Privacy Policy and Personal Data Protection of "STEEPEN" R&D LTD

This Personal Data Privacy Policy (hereinafter – the Policy) is developed in accordance with the requirements of the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and applies to all information that "STEEPEN" R&D LTD (hereinafter – the Company/Controller), located at the domain name https://www.steepen.ua/, may obtain about the User (Data Subject).

1. Definitions and Controller's Contact Details

1.1. Data Controller: "STEEPEN" R&D LTD

1.2. Address for inquiries: [Insert Company Physical Address]

1.3. Data Protection Contact Person (DPO/Representative): [Insert Email or Contact Form]

1.4. Key Terms

  • Personal Data: Any information relating directly or indirectly to an identified or identifiable natural person (Data Subject).
  • Processing of Personal Data: Any operation or set of operations performed on personal data (collection, recording, storage, use, transfer, erasure, etc.).
  • Data Subject (Website User): A person who uses the Website and provides their data.
  • Cookies: A small fragment of data required for Website functionality and traffic analysis.

2. Categories of Personal Data Collected

The Company collects and processes the following categories of data:

  • Identification Data: Name, surname, email address, phone number (provided by the User via forms).
  • Technical Data: IP address, browser information, device type, operating system, access time, data collected via Cookies.
  • Transaction Data: Information about orders, purchase history (excluding direct financial information, which is processed by payment systems).

3. Purpose and Lawful Basis for Data Processing (GDPR, Art. 6)

We process your data exclusively on the following lawful bases:

  • Data Subject's Consent: For sending marketing newsletters and promotional offers (You have the right to withdraw this consent at any time).
  • Performance of a Contract: For processing and fulfilling your orders, and providing access to your account.
  • Compliance with Legal Obligation: For accounting, tax reporting, and compliance with legislative requirements.
  • Legitimate Interest: For ensuring Website security, fraud prevention, improving service quality, and analyzing Website usage.

4. Data Subject Rights (Your rights under GDPR)

As a User (Data Subject), you have the following rights:

  • Right to be Informed: To know what data we collect and for what purpose.
  • Right of Access: To obtain a copy of your personal data that we hold.
  • Right to Rectification: To demand the correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be forgotten"): To demand the deletion of your personal data if they are no longer needed for the purposes for which they were collected.
  • Right to Restriction of Processing: To demand the restriction of data processing in certain situations.
  • Right to Data Portability: To receive your data in a structured, commonly used format.
  • Right to Object: To object to the processing of your data based on legitimate interest or for direct marketing purposes.
  • Right to Lodge a Complaint: To file a complaint with the national supervisory authority (e.g., the Ombudsman of the Verkhovna Rada of Ukraine).

To exercise any of the aforementioned rights, please contact the Contact Person listed in section 1.3.

5. Data Retention Period

Personal data is stored only for the period necessary to achieve the purposes for which it was collected (the principle of "storage limitation"):

  • Customer Data (for contract performance): Up to 5 years after the last transaction or expiration of the warranty period.
  • Data for Marketing Newsletters (based on consent): Until the User withdraws consent.
  • Technical Data (Cookies): According to our Cookies Policy, but no more than 1 year.

6. Transfer of Data to Third Parties and Links to External Sites

The Company may transfer your data to third parties exclusively for the performance of its obligations (e.g., delivery services, payment systems) or if required by law.

This Policy applies only to the "STEEPEN" R&D LTD Website. The Company does not control and is not responsible for third-party websites that the User may access via links.

7. Final Provisions

The User's use of the Website signifies consent to this Privacy Policy. In case of disagreement with the terms, the User must stop using the Website.