1.1. This Privacy Policy (hereinafter – the Policy) describes the procedure and conditions for processing personal data of individuals who interact with the website of the PUBLIC ORGANIZATION «YOUTH CLIMATE INITIATIVE «ROZVIY» (hereinafter – the Organization) under the domain name rozviy.org (hereinafter – the Website), as well as through forms in external services to which the Website contains links.

1.2. The Policy has been developed in accordance with the legislation of Ukraine, in particular the Civil Code of Ukraine, the Law of Ukraine «On Personal Data Protection» the Law of Ukraine «On Information» the Law of Ukraine «On Public Associations»and other regulatory legal acts.

1.3. This Policy applies to all cases in which the Organization receives, stores, and otherwise processes personal data of:
‍
a) Website visitors;
b) persons who fill in contact and other forms;
c) participants of events, programs, and projects of the Organization;
d) applicants for and recipients of assistance;
e) partners, donors, representatives of public authorities, other organizations and institutions.

1.4. By using the Website or providing the Organization with their personal data, any individual (hereinafter – the Data Subject) confirms that they have familiarized themselves with this Policy, understood its content, and agree to its terms to the extent that processing is carried out on the basis of consent.

1.5. If the Data Subject does not agree with the provisions of the Policy, they must refrain from using the Website and from providing their personal data to the Organization, except in cases where processing is required by law.

2.1. The owner and controller of the personal data database within the meaning of the legislation of Ukraine is:

- PUBLIC ORGANIZATION «YOUTH CLIMATE INITIATIVE «ROZVIY»
- abbreviated name: PO «ROZVIY»
- EDRPOU code: 45455649
- legal address: Ukraine, 61166, Kharkiv Region, city of Kharkiv, Serpova Street, building 4
- email for general inquiries and data protection issues: contact@rozviy.org
- phone: +380956337011

2.2. Contact person for personal data protection issues:

- Bondarieva Valeriia Oleksandrivna
- email: contact@rozviy.org

2.3. Using these contacts, the Data Subject may:

a) ask questions regarding the processing of their personal data;
b) submit a request for access to, correction, or deletion of their data;
c) submit an objection or complaint regarding data processing.

3.1. The Organization may process the following categories of data depending on how the Data Subject interacts with the Website or with the Organization.

3.2. Data of contact persons and individuals who contact the Organization via the Website:

a) first and last name;
b) email address;
c) phone number;
d) city or region of residence, if specified in the form;
e) content of the inquiry, question, proposal, complaint, or other information provided.

3.3. Data of participants of events, programs, and projects

:a) first and last name;
b) email address;
c) phone number;
d) date of birth, if specified in the form or program;
e) place of work or study;
f) links to social media profiles, if provided by the Data Subject (for example, for participant selection);
g) city or other location data;
h) other information voluntarily provided by the Data Subject in questionnaires and selection forms, including motivation responses and previous participation experience.

3.4. Data of applicants for assistance and recipients of support (if relevant programs are implemented):

a) first and last name;
b) contact details (email address, phone number, other communication channels);
c) city, address, or other residence data;
d) information about the applicant’s needs as specified in the application;
e) copies or details of documents voluntarily provided by the Data Subject to confirm certain circumstances (e.g., certificates, status documents, or other files).

3.5. Data of partners, donors, and representatives of other organizations:

a) first and last name of the contact person;
b) position and name of the organization;
c) work contact details (email, phone number, other communication channels);
d) information regarding cooperation, projects, agreements, and communication resulting from joint activities.

3.6. Data contained in files uploaded or transmitted by the Data Subject:
‍
a) documents submitted for participation in projects or for receiving support;
b) other files voluntarily sent by the Data Subject to the Organization as part of cooperation or project participation.

3.7. Photo and video materials:
‍
a) images and videos from Organization events in which the Data Subject participates;
b) other media materials if the Data Subject gives consent (e.g., submits their own photos for publication or use in informational materials).

3.8. Technical and functional data:
‍
The Organization does not use special analytical tools to track behavior on the Website and does not install marketing or analytical cookies. At the same time, the hosting provider and the Webflow platform may technically process basic technical data to ensure Website operation, such as:
‍
a) date and time of visit;
b) browser type and operating system;
c) technical connection parameters;
d) page addresses requested by the browser.
‍
Such data are generally processed in anonymized or aggregated form and are not used by the Organization to create visitor behavior profiles.

4.1. The primary source of personal data is the Data Subject who provides it:
‍
a) through forms on the Website;
b) through external forms (e.g., Google Forms) linked from the Website;
c) via email;
d) via messengers and social media of the Organization.

4.2. The Organization may also receive contact data from partner organizations within joint projects, provided that such transfer is lawful and the Data Subject has been properly informed.

4.3. The Organization does not carry out hidden collection of personal data, does not purchase databases, and does not receive personal data from third parties without legal grounds.

5.1. The Organization processes personal data solely for the purpose of carrying out its statutory activities and ensuring proper functioning of the Website, in particular for:
‍
a) communication with Data Subjects (responding to inquiries, providing information, and follow-up communication);
b) organization and implementation of events, programs, and projects;
c) cooperation with partners and donors;
d) accounting for provided support and activities;e) informing about the Organization’s activities (news, announcements, informational materials with consent);
f) compliance with Ukrainian legislation (accounting, tax reporting, responses to official requests).

6.1. Personal data are processed on one or more of the following legal grounds:
‍
a) consent of the Data Subject;
b) necessity for concluding and performing agreements with the Data Subject;
c) fulfillment of a legal obligation of the Organization;
d) legitimate interests of the Organization.

6.2. If processing is based on consent, the Data Subject may withdraw consent at any time by sending a notice to contact@rozviy.org. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

7.1. The Organization stores personal data no longer than is necessary for the purposes for which such data were collected, taking into account the nature of cooperation with the Data Subject, internal project requirements, and legislative requirements.

7.2. At present, the Organization does not establish strictly fixed calendar retention periods for each category of data and is guided by the following principles:
‍
a) data from contact forms are stored until the review of the inquiry and related correspondence is completed, as well as for an additional reasonable period if necessary to protect the rights of the Organization;
b) data of participants of events, programs, and projects are stored throughout the entire period of implementation of the relevant activity and for the period necessary to prepare reports for donors, partners, and public authorities;
c) data of persons who received support are stored for a period that complies with legal requirements and project conditions;
d) contact data of partners and donors may be stored as long as business relations or potential for cooperation exist, as well as for a reasonable period after their termination;
e) certain documents may be stored longer if required by the legislation of Ukraine, for example accounting and tax documents.

7.3. After the storage of personal data is no longer necessary or if the Data Subject requests their deletion, provided that there are no other legal grounds for further storage, the Organization deletes or anonymizes such data.

8.1. Personal data may be stored and processed using the following means:
‍
a) cloud services Google Drive and Google Workspace;
b) Microsoft 365 services;
c) other cloud storage facilities and services of reliable providers that deliver services to the Organization;
d) hosting of the Webflow platform on which the Website is located.

8.2. The Organization may transfer personal data to third parties only in the following cases:
‍
a) service providers:
– cloud services and email service providers;
– email distribution services, such as Mailchimp or others, if they are used;
– other technical and organizational service providers that process data on behalf of the Organization;
‍
b) professional consultants:
– legal advisors;
– accounting and auditing companies that assist the Organization in complying with legal requirements;

c) donors, international and Ukrainian organizations, within the framework of fulfilling grant and project conditions;
‍
in such cases, only the data necessary for reporting or implementation of joint programs are transferred and, where possible, in anonymized form;

d) public authorities, in cases where the transfer of personal data is directly required by the legislation of Ukraine or by an official request of a competent authority that complies with legal requirements.

8.3. The Organization does not sell personal data and does not transfer them to third parties for independent marketing purposes.

8.4. Since some service providers may be located outside Ukraine or use servers in other countries, personal data may be transferred abroad. In such cases, the Organization seeks to select providers that apply appropriate data protection measures and have published privacy policies.

9.1. The Website may use only those cookies that are technically necessary for the proper functioning of the Website, for example to ensure page loading or to remember basic display settings.

9.2. The Organization does not use marketing or analytical cookies on the Website, does not set advertising trackers such as Meta Pixel, and does not use Google Tag Manager.

9.3. Information about the use of cookies may additionally be displayed in a short notice on the Website.

10.1. For organizing participation in events and programs, the Organization may collect extended questionnaires and additional data specified in Section 3 of this Policy.

10.2. The data may be used for:
‍
a) selection of participants;
b) organizational communication before and after the event;
c) preparation of certificates, confirmations, letters of appreciation;
d) formation of statistics regarding participation in events and the impact of programs in anonymized form;
e) preparation of reports for donors and partners.

10.3. Photo and video materials from events may be used to highlight the Organization’s activities on the Website and on social media. Where possible, the Organization seeks to separately inform participants about photo or video recording at the beginning of the event and to take into account the wishes of persons who do not wish to appear in public materials.

11.1. If the Organization implements support projects for individuals, data of such persons are processed exclusively for the purpose of:
‍
a) reviewing applications;
b) making a decision on granting or refusing assistance;
c) documentation and reporting;
d) protecting the rights of the Organization in the event of possible disputes.

11.2. The Organization seeks to minimize the amount of personal data requested in such cases, collecting only the information that is truly necessary to assess needs and comply with donor and legal requirements.

11.3. Data of this category may have increased sensitivity due to the life circumstances of applicants. The Organization undertakes to handle such information with maximum care and not to disclose it unnecessarily, except in cases expressly provided for by law or project conditions, subject to proper notification of the Data Subject.

12.1. The Data Subject has the rights provided for by the legislation of Ukraine, in particular:
‍
a) the right to know about the sources of collection of personal data, the location of their personal data, the purpose of their processing, and the name and location of the owner or controller of personal data;
b) the right to receive information about the conditions for granting access to personal data;
c) the right to access their personal data;
the Data Subject may contact the Organization with a request and obtain information about which personal data concerning them are being processed;
d) the right to require correction or updating of their personal data if they are inaccurate or outdated;
e) the right to require deletion of their personal data if they are processed without proper legal grounds or if the data are no longer needed for processing purposes, except in cases where storage is mandatory under the law;
f) the right to object to the processing of their personal data, taking into account the legitimate interests of the Organization and legal requirements;
g) the right to lodge a complaint with competent public authorities, in particular the Ukrainian Parliament Commissioner for Human Rights, and in cases related to anti-corruption aspects, with the National Agency on Corruption Prevention, as well as to apply to court.

12.2. To exercise their rights, the Data Subject may contact the Organization at contact@rozviy.org, specifying the substance of their request.

12.3. The Organization reviews requests from Data Subjects within a period of up to thirty calendar days from the date of receipt, unless a different period is established by law.

12.4. To prevent abuse, the Organization may request clarification of information that allows verification that the request is submitted by the person whose data are being processed, but will not require excessive information for additional identification.

13.1. The Website is intended primarily for adult users and persons who have reached at least fourteen years of age in accordance with the statutory provisions of the Organization regarding membership.

13.2. The Organization knowingly does not collect personal data of children under the age of fourteen without the consent of their legal representatives. If such information is accidentally obtained, the Organization will make reasonable efforts to delete it once the absence of proper consent becomes known.

13.3. Persons aged fourteen to eighteen must, before providing personal data, ensure that such transfer does not violate the requirements of the legislation of their country of residence and, if necessary, consult parents or guardians.

14.1. The Organization applies organizational and technical measures to protect personal data, including:
‍
a) use of a secure HTTPS connection on the Website, where provided by the hosting platform;
b) storage of data in cloud services that implement modern information security measures;
c) restriction of access to personal data for employees, members, and engaged specialists only to the extent necessary for performing their functions;
d) internal discussion and gradual implementation of procedures for secure handling of documents and access rights.

14.2. No method of data transmission over the Internet is completely secure; therefore, the Organization cannot guarantee absolute security of information but makes reasonable efforts to minimize risks.

15.1. The Organization has the right to periodically update this Policy taking into account changes in activities, legislation of Ukraine, data processing practices, or the implementation of new services.

15.2. The new version of the Policy enters into force from the moment it is published on the Website, unless otherwise stated in the text of the updated version.

15.3. It is recommended to review the Policy from time to time to become familiar with possible changes. Continued use of the Website after the Policy is updated means that the Data Subject has familiarized themselves with the updated text and agrees with it to the extent that processing is based on consent.

16.1. For all questions regarding this Policy or the processing of personal data, you may contact the Organization at:
‍
email: contact@rozviy.org
postal address: Ukraine, 61166, Kharkiv Region, city of Kharkiv, Serpova Street, building 4.

16.2. If the Data Subject believes that the Organization violates their rights in the field of personal data protection, they have the right to:
‍
a) first contact the Organization with a request to remedy the violation;
b) submit a complaint to the Ukrainian Parliament Commissioner for Human Rights or another competent authority;
c) apply to court in accordance with the procedure established by the legislation of Ukraine.