services you request from us or we think you may be interested in (conclusion of a contract, legitimate interest);
• to maintain our Website, including the education platform applied to our Services (performance of contract, legitimate interest);
• to notify you, as a customer, of changes and other announcements related to the Services (performance of contract, legitimate interest);
• to comply with other our obligations when providing Services as per our Public Offer (performance of contract, in some cases legitimate interest);
• to conduct internal research, development, testing and improvement of the features and functions of our Services (legitimate interest);
• to establish and maintain communication between the Company and user/customer for advising on Services and provision of technical support associated with the use of the Website (performance of contract);
• to process (consideration) of user/customer requests or complaints and responding to them (consent, legitimate interest);
• to improve the quality of the Company’s Services for the customers and Website users (legitimate interest, in some cases consent);
• to comply with our internal and external audit requirements, including our information security measures (performance of contract, legitimate interest);
• to protect against any malicious actions of users (such as fraud, etc.), detection and/or investigation of a crime in connection with other security considerations of the Company (legitimate interest, compliance with legal requirements);
• analytical and statistical purposes (legitimate interest);
• to request your feedback or survey participation (legitimate interest, consent);
• marketing purposes (consent);
• to personalize Website user's experience and provide the type of content that could be of the most interest to you (consent, in some cases legitimate interest);
• to respond to requests from supervisory and law enforcement authorities (compliance with legal requirements);
• to ensure other legitimate interests of the Company, for example, to prepare a claim (legitimate interest).

If we rely on legitimate interests as a lawful basis for processing your personal data, we balance these interests with your interests, fundamental rights and freedoms in accordance with the requirements of applicable law and industry best practice.

If the purpose of processing some data is changed to a contradictory purpose, we shall obtain additional consent from you.

3. Marketing preferences

The Company may provide you with marketing information in several ways, including email, telephone, text messages, and online (while using the Website).

It is essential for us to respect your marketing preferences and the requirements of applicable data protection laws. We send you marketing materials with your explicit consent or if we have a legitimate interest in direct marketing.

Direct marketing must not promote information contrary to your interests. For example, from time to time, we may promote Services that we believe may interest you based on your past interest in them.

You may opt out of marketing, even if you have previously provided us with your consent, and you may also object to receiving direct marketing.

If you decide to opt out of marketing or object to receiving direct marketing from us, you can find the "unsubscribe" button in each marketing email we send or by contacting our Data Protection Officer Global at dpo@laba.academy.

At the same time, even if you opt out of receiving marketing, we may send you service messages or important information about transactions related to the Services you requested/bought. This is necessary, among other things, for the purposes of contractual performance.

4. Security

The Company applies physical, administrative, and technical safeguard measures to protect personal data under all applicable legislation, including the Law. We regularly test our security measures to ensure they remain efficient and effective.

First, we use the usual scanning for malicious programs. Our antivirus protection product is one of the best on the market.

The Company adheres to the principle of minimizing data. We give our employees access only on a need-to-know basis (who need access to corresponding data to fulfil their functional duties). We provide regular training to our employees on our policies governing data privacy and security.

When transferring personal data outside the Company, we use VPN, encryption and password protection.

5. Where we store personal data and data retention period

Once we receive your information, we will use all reasonable procedures and security measures to avoid unauthorised access, loss, disclosure, or amendment of the received data.

Your personal data collected by us is stored on secure information technology systems owned or operated by the Company and in cloud systems in Europe.

We retain personal data only for as long as necessary to fulfil the purposes for which we collected it, including satisfying any legal requirements, accounting or reporting, and ensuring the performance of the agreements we conclude with customers.

In determining the appropriate retention period for personal data, we also consider, in addition to the purposes of the processing, the nature and category of data, the potential risk of harm from unauthorised use or disclosure of the data, and the relevant requirements of applicable law.

Generally, we retain basic information about our customers for five (5) years after they cease to be customers (for tax and legal purposes).

If the laws of the country where the customer of our Services resides contain statutes of limitations that determine the period within which you may file a claim or lawsuit against us, and we, therefore, need appropriate evidence of a legal relationship with you, we may process your personal data during such period.

Over time, we may minimise the data we process about you or even anonymise it (for research or statistical purposes) so that it is no longer linked to you personally. If some data is anonymised, we can use it virtually indefinitely, as it no longer contains personal data.

If we process personal data under your consent to processing (in particular, for marketing purposes), you have the right to withdraw your consent at any time or to request to delete the data or temporarily suspend the processing of the data. To do so, please contact our Data Protection Officer Global at dpo@laba.academy.

6. Disclosures and transfers of personal data

We may share (transfer or provide access) personal data with third parties including as follows:

• Laba Group: We need to share your personal data with the group of our companies that work on our behalf and require access to your personal data to carry out their work, such as processing billing, providing customer support, etc.
• Third party consultants and other service providers: We may share your personal data with third party service providers and/or consultants who work on our behalf and need access to your data to perform their work, such as maintaining the Website, processing billing, accounting and legal support, CRM system etc. These service providers are authorized to use your personal data only as necessary to provide services to the Company.
• State, local and other regulatory, administrative or law enforcement authorities and courts: We may disclose your personal data to such third party if (1) we believe that disclosure is reasonably necessary to comply with any applicable law, other regulation, or legal process, (2) we receive a judgment of a court, a decision of an administrative authority or governmental request (for example, a search warrant, subpoena, statute, court order, data breach notification etc.), (3) to protect the security or integrity of the Website, (4) to protect the Company and our customers from harm or illegal activities.
• Other types of third parties: We may disclose your personal data (1) to respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious injury of any person, or (2) we receive your request to share data with a particular third party.

We may transfer your personal data to and from third countries or territories, which may have privacy laws different from those of your country of residence. Some recipients of personal data may be based in Ukraine, and some may be located in countries of the European Economic Area. Please note that the Company transfers your personal data outside of Ukraine only if necessary and for purposes outlined in this Policy, provided that reasonable insurance exists that your rights and freedoms as a data subject are protected. In such cases, we ensure compliance with the provisions of Art. 29 of the Law. In addition, we will require all data recipients to ensure an adequate level of protection and security of personal data.

You should know we never sell your personal data to third parties.

In the event of a merger, reorganization or a similar corporate event or the sale of the Сompany or part of the Сompany's assets, the information collected by us, including Personal Data, can be transferred to another company/organization (subject to merge or acquisition). Undoubtedly, all such Data transfers will be carried out under the applicable data protection legislation and our confidentiality obligations, as specified in this Policy.

7. Third-party-provided content/links

You may find content and links on our Website to websites and services of other companies. We do not control these websites. Each such third party is solely responsible for complying with the laws, rules, and regulations applicable to its business and the operation of its website. These websites and services may have their own privacy policies and customer service policies. We encourage you to review the privacy policies of any third-party websites before providing any of them with your information.

8. Data subject rights

We guarantee you the realization of your personal data protection rights and other rights provided for in Art. 8 of the Law. In particular, as a subject of personal data, you have the following rights:

1) to know about the sources of collection, the location of your personal data, the purpose of their processing, the location or place of residence (residence) of the owner or manager of personal data or to give an appropriate mandate to obtain this information to authorized persons, except for cases established by law;

2) receive information about the conditions for providing access to personal data, in particular, information about third parties to whom personal data is transferred;

3) to access your personal data;

4) receive no later than thirty calendar days from the date of receipt of the request, except in cases provided by law, an answer about whether your personal data is being processed, as well as receive the content of such personal data;

5) present a reasoned demand to the owner of personal data with an objection to the processing of his personal data;

6) make a reasoned demand for the change or destruction of your personal data by any owner and manager of personal data if these data are processed illegally or are unreliable;

7) to protect your personal data from illegal processing and accidental loss, destruction, or damage due to intentional concealment, failure to provide or untimely provision of data, as well as protection from providing information that is unreliable or dishonours honour, dignity and business reputation of a natural person;

8) file complaints about the processing of your personal data to the Authorised Human Rights Commissioner of the Verkhovna Rada of Ukraine or the court;

9) apply legal remedies in case of violation of the legislation on the protection of personal data;

10) enter reservations regarding the limitation of the right to process one's personal data when giving consent;

11) withdraw consent to the processing of personal data;

12) know the mechanism of automatic processing of personal data;

13) to protect against an automated decision that has legal consequences for you.

Please note that when you contact us, you need to go through the identification process and submit your specific requirements so that we can process your request and provide a response on legitimate grounds. If we cannot identify you via messages or have reasonable suspicions about your identity, we may ask you to provide proof of identity. Only in this way can we avoid disclosing your data to someone who may impersonate you, i.e. the identification process is carried out in your interests. Any additional information collected for verification purposes will only be used to verify identity.

We process requests as quickly as possible, but please remember that providing a complete and lawful response is a complex process that can take up to a month or even longer. We will let you know if we need more time to prepare a response.

Please note that according to Art. 15 of the Law, personal data are subject to deletion or destruction in the event of:

• expiration of the data storage period determined by the consent of the subject of personal data to the processing of this data or by law;
• termination of the legal relationship between the subject of personal data and the owner or manager, unless otherwise provided by law;
• Issuance of the relevant order of the Authorised Commissioner or officials of the Secretariat of the Commissioner designated by him;
• entry into legal force of a court decision on the removal or destruction of personal data.

9. Our contacts

If you have any questions regarding the processing of your personal data, comments regarding this Policy, or wish to exercise your right in accordance with Art. 8 of the Law, please send us a request.

We have appointed a Data Protection Officer Global (DPO) as the contact person for any questions or comments regarding protecting and processing your data.

You can contact DPO by sending an email to the following address: dpo@laba.academy