Privacy policy

1.1

This Privacy Policy (hereinafter referred to as the "Policy") applies to all personal data that ПО "ІПРМ" (hereinafter referred to as the "Controller") may obtain about the User during their use of the website https://mm-medic.com (hereinafter referred to as the "Website") in connection with receiving services, registering for events, and accessing digital products.

1.2

The Website is also used by ТОВ "ММ МЕДІК" (EDRPOU code 40823358) for the sale of physical products (medical devices, hygiene products, cosmetics). The processing of personal data related to the purchase of products by ТОВ "ММ МЕДІК" is governed by a separate Privacy Policy of ТОВ "ММ МЕДІК."

1.3

Consent to the processing of personal data is given by the User by checking the appropriate checkbox during registration on the Website, placing an Order, or registering for an event. Such consent is voluntary, informed, and unambiguous in accordance with the requirements of the Law of Ukraine "On Personal Data Protection." The Website may be used without granting consent to personal data processing, albeit with limited functionality.

1.4

If User does not agree with terms of this Policy, they must refrain from using Site and stop providing their personal data.

3.1

Owner may collect and process following User's personal data:

• Surname, first name, patronymic;
• Email address;
• Mobile phone number;
• Date of birth (at User's discretion);
• Professional information (specialty, place of work—at the User's discretion, for event registration purposes);
• Order history and purchased services;
• Information about payment method (without storing full bank card data);
• Data on event attendance and course completion;
• Other data provided voluntarily by User (e.g. reviews, comments, questions).

3.2

Personal data collected and processed exclusively for following purposes:

1. User identification when registering on Site and authorization in personal account;
2. Placing, processing, and fulfilling the User's orders for services;
3. Registering the User for seminars, webinars, courses, conferences, and other events;
4. Providing access to digital products and treatment protocols;
5. Processing payments for services through payment systems;
6. Informing the User of order status, changes to event schedules, news, and promotions (subject to separate consent);
7. Providing technical support and consultations to User;
8. Improving Site functionality, personalizing content and recommendations;
9. Analyzing visits and activity on Site to improve user experience;
10. Fulfilling requirements of current legislation of Ukraine.

3.3

Owner does not collect personal data relating to racial or ethnic origin, political, religious or ideological beliefs, membership in political parties and trade unions, conviction for criminal offense, as well as data relating to health, sexual life, biometric or genetic data, except when such data provided voluntarily by User or necessary for fulfillment of contractual obligations.

3.4

The Controller acknowledges that the order history for medical and educational services (attending seminars, purchasing treatment protocols, etc.) may indirectly contain information about the User's health or professional specialty (sensitive personal data). In this regard, the Controller undertakes to apply an enhanced level of protection to such data, restrict the range of persons with access to it, and refrain from using it for purposes unrelated to Order fulfillment without the User's separate explicit consent.

4.1

The Controller has the right to transfer the User's personal data to third parties solely to the extent necessary to achieve the processing purposes specified in this Policy and solely with the User's consent.

4.2

If the User's Order also includes products sold by ТОВ "ММ МЕДІК," the User's personal data may be transferred to ТОВ "ММ МЕДІК" to the extent necessary for the fulfillment of such an Order, provided the User has given the appropriate consent.

4.3

Personal data may be transferred to following third parties:

• Payment systems: ТОВ "ЛІКВІД ФІНАНС" (LiqPay)—for processing online payments. The Controller does not store the full details of the User's bank cards; all payment information is processed directly by the payment system.
• Event organization partners: event organizers, lecturers, and speakers—to the extent necessary for the conduct of the event and the provision of services (participant's name and contact details).
• Other third parties: According to requirements of legislation of Ukraine, personal data may be transferred to law enforcement agencies, judicial authorities or other state institutions based on official request in accordance with current legislation.

4.4

The Controller requires third parties to whom the User's personal data is transferred to maintain confidentiality and ensure an appropriate level of data protection in accordance with the legislation of Ukraine.

4.5

The Controller does not sell, exchange, or transfer the User's personal data to third parties for marketing purposes without the User's separate consent.

5.1

User's personal data stored by Owner for period necessary to achieve processing purposes defined in this Policy, but not longer than provided by legislation of Ukraine.

5.2

Personal data storage periods:

• Account data (name, email, phone)—for the entire period the User's account remains active and for 3 (three) years after its deletion or the last activity on the Website;
• Order history and financial transactions—for 3 (three) years from the date of the last order (in accordance with the requirements of the tax and accounting legislation of Ukraine);
• Data on event attendance and course completion—for 3 (three) years from the date of the event or course completion;
• Reviews and comments—for the entire period of their publication on the Website or until their removal at the User's request;
• Technical data (IP address, cookies)—for 12 (twelve) months from the date of the last visit to the Website.

5.3

After expiration of storage period, personal data subject to destruction, unless otherwise provided by legislation of Ukraine or there are no other legal grounds for their storage.

5.4

User has right at any time to demand deletion of their personal data by contacting Owner at contacts specified in Section 9 of this Policy.

6.1

The Website uses cookies to improve functionality and user experience. Cookies are small text files stored on the User's device when visiting the Website.

6.2

Following types of Cookie files may be used on Site:

• Required (technical) Cookies: required for the proper functioning of the Website, User authentication, and session data storage. Without these cookies, the Website cannot function properly.
• Functional Cookies: remember User's settings (interface language, region, display settings) to increase convenience of using Site.
• Analytical Cookies: collect information about how Users interact with Site (for example, which pages they visit most often), to improve Site functionality and content. Anonymized data used.
• Marketing Cookies: may be used to display personalized advertising on Site or on third-party resources (subject to separate User consent).

6.3

User can at any time configure or disable Cookie files in their browser settings. However, should be noted that disabling required or functional Cookies may lead to limitation of Site functionality.

6.4

Site may use third-party analytics services (for example, Google Analytics), which may also set their Cookies. These services have their own Privacy Policies, which Owner recommends User to familiarize with.

6.5

In addition, the Website uses the following analytics services: Microsoft Clarity, PostHog, GeoIP, and a proprietary analytics system. Each of these services may set its own cookies and collect data about the User's behavior on the Website. Information about cookie categories and management options is available in the Website's cookie banner and in the separate Cookie Policy.

7.1

User, as personal data subject, has all rights provided by Article 8 of Law of Ukraine "On Personal Data Protection".

7.2

User has right to:

1. To know the sources of collection, the location of their personal data, the purpose of processing, and the location or place of residence (stay) of the Controller;
2. Receive information about conditions for providing access to personal data, in particular information about third parties to whom their personal data transferred;
3. Access to their personal data;
4. To receive, no later than thirty calendar days from the date of receipt of the request, a response as to whether their personal data is being processed, as well as the content of such personal data;
5. Present motivated requirement to Owner with objection to processing of their personal data;
6. To submit a reasoned request for the modification or destruction of their personal data if such data is being processed unlawfully or is inaccurate;
7. To the protection of their personal data against unlawful processing and accidental loss, destruction, or damage;
8. Appeal with complaints about processing of their personal data to Commissioner of Verkhovna Rada of Ukraine for Human Rights or to court;
9. Apply legal remedies in case of violation of legislation on personal data protection;
10. Make reservations regarding limitation of right to process their personal data when giving consent;
11. Withdraw consent to personal data processing at any time by written appeal to Owner.

7.3

To exercise their rights, User can contact Owner with written request to email or postal address specified in Section 9 of this Policy. Owner undertakes to consider User's request and provide response no later than 30 (thirty) calendar days from date of receipt of request.

8.1

Owner takes all necessary organizational, technical and legal measures to ensure protection of User's personal data from unlawful or accidental access, destruction, distortion, blocking, copying, distribution, as well as from other unlawful actions of third parties.

8.2

Personal data protection measures include:

• Appointment of responsible persons for organization of processing and protection of personal data;
• Development and implementation of internal regulatory documents on processing and protection of personal data;
• Application of organizational and technical information protection means (encryption, passwords, access restriction);
• Use of secure HTTPS protocol for data transmission through Site;
• Regular backup and protection from data loss;
• To oversight of compliance with personal data protection legislation by the Controller's employees and third parties;
• Registration and accounting of all actions with personal data;
• Assessment of effectiveness of personal data protection measures and their regular update.

8.3

Owner undertakes to immediately inform User about any incidents related to unauthorized access or disclosure of personal data, as well as take all possible measures to eliminate consequences of such incidents.

8.4

User also responsible for maintaining confidentiality of their account data (login, password) and undertakes not to disclose them to third parties. In case of detection of facts of unauthorized access to account, User undertakes to immediately inform Owner about this.

9.1

In the event of any questions regarding personal data processing, the exercise of rights, or complaints about the Controller's actions, the User may contact the Controller at the following:

10.1

This Policy takes effect from moment of its publication on Site and valid indefinitely until replacement with new version.

10.2

The Controller reserves the right to amend this Policy. In the event of material changes, the Controller undertakes to notify Users no fewer than 14 (fourteen) calendar days before the new version takes effect by posting a notice on the Website and/or sending a notification to the User's email address.

10.3

All issues not regulated by this Policy subject to resolution in accordance with current legislation of Ukraine, in particular Law of Ukraine "On Personal Data Protection", Law of Ukraine "On Information", Civil Code of Ukraine.

10.4

Current version of Policy always available at page: https://mm-medic.com/privacy.

10.5

After receiving notice of the changes, the User has the right to withdraw their consent to personal data processing by submitting a written request to the Controller. If the User continues to use the Website after the new version of the Policy takes effect and does not withdraw their consent, they are deemed to have accepted the new version.