This document explains what data we collect when you visit our site or contact us, why we need it, who we share it with, and what you can do about it. In short: we collect the minimum required to work with you, we never sell data to third parties, and you stay in full control — you can ask us to delete everything at any time. The details below are the legal version, kept as plain as possible.
01Who we are (Data Controller)
The controller of your personal data is:
- Sole Proprietor Valerii Krasko (registered in Ukraine)
- Tax ID (RNOKPP): 3219017093
- Correspondence address: 35 Balkivska Str., Apt. 104, Odesa, Ukraine
- Email for data requests: [email protected]
- Website: spilnoagency.com.ua
We have not appointed a Data Protection Officer (DPO) — under GDPR this is not required for our type of activity. For any data-related questions, please use the email above.
02What data we collect
2.1. Data you provide to us directly
When you fill in a form on our site, email us, message us, or send a brief, you may share:
- name
- phone (if you choose to provide it)
- company name and position (if provided)
- the content of your request, files, and attachments
- links to your website or profiles (if shared)
2.2. Data collected automatically
When you visit the site:
- IP address (anonymised for analytics)
- browser type and version, operating system
- pages viewed, time on page, referral source
- cookie identifiers (details in our Cookie Policy)
2.3. Data from third parties
If you arrive from Google Ads or Meta advertising, we receive anonymised advertising identifiers used to measure campaign performance.
03Why we process your data (legal bases)
| Purpose | GDPR legal basis |
|---|---|
| Responding to your enquiry, discussing cooperation | Pre-contractual steps (Art. 6(1)(b)) |
| Performing a service contract | Contract performance (Art. 6(1)(b)) |
| Invoicing, accounting, tax reporting | Legal obligation (Art. 6(1)(c)) |
| Site analytics, service improvement | Legitimate interest (Art. 6(1)(f)) |
| Marketing, remarketing, marketing cookies | Consent (Art. 6(1)(a)) |
| Site security and abuse prevention | Legitimate interest (Art. 6(1)(f)) |
04Who we share your data with
We do not sell your data. We share it only with trusted processors who help us run our business:
| Service | What is shared | Jurisdiction |
|---|---|---|
| Google Workspace (email, documents) | Email correspondence content | USA (under SCCs) |
| Google Analytics 4 | Anonymised visit data | USA (under SCCs) |
| Google Ads | Conversions, ad identifiers | USA (under SCCs) |
| Meta (Facebook/Instagram Pixel) | Anonymised visit data for remarketing | USA (under SCCs) |
| Planfix (CRM) | Lead and client contact details, communication history | EU |
| Website hosting (HostiQ) | Server-level technical data | Ukraine |
Transfers of data to the USA are made under Standard Contractual Clauses (SCCs) approved by the European Commission.
05How long we keep your data
| Data type | Retention period |
|---|---|
| Form enquiries without a signed contract | up to 12 months |
| Client data under a service contract | duration of contract + 3 years after |
| Accounting documents | 7 years (Ukrainian law requirement) |
| Analytics data (GA4) | 14 months |
| Marketing cookies | up to 2 years or until consent withdrawal |
| Remarketing data | 90 days |
After the retention period, data is deleted or anonymised.
06How we protect your data
- the site runs over HTTPS (SSL encryption)
- access to CRM and email is limited to team members on a least-privilege basis
- two-factor authentication on all work accounts
- regular backups
- processors are reviewed for GDPR compliance
07Your rights
Under GDPR you have the right to:
- Access — know what data we hold about you
- Rectification — correct inaccurate or outdated data
- Erasure — request deletion of your data (“right to be forgotten”)
- Restriction — limit how we process your data
- Portability — receive your data in a structured format and transfer it to another organisation
- Object — to processing based on legitimate interest or for marketing
- Withdraw consent at any time (e.g. switch off marketing cookies)
- Lodge a complaint with a supervisory authority — the data protection authority in your EU country of residence
To exercise any right, write to [email protected]. We respond within 30 days.
08Cookies
Detailed settings and the full list of cookies are in a separate document: Cookie Policy.
09Children
The site is not intended for individuals under 16. We do not knowingly collect data from children. If you discover that a child has provided us with their data, please let us know and we will delete it.
10Changes to this policy
We may update this policy. The “Last updated” date at the top always reflects the current version. We will notify you of significant changes on the site or by email if we are in active communication with you.
11Contact
For all enquiries — [email protected]