1.1. MASADA.COM.UA – a page located on the Internet under the domain name: https://masada.com.ua (hereinafter referred to as the “website”).

1.2. Data administrator – LIMITED LIABILITY COMPANY “MASADA”, EDRPOU code 45714126, address: Ukraine, 01024, Kyiv city, Lyuteranska st., building 16, apartment 8. E-mail address for correspondence: support@masada.com.ua.

1.3. The Contractor – LIMITED LIABILITY COMPANY “MASADA”, EDRPOU code 45714126, address: Ukraine, 01024, Kyiv, Lyuteranska St., 16, apartment 8, hereinafter referred to as the “Contractor”, which places information about services on the website and, under the terms of the Public Offer Agreement with the Data Subject (Customer), undertakes to provide services.

1.4. Personal data – information about a natural person who is already identified or can be identified by one or more specific factors determining the physical, physiological, genetic, psychological, economic, cultural or social identity, including images, voice recordings, contact data, location data, information included in correspondence, information collected using recording technology or other similar technology.

1.5. Policy – this Privacy Policy.

1.6. General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).

1.7. Data subject – any capable individual, individual entrepreneur or legal entity, resident/non–resident of Ukraine, who is a User and to whom personal data processed by the Administrator applies.

1.8. User – any capable individual, individual entrepreneur or legal entity, resident/non– resident of Ukraine, who has accepted the terms of the Public Offer Agreement with the Data Subject (Customer), as well as an individual who is an employee, partner, person within the meaning of the concept of a legal entity or organization without the status of a legal entity, who interacts with the website and to whom the data processed by the Data Administrator relates.

2.1. The Data Administrator, in connection with conducting business activities, collects and processes Personal Data in accordance with relevant legal regulations, in particular the GDPR, and the data processing rules specified in this Policy.

2.2. Data Administrator:

2.2.1. ensures the visibility of data processing;

2.2.2. always informs about the processing of data at the time of their collection, in particular about the purpose and legal grounds for the processing of personal data, unless he is obliged to do so in accordance with separate regulatory acts;

2.2.3. ensures that data is collected only to the extent necessary for a specific purpose and processed only for the necessary period.

2.3. During data processing, the Data Controller shall ensure their security and confidentiality, as well as the access of data subjects to information about the processing. If, despite the application of security measures, a personal data breach occurs (e.g. a “data leak” or loss) and such breach is likely to result in a high risk of a violation of the law or the freedoms of data subjects, the Data Controller shall notify data subjects of the incident in accordance with legal regulations.

3.1. You can contact the Data Administrator at the e-mail address: support@masada.com.ua or the correspondence address: 01024, Kyiv, Lyuteranska St., 16, apartment 8.

3.2. The data controller is not obliged to appoint a data protection officer. The data controller has conducted an analysis of this issue.

4.1. In order to ensure the integrity and confidentiality of data, the Data Controller has implemented procedures that allow access to personal data only to authorized persons and only to the extent that is essential in relation to the tasks they perform. The Data Controller applies organizational and technical solutions to ensure that all operations with personal data are registered and performed by authorized persons.

4.2. The Data Administrator shall take all necessary measures to ensure that its subcontractors and other cooperating entities also ensure the implementation of appropriate security measures in all circumstances of processing personal data on behalf of the Data Administrator.

4.3. The Data Administrator conducts an up-to-date risk analysis and monitors the adequacy of the applied data protection to identify threats. If necessary, the Data Administrator applies additional measures to increase data security.

5.1. Personal data of customers is processed in the following cases:

5.1.1. Registration of Users and registration of an account on the website. Purpose: creation of an individual account and its management. Legal basis: processing is necessary to provide the Account services (Article 6 paragraph 1 letter b GDPR).
5.1.2. Filling in the fields of the feedback form window on the website by the User. Purpose: conclusion of a service contract. Legal basis: processing is necessary for the conclusion of a service contract or in order to take steps at the request of the data subject prior to concluding a contract (Article 6(1)(b) GDPR).
5.1.3. Subscription by the User to the blog (newsletter) on the website. Purpose: information about services and offers. Legal basis: consent of the data subject to the performance of the contract for the provision of the newsletter (blog) service (Article 6 paragraph 1 letter a GDPR).

5.2. Personal data of data subjects are also processed in the following cases:

5.2.1. Electronic and regular postal correspondence. In the event of sending requests to the Data Administrator by electronic or regular mail related to ordering services under the Public Offer Agreement or other agreement concluded with it, the personal data included in this correspondence are processed only for communication and resolution of the issue related to the correspondence. The legal basis for the processing is the legitimate interest of the Data Controller (Article 6, Paragraph 1, Letter f GDPR), based on correspondence sent to him in connection with his economic activity. The Data Controller processes Personal Data relevant to the matter in question, which concerns correspondence. All correspondence is stored in a manner that ensures the security of the personal data (and other information) contained therein and is disclosed only to authorized persons.
5.2.2. Social media portal profiles. The data controller has public profiles on social media portals, e.g. Instagram, Facebook. Thanks to this, the Data Administrator processes data left by users visiting these profiles (including comments, likes, online identifiers). The personal data of these users are processed:
– to allow them to be active on these profiles;
– for the effective operation of profiles, by presenting information portals to users about initiatives and other activities of the Data Administrator and for the promotion of various events, services and products;
– for statistical and analytical purposes;
– to promote our own brand and improve the quality of services provided. The legal basis for the processing of Personal Data is the legitimate interest of the Data Controller (Article 6, paragraph 1, letter f GDPR). ATTENTION: the above information does not apply to the processing of personal data by Administrators of social media portals (e.g., Instagram, Facebook).
5.2.3. Processing of personal data of employees of Data Subjects. When concluding contracts in the course of conducting business activities, the Data Administrator may obtain from Data Subjects, Users involved in the performance of contracts (e.g. persons authorized to contact, persons fulfilling orders, etc.). The scope of the transferred data is in any case limited to what is necessary for the performance of the contract and usually does not include any information other than the name, surname and official contact details. Such personal data are processed for the purposes of the legitimate interests pursued by the Data Controller and its contractors (Article 6(1)(f) GDPR) in the proper and effective performance of the contract. Such data may be disclosed to third parties involved in the performance of the contract. The data is processed for the period necessary to realize the above-mentioned interests and fulfil legal obligations.
5.2.4. Collection of data in the context of business contacts. In connection with the conduct of economic activities, the Data Controller also collects personal data in other cases – for example, during business meetings or by exchanging business cards – to initiate and maintain business contacts. The legal basis for data processing in this regard is the legitimate interest of the Data Controller (Article 6, Paragraph 1, Letter f GDPR), based on the creation of a network of contacts for the conduct of economic activities. Personal data collected under these circumstances are processed only for the purpose for which they were collected – the Data Controller guarantees their appropriate protection.
5.2.5. Issuing invoices or delivery notes for the performance of a contract. For this purpose, personal data are processed only to the extent necessary for the issuance of invoices. The legal basis for the processing is their obligation to perform the contract (Article 6(1)(b) GDPR).
5.2.6. Fulfilment of claims for the performance of a contract. For this purpose, personal data are processed only to the extent necessary to defend claims. The legal basis for the processing is its necessity for the implementation of the legitimate interests of the Data Controller (Article 6, Paragraph 1, Letter f GDPR).

6.1. In connection with conducting economic activities that require the processing of personal data, personal data may be disclosed to external parties, including, in particular, IT and technical support service providers, entities providing accounting services, marketing agencies, notaries, lawyers, and law firms. GOVERNMENT BODIES

6.2. The Data Administrator reserves the right to disclose or provide the provided information about the Data Subject, the User to competent state authorities or third parties requesting such data only on the basis of proper legal grounds and in accordance with applicable legal provisions.

6.3. Personal data will also be provided to competent state authorities, in particular courts, law enforcement agencies, consumer protection authorities and other persons who request such data from the Data Administrator.

7.1. The level of protection of personal data outside the European Economic Area (“EEA”) differs from that guaranteed by European law. For this reason, the Data Controller transfers Personal Data to third parties within the EEA only if necessary and with an adequate level of protection.

8.1. When you use the Website, it automatically collects data about the User using small files called cookies. These files are stored by the Data Administrator on the terminal device of the User visiting the Website, if the User’s web browser has such a function. A cookie usually contains the domain name from which it comes, its “expiration date” and a separate randomly selected number identifying this file. The information collected using files of this type helps the Data Administrator to adapt the products it offers to the individual preferences and actual needs of the Website visitors. They also provide the opportunity to develop general statistics on visits to the Website. This data may also be collected by the Google Analytics system, an Internet analytics system that provides an overview of the Website’s data traffic and demographic data of the Users visiting the Website, which are used for marketing activities. A person visiting the website who does not agree to the operation of the Google Analytics system must block cookies in the relevant cookie notice or in their own web browser.

8.2. The Data Controller uses two types of cookies:
– Session cookie – the recorded information is deleted from the device’s memory after the end of a specific web browser session or after the computer is turned off.
– Persistent cookies – remain in the memory of the end device until they are manually deleted by the browser user or until they expire.

8.3. Cookies are used to: authenticate the User on the website and provide him with a User session on the website (after logging into the User’s account), as well as for analysis and creation of anonymous statistics.

8.4. The person visiting the website may disable the cookie mechanism in their browser in accordance with the instructions provided by the browser developer. However, the Data Controller warns that blocking or deleting cookies may cause difficulties in using the website and in some cases prevent the use of some of its features.

8.5. The Data Administrator may collect IP addresses of users visiting the Website. An IP address is a number assigned by the Internet Service Provider to the computer of the Website visitor. The IP address is used by the Data Administrator to diagnose technical problems with the server, to create statistical analyses, as well as for security reasons and to potentially identify unwanted automated programs that are intensively working with the server to browse the Website.

9.1. Data Collector provides a secure and encrypted connection when sending personal data and when logging into the User’s account on the website.

9.2. In the event that a User who has an account on the Website has lost their account password, the Website offers the opportunity to create a new password. The password is stored in encrypted form in such a way that it cannot be read by unauthorized persons.

9.3. The Data Administrator does not send e-mails requesting login details, including the password to access the User’s account.

10.1. The period of data processing by the Data Controller depends on the type of service provided and the purpose of the processing. The period of data processing may also be determined by legal provisions, where they are the basis for the processing. If the basis for the processing is the legitimate interest of the Data Controller – for example, for security reasons – the data are processed for the period that allows the realization of this interest, or until an effective objection to the processing is filed. If the data are processed on the basis of consent, the data are processed until the consent is revoked. If the basis for the processing is its binding nature for the conclusion and performance of a contract, the data are processed until the termination of the contract.

10.2. The data processing period may be extended if the processing is necessary for the establishment, exercise or defence of legal claims; after this period – in cases provided for by law. After this processing period, the data shall be irrevocably deleted or depersonalised.

Personal data subjects have the right to:
11.1. the right to obtain information about the processing of personal data – on this basis, the Data Administrator provides the requesting individual with information about the processing of data, mainly including information about the purposes and legal grounds for the processing, the volume of stored data, the subjects whose data are processed, the disclosure and the planned date of data deletion.

11.2. the right to obtain a copy of the data – on this basis, the Administrator provides a copy of the processed data concerning the person who submits such a request. The Data Administrator shall not comply with this request if this may violate the obligations related to professional secrecy.

11.3. right to rectification – The Data Controller is obliged to eliminate any inconsistencies or errors in the personal data being processed and to complete them if they are incomplete.

11.4. right to erasure – on this basis you can request the deletion (erasure) of your data, the processing of which is no longer necessary to achieve any of the purposes for which it was collected.

11.5. the right to restrict processing – in the event of such a request, the Data Administrator shall cease to carry out operations with personal data, except for operations agreed upon by the Data Subject, and their storage in accordance with the adopted storage rules or until the reasons for restricting data processing cease to exist (for example, a decision of the supervisory authority is issued allowing further data processing).

11.6. the right to transfer your personal information – on this basis – to the extent that the data are automatically processed in connection with a concluded contract or consent given – the Data Administrator issues the data provided by the Data Subject in a format that allows them to be read by a computer. It is also possible to demand the transfer of such data to another subject, however, provided that there are technical possibilities to this extent both on the part of the Administrator and on the part of the specified person.

11.7. the right to object to processing of data for marketing purposes – The data subject has the right to object at any time to processing of his or her personal data for marketing purposes; Objection within this scope does not require stating the reasons.

11.8. the right to object to other purposes of data processing – the data subject may at any time – on grounds relating to his or her particular situation – object to the processing of personal data based on the legitimate interest of the Administrator (for example, for analytical or statistical purposes or for the protection of assets); The objection to this extent must contain justification.

11.9. right to withdraw consent – if data is processed based on consent, the data subject has the right to withdraw it at any time, which, however, will not affect the lawfulness of the processing prior to the withdrawal of such consent

11.10. right to lodge a complaint – if you believe that our conduct in processing personal data violates the GDPR or any other applicable laws, you may complain to a data protection supervisory authority.

12.1. A request to exercise the rights of data subjects may be submitted: – in writing to the above address or to the above e-mail address (clause 3.1.).

12.2. If the Data Controller is unable to identify the person making the request based on the submission, it will request additional information from the applicant. Providing such data is not mandatory, however, failure to provide such data will result in the request being refused.

12.3. Such a request may be submitted in person or through a proxy (e.g. a family member). For data security reasons, the Data Administrator encourages the use of a notarized power of attorney or an authorized legal advisor or attorney, which will significantly speed up the verification of the authenticity of the request.

12.4. The response to the request shall be sent within one month from the date of receipt. If it is necessary to extend the period, the Data Controller shall inform the applicant of the reasons for this action.

12.5. If a request is sent to the Data Controller in electronic form, the response to it shall be provided in the same form, unless the requester has requested a response in a different form. In other cases, the response shall be provided in writing. If the deadline for the request makes it impossible to provide a response in writing, and the volume of the applicant’s data processed by the Controller allows for electronic contact, the response shall be provided in electronic form.

12.6 The data controller shall retain information on both the request and the person making it in order to ensure that compliance can be confirmed and to establish, defend or consider possible claims by data subjects. The database of requests shall be maintained in a manner that ensures the integrity and confidentiality of the data contained.

13.1. This Policy is regularly reviewed and amended as needed.

13.2. The current version of the Policy is effective from September 22nd 2025

If you have any questions about this Privacy Policy, our practices, or your interactions with the Site or Services, please contact us:
By e-mail at: support@masada.com.ua
By mail as follows:
MASADA, LLC
Lyuteranska st., 16, apartment 8,
Kyiv, Ukraine, 01024