For KOLOSOFT LLC., the security of your personal data is of paramount importance.

In this regard, the Privacy Policy is developed to provide you with up-to-date information on what we (“Kolosoft” or “we” , “us”,“our”,) do with your personal data. We are committed to handling the personal data of our clients and website visitors (“you” or “users”) in a transparent and lawful manner and to protecting the confidentiality and security of the information provided to us.

This Privacy Policy is prepared in accordance with the Law of the Republic of Ukraine No. 2297-VI “On Personal Data Protection” as of June 1, 2010 (“PDP Law”).

This Privacy Policy governs the processing of personal data in your interactions with us when you use our website available at https://kolosoft.com/ (“Website”). By “Personal Data”, we refer to data that relates to you as an identified or identifiable natural person. The term “Personal Data” may include, for example, your name, your postal address, your telephone number, your e-mail address. Anonymous or de-identified information, which we are not able to identify you, does not qualify as “Personal Data”. Data protection laws also do not apply to information about legal entities (for example, limited liability companies).

By using the Website or submitting personal data to us, you acknowledge that you have reviewed this Policy.

In this Privacy Policy, we have endeavored to answer the following questions as fully as possible in order to disclose all information about the processing of your personal data:

• 1. About us
• 2. How we collect your personal data?
• 3. What personal data do we process, for what purposes, and on what legal basis?
• 4. Retention of personal data
• 5. Do we share your personal data with third parties?
• 6. International Transfers
• 7. Cookies policy
• 8. Your privacy rights
• 9. Security measures
• 10. Are our Website designed for children?
• 11. Changes to the Privacy Policy
• 12. Links to other websites
• 13. Contact Us & Complaints

1. About us

KOLOSOFT LLC, a company duly incorporated and registered under the laws of the Republic of Ukraine, EDRPOU code 45976374, whose registered office is at 12 Mykoly Sadovskoho St., Apt. 71, Kyiv, 04073, Ukraine is the owner of personal data processed through the Website and acts as the data controller of such personal data. We determine the purposes for which and the means by which your personal data is processed.

If you have any questions regarding would like to exercise your data protection related rights you can submit your request to our e-mail: contact@kolosoft.com.

2. How we collect your personal data?

We collect, use and disclose personal data only for the purposes stated in this Privacy Policy and in accordance with the PDP Law. We do not use personal data for any other purposes unless you have provided consent or such use is permitted or required by law.

We collect personal data in the following ways:

a. when you provide us with personal data

We collect personal data that you voluntarily submit through the contact form on our Website (“Contact Us”) or when you contact us directly by email. This may include your name, email address, and any information you include in your message or correspondence.

b. when data is collected automatically

When you visit our website, we may automatically collect:

• – Technical data: IP address, browser type and version, operating system, device identifiers;
• – Cookie data: as described in Section 7 (Cookie Policy) below.

We also do not receive personal data about you from third parties. We also do not collect sensitive personal data through our Website.

3. What personal data do we process, for what purposes, and on what legal basis?

We process your personal data only when it is necessary to achieve the purpose of the personal data processing and only to the extent necessary to achieve the purpose of the processing. Furthermore, we keep your personal data for a limited period of time and once the processing period has expired, we delete all existing copies of your personal data.

Below we have provided you with a full description of the data processing purposes of the users of the Website, what personal data we process, legal basis of data processing.

• To give you feedback on a directed request

If you have any questions or difficulties using our Website, or if you need any other help or support from us, you can write to us via the contact form “Contact Us” on the Website or email. If you do so, we will process your personal data to respond to your request.

We do not use personal data submitted through the contact form for marketing communications, newsletters, promotional email campaigns.

Processed Personal Data

• • Contact Data (full name, e-mail address, company name / name of your organization (optional));
• • Other personal data that you provide us in the correspondence;

Legal basis for the processing

1. Legitimate interest:

• • your interest in receiving a response to your inquiry;
• • our interest in communicating with users, providing requested services.

and/or

2. Necessity to take actions related to the conclusion and performance of a transaction or other legal relationship initiated by the data subject.

• Website operation and security

Processed Personal Data

• Limited technical data and strictly necessary cookies to ensure the functioning, administration, stability, and security of the Website, including protection against misuse or unauthorized access.

Legal basis for the processing

• Legitimate interest in ensuring the secure and proper operation of the Website and protecting it against technical failures, abuse, and security threats.

Other processing

In some cases, we will process your personal data to ensure compliance with legal requirements, including responding to subpoenas or government inquiries. This may involve protecting the rights, privacy, safety, and property of individuals, investigating or defending legal claims, and auditing our internal processes to ensure compliance with legal, contractual, and policy standards. We also will process your personal data to take necessary actions to prevent, detect, investigate, and prevent fraudulent, harmful, unauthorized, unethical, or illegal activities, including cyberattacks and identity theft.

Our Website does not use technical or usage data for analytics, profiling, or behavioral tracking. Limited technical data such as IP address and browser metadata may be processed transiently by hosting, security, and delivery infrastructure strictly for security, troubleshooting, and service delivery purposes.

4. Retention of personal data

We retain personal data only for as long as is necessary to achieve the specific and lawful purposes for which such data was collected and processed. Personal data is retained in a form permitting identification of the relevant individual for no longer than is necessary for those purposes. In determining the appropriate retention period, we take into account the nature of the personal data, the purpose of processing, the need to maintain business correspondence and related records, applicable legal requirements, and the necessity to establish, exercise, or defend legal claims.

As a general rule, personal data submitted through the contact form, together with related correspondence, is retained for up to 12 (twelve) months after the last substantive communication with the relevant individual. Limited technical data, including server logs and security-related records processed for the operation, administration, and protection of the Website, is retained only for the period reasonably necessary for those purposes and ordinarily for no longer than 6 (six) months, unless a longer period is required to investigate incidents, respond to legal or regulatory requests, or protect our rights and legitimate interests.

Where retention is required or permitted by applicable law, or where personal data is necessary in connection with actual or prospective legal claims, regulatory inquiries, or compliance obligations, we may retain such data for a longer period, but only to the extent and for the duration necessary for the relevant purpose.

Upon expiry of the applicable retention period, or once the relevant processing purpose has been achieved and no further lawful basis for retention exists, personal data will be deleted or destroyed in accordance with applicable laws and our internal retention and security procedures. Backup copies containing personal data may remain for a limited additional period until they are securely overwritten or deleted in the ordinary backup cycle.

5. Do we share your personal data with third parties?

In certain cases, we may share your personal data with third parties. We do this only in the situations described in this Privacy Policy. In any case, we strive to transfer your personal data in a secure manner and, if required by applicable law, based on an agreement between us and each recipient. We will make all reasonable efforts to ensure that each recipient understands the principles of the data protection directive and complies with them in accordance with the law and/or the specific agreement.

We share your personal data to third-party as follows:

(i) To third parties as required by law

We may share your personal data in cases where we are required to do so by law, by court order, or in other situations where we have reasonable grounds to believe that the transfer of your personal data is necessary to initiate legal proceedings in the event of a violation of the Terms or any applicable laws. We may also share your personal data if we have reasonable grounds to believe that it is necessary to prevent fraud or other activities that are contrary to applicable law.

(ii) disclosure to service providers

We always strive to maintain the proper functioning of our Website and to ensure that your enquiries can be processed efficiently. In some cases, to achieve processing goals, we collaborate with partners who assist us in various aspects of our services, thereby enhancing their quality.

In each case, we carefully select partners to collaborate with and ensure that such companies implement adequate legal, organizational, and technical measures to protect personal data from unauthorized access. We transfer your personal data to the following categories of recipients:

• IT service providers and cloud hosting platforms (e.g., website hosting, email services)

We are diligent in safeguarding your personal data and only use trusted partners to store your personal data. Although hosting providers may have access to the personal data we store, we enter into personal data processing agreements with them that require them to treat it in accordance with relevant privacy laws and regulations.

6. International Transfers

Where personal data is transferred to recipients outside Ukraine, we will ensure that such transfer is carried out in accordance with applicable law and only where an appropriate level of personal data protection is ensured or another lawful basis for the transfer applies.

When transferring personal data outside Ukraine, we may implement appropriate safeguards and measures, including:

• • verifying, prior to the transfer, whether the recipient is subject to an appropriate data protection framework or otherwise capable of ensuring an adequate level of personal data protection;
• • entering into binding contractual arrangements (including data processing agreements) requiring the recipient to process personal data only for specified purposes, maintain its confidentiality, implement appropriate technical and organisational security measures, and not disclose the data to unauthorized persons;
• • limiting the scope of transferred personal data to what is necessary for the relevant purpose;
• • ensuring that access to transferred personal data is granted only on a need-to-know basis;
• • requiring service providers to implement appropriate security measures designed to protect personal data against unauthorized access, accidental loss, destruction, alteration, or unlawful processing;
• • requiring the recipient to notify us, where appropriate, of actual or suspected personal data breaches affecting the transferred personal data.

Where we engage service providers located outside Ukraine, we will require them to process personal data only within the scope of the relevant services and in accordance with our instructions, applicable confidentiality obligations, and appropriate data protection requirements.

7. Cookies policy

Cookies are small text files stored on your device when you visit a website. For the purposes of this Policy, “cookies” shall mean text files stored in the web browser of a user's device (e.g., computer, mobile phone, etc.) when visiting websites in order to record and/or remember the user's actions.

We use only strictly necessary cookies on the Website to ensure its proper operation, enhance functionality, remember user preferences, and maintain the security and performance of the Website. The Website does not use cookies or similar technologies for the purpose of tracking behaviour, analysing usage patterns, or personalising content. We do not deploy analytics cookies, advertising cookies, or any other form of tracking technologies on the Website. We also do not use technologies such as web beacons, pixel tags, device fingerprinting, or software development kits (SDKs) that may collect personal data or monitor your interactions with the Website.

Types of Cookies We Use

Strictly Necessary cookies are essential to ensure the proper and full functionality of the Website and are processed regardless of whether you provide consent. Without these cookies, the Website cannot function correctly.

Managing Cookies

• Cookie Customization

You can manage cookie processing in the following ways:

You may customize your cookie preferences either through the cookie banner displayed upon your first visit to the Website or at any time by accessing the cookie settings at the bottom of the Website by clicking the “Cookies Settings” button.

• Cookie Deletion

If you want to delete cookies stored on your device, you should adjust your browser advanced settings to delete your browsing history (ensuring you include advanced settings). Please note that this may remove saved preferences, login credentials, and other personalized settings across different websites (not only the Website of Taugo).

• Cookie Blocking

Most browsers allow users to block cookies processing entirely (i.e. through all websites, not only the Website). Please note that disabling all cookies, including Strictly Necessary, may impair the functionality of the Website. Refer to your browser’s help section for instructions on how to block cookies.

• • Google Chrome
• • Internet Explorer
• • Mozilla Firefox
• • Safari (Desktop)
• • Safari (Mobile)
• • Opera
• • Opera Mobile

8. Your privacy rights

Under the PDP Law, you have certain rights in relation to your personal data. These rights allow you to access, correct, and manage the use of your personal data that is in our possession or under our control.

You may exercise your rights by submitting a written request to us using the contact details provided in this Privacy Policy. As a data subject, you have the following rights under the PDP Law:

• 1. Right to be informed — to know the sources of collection of your personal data, the purpose of processing, where your personal data is located, and who the owner or processor of the personal data is (Article 8(2)(1));
• 2. Right to know about access and disclosures — to receive information about the conditions of access to your personal data, including information about third parties to whom your personal data is transferred (Article 8(2)(2));
• 3. Right of access — to access your personal data (Article 8(2)(3));
• 4. Right to confirmation and content of processing — to receive, within the time period established by law, confirmation as to whether your personal data is being processed and to obtain the content of such personal data (Article 8(2)(4));
• 5. Right to object — to submit a reasoned request objecting to the processing of your personal data (Article 8(2)(5));
• 6. Right to rectification, blocking, or destruction — to request the rectification, blocking, or destruction of your personal data if such data is processed unlawfully or is inaccurate (Article 8(2)(6));
• 7. Right to protection — to protect your personal data against unlawful processing and against accidental loss, destruction, damage, or inaccurate disclosure (Article 8(2)(7));
• 8. Right to complain — to lodge a complaint with the Ukrainian Parliament Commissioner for Human Rights or with a court (Article 8(2)(8));
• 9. Right to legal remedies — to use legal remedies in the event of a violation of personal data protection legislation (Article 8(2)(9));
• 10. Right to set conditions when giving consent — to make reservations regarding restrictions on the processing of your personal data when giving consent (Article 8(2)(10)) and right to withdraw consent — to withdraw your consent to the processing of personal data (Article 8(2)(11));
• 11. Right to know about automated processing — to know the mechanism of automatic processing of your personal data (Article 8(2)(12));
• 12. Right not to be subject to certain automated decisions — to be protected against an automated decision that has legal consequences for you (Article 8(2)(13)).

To exercise any of these rights, you may contact us using the contact details provided in this Privacy Policy (via e-mail address or at our legal address). We may request information reasonably necessary to verify your identity before responding to your request. We will review and respond to your request within the time limits established by applicable legislation of Ukraine. We do not carry out solely automated decision-making that has legal consequences for you.

Please note we may deny a request under certain circumstances, in particular if we are unable to verify your identity or locate your information on our systems. If we are unable to fulfill all or part of your request, we will explain our reasons for denying the request.

We will review your request as soon as reasonably possible and in accordance with the time limits established by applicable legislation of Ukraine. In particular, where your request concerns access to your personal data, you will receive a response no later than within thirty (30) calendar days from the date of receipt of the request, unless otherwise provided by law. Where your request constitutes a reasoned objection to the processing of your personal data, or a reasoned request for the rectification, blocking, or destruction of your personal data, we will consider such request within ten (10) days of its receipt and inform you of the outcome in accordance with applicable legislation of Ukraine.

9. Security measures

We implement reasonable and appropriate administrative, technical, and physical safeguards to protect personal data in our possession or under our control, in accordance with the PDP Law.

These safeguards include:

• • restricting access to authorised personnel on a need-to-know basis;
• • using secure hosting environments and industry-standard security practices provided by our service providers;
• • applying appropriate measures to protect personal data during transmission and storage; and
• • maintaining internal policies and procedures to prevent unauthorised access, disclosure, modification, or loss.

Where personal data is processed by third-party service providers, we require them to implement security protections that are comparable to the requirements of the PDP Law. We periodically review our security arrangements to ensure they remain effective and appropriate.

10. Are our Website designed for children?

The Website is not intended for children, and we do not knowingly collect personal data from children through the Website or the contact form. If we become aware that personal data relating to a child has been submitted to us without appropriate legal grounds, we will take reasonable steps to delete or otherwise cease processing such data in accordance with applicable legislation of Ukraine.

If you believe that a child has provided us with personal data through the Website, please contact us using the contact details provided in this Privacy Policy.

11. Changes to the Privacy Policy

This Privacy Policy may be changed from time to time due to the implementation of new technologies, laws’ requirements or for other purposes. Your continued use of the Website after the effective date of the updated Privacy Policy will be subject to the new Privacy Policy. If we make any major changes to our Privacy Policy and will need your explicit consent for further processing of your personal data, we will request your consent or your renewed consent (in case it was obtained previously).

12. Links to other websites

Our Website does not currently contain links to external websites or online services. If links to third-party websites are added in the future, please note that such websites are not operated or controlled by us. We are not responsible for the content, privacy practices, or policies of any third-party websites. We recommend reviewing the privacy terms of any external website you may visit.

13. Contact Us & Complaints

For any questions, concerns, or requests relating to this Privacy Policy or our data protection practices, please contact us:

• 1. by e-mail: contact@kolosoft.com
• 2. by post: 12 Mykoly Sadovskoho St., Apt. 71, Kyiv, 04073, Ukraine.

Complaints to the Supervisory Authority

If you believe that your rights in relation to the processing of your personal data have been violated, you have the right to lodge a complaint with the Ukrainian Parliament Commissioner for Human Rights, which is the competent supervisory authority in the field of personal data protection in Ukraine, and/or to apply to a court in accordance with applicable legislation of Ukraine. The right to lodge a complaint with the Commissioner or with a court is expressly provided by the PDP Law.

Contact details of the Ukrainian Parliament Commissioner for Human Rights:

• – Address: 21/8 Instytutska Street, Kyiv, 01008, Ukraine
• – Hotline: 0 800 50 17 20
• – Phone: +38 (044) 299 74 08
• – Email for electronic appeals and lawyers’ requests: hotline@ombudsman.gov.ua
• – Email for access to information requests: zapyt@ombudsman.gov.ua

Current contact details and complaint channels are published on the official website of the Commissioner. Before contacting the supervisory authority, you may also contact us using the contact details provided in this Privacy Policy. However, contacting us first is not a prerequisite for filing a complaint with the competent authority.