Data (Privacy) Protection Policy

Interdean Ukraine is committed to protecting and respecting your privacy.

This Data (Privacy) Protection Policy, together with our Terms and Conditions describes the types of personal data we collect, how we use that data, with whom we share it, how you can exercise your rights on your personal data and the choices you can make about our use of the personal data.  We also describe the measures we take to protect the security of the personal data and how you can contact us about our privacy practices.

Management

Personal data means any information relating to an identified or identifiable individual; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number (e.g. social security number) or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity (e.g. name and first name, date of birth, biometrics data, fingerprints etc). We will collect your personal data for our moving process. When we collect any personal data from you, we will notify you of the purposes for which your personal data may be collected, used, disclosed and/or processed, as well as obtain your consent for the collection, use, disclosure and/or processing of your personal data for the intended purposes, unless an exception under the law permits us to collect and process your personal data without your consent.

Choice and consent

The legal basis for processing your personal data is consent.  As such, we may ask you to sign a separate form of letter (“Personal Data Consent Letter”) to indicate your explicit consent to our processing of your personal data for the purposes set out in the Policy. However, please note that the absence of (i) such a request, or (ii) a Personal Data Consent Letter signed by you, is not intended to be conclusive of this issue and we shall be entitled to conclude that, by visiting us at any of our approved web sites; applications; or Portals, or using our other digital assets or agreeing to receive Services from us, you are accepting and consenting to the practices described in the Policy.  Notwithstanding this, you have the right to contact us to object to, or make certain requests in relation to, the processing of your personal data (as explained further in the Your Rights section of this policy).

According to Applicable Data Protection Laws, you may be entitled to know the identity of your “Data Controller” i.e. the legal entity which determines why and how your personal data is processed.  This will generally be the case when are you located within the European Economic Area.

Your relevant Data Controller may vary, depending on how you are receiving services from us. For example:

  1. Corporate Clients: If you are being relocated as part of your employment, your relevant Data Controller may be your relevant employer who has engaged us to provide services to you. In such case, this Policy may not apply to you and please refer, instead, to your employer’s privacy policy or employee handbook for further information as to how your personal data may be handled.  Even if this Policy does not directly apply to you, Interdean Ukraine, as a “Data Processor” within the meaning of Applicable Data Protection Laws, will process the personal data under the Data Controller’s sole instructions, and will take all steps necessary to preserve the security and confidentiality of the personal data, and prevent their alteration, damage, or access by unauthorized persons.
  2. Direct Consumers / Individuals: If you are engaging Interdean Ukraine directly to provide services for you, then your relevant Data Controller is the particular entity which is providing those services to you, and this will typically be Interdean Ukraine of 34 Gnata Hotkevycha Str., Kyiv, Ukraine.
  3. Referred / Partners: If you normally deal with one of our business partners, but have been referred to us to receive specific services at the bequest of that business partner, then that business partner may be your relevant Data Controller. In such case, this Policy may not apply to you and please refer, instead, to that business partner’s privacy policy. Even if this Policy does not directly apply to you, Interdean Ukraine, as a Data Processor, will process the personal data under the Data Controller’s sole instructions, and will take all steps necessary to preserve the security and the confidentiality of the personal data, and prevent their alteration, damage, or access by unauthorised persons.

Information we collect from you

We may collect personal information (including personally identifiable data and, special category personal data for visa applications (where required to be provided under law) within the meaning of Applicable Data Protection Law) about you and/or your family (“Your Data”) in the following ways:

  • Information you give us. This is information that you and/or your family give us by filling in forms on our websites or other digital assets or by corresponding with us by phone, e-mail or otherwise. This includes when you use our websites or other digital assets or inquire about, or use, any of our immigration, moving, relocation and/or assignment services (the “Services”).  The personal data may include without limitation your and /or your family’s name, address, e-mail address, phone number or other contact details, marital status, age, occupation, role/title/area of responsibilities, financial and credit card information, personal description and photograph and other information (including as required by laws and regulations addressing insurance and related matters or as required to provide the Services).  Special category personal data may include, for example, data about criminal convictions, physical health and medical records, sexual orientation, racial or ethnic origin and religious beliefs for visa applications (where required to be provided under law).

    Of course, you are not required to supply any of the personal data that we may request, notably special category personal data, although this might limit the Services we are able to offer you.  While we make every effort to ensure that Your Data is accurate, complete and up to date, you can help us considerably in this by promptly notifying us if there are any changes to Your Data.

  • Information we collect about you. We, our service providers and other business partners collect certain information by using automated means, such as cookies, when you interact with our advertisements, mobile applications, or visit our websites, pages or other digital assets. This information may include your IP address, browser type, operating system, the full URLs, referring URLs and information on actions taken or interaction with our digital assets.

    We may use third-party web analytics services on our websites and other digital assets, to help us analyse how visitors use our websites and other digital assets.

    We, our service providers and our business partners may also collect information about your activities on our websites and other digital assets for use in providing you with content and advertising tailored to your individual interests.  The information collected for these purposes may include details about things like the particular pages or advertisements you view on our websites and the actions you take on our websites and or other digital assets. For more details please see our Cookie Policy.

  • Information we may receive from other sources. We are working closely with third parties (including, for example, your employer, business partners and sub-contractors (including in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, financial institutions, financial advisers, external medical bodies, disclosure and criminal check services, police forces and courts) and may receive information about you from them). These third parties may be based outside of the EEA (see the Storage and transfer of Your Data section for more information).
  • Cookies

    Our website uses cookies.  A cookie is information that a web site stores on your computer so that it can remember something about you at a later time.  Cookies are commonly used on the Internet and do not harm your computer.  This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.  The cookies used on our web sites do not collect any personal data that others could read and understand about you, such as your name; however, we may link information contained in a cookie to personal information you may provide us with other means (e.g. web site registration).

    Our website currently uses cookies for the purpose of collating general, non- personal management information that is used to plan enhancements to our web site.  For example, cookies help us to understand the popular paths that users take through our web site and how often they visit.

    If you do not want us to use cookies when you visit our website, you can configure your browser not to accept them.  Disabling the use of cookies should not adversely affect your use of the website.  To find out how to disable the use of cookies, please refer to your browsers help facility or the manufacturers instruction manual, or to our Cookies Policy.

    Use of your data

    We may use Your Data in the following ways:

  • to provide you and/or your family and/or or accompany dependents with the Services (as applicable);
  • to administer, operate, facilitate and manage your and/or your family’s and/or or accompany dependent’s relationship and/or account with us, and to otherwise, including contacting you or, if applicable, your designated representative(s) by post, telephone, email etc.;
  • to provide you, or permit selected third parties to provide you, with information (such as relocation research), recommendations or advice concerning our offers, promotions, products and services, including those products and services which you request from us. If you are an existing customer (and save for where this is permitted under Applicable Data Protection Laws or where you have provided your consent to further marketing) we will only contact you by electronic means (email) with information about goods and services similar to those which were the subject of a previous sale or negotiation of a sale to you. If you are a new customer, and where we permit selected third parties to use Your Data, we (or they) will contact you by electronic means only if you have consented to this, save for where this is otherwise permitted under Applicable Data Protection Laws. If you do not want us to use Your Data in this way, or to pass your details on to third parties for marketing purposes, then please indicate your preference on the form on which we collect Your Data;
  • to notify you about changes to the Services;
  • to operate, evaluate and improve our business (including developing new products and services, troubleshooting, data analysis, testing and research and statistical and survey purposes); managing our communications; determining the effectiveness of and optimizing our advertising; analysing our products, services, websites, mobile applications and any other digital assets; facilitating the functionality of our websites, mobile applications and any other digital assets; to ensure the content of our site is presented in the most effective manner for you and for your computer; and performing accounting, auditing, billing, reconciliation and collection activities;
  • as may be required by applicable laws and regulations or requested by any relevant judicial process or governmental agency; and
  • to comply with industry standards and our policies.
  • We do not use automated decision making.

    Retention, storage and transfer of Your Data

    To offer and perform our services, we may need to transfer your personal information among several countries.  The personal information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) or Switzerland, including the United States of America.  Those countries may not have the same data protection laws as the country in which you initially provided the information.  It may also be processed by staff operating outside the EEA who work for us or for one of our business partners or sub-contractors. This includes staff engaged in, among other things, providing you and/or your family with the Services (as applicable), the processing of your payment details and the provision of support services.  We will take all steps reasonably necessary to ensure that Your Data is processed and treated securely and in accordance with this Global Privacy Policy and with the Applicable Data Protection Law which may include using the EU model clauses.

    The security of Your Data is important to us.  We are committed to protecting the information we collect.  We maintain administrative, technical and physical safeguards designed to protect the personal information you provide or we collect against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.  All information you provide to us is stored on our secure servers.  We use SSL encryption on our websites from which we transfer certain personal information.

    We store Your Data only for as long as it is necessary to fulfil the purpose for which it was collected, unless otherwise required or authorized by Applicable Data Protection Law.  We take measures to destroy or permanently de-identify Your Data if required by law or if Your Data is no longer required for the purpose for which we collected it.

    Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites or other digital assets, you are responsible for keeping this password confidential.  We ask you not to share a password with anyone.

    Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect Your Data, we cannot guarantee the security of Your Data transmitted to our websites or other digital assets that are in the public domain; any transmission is at your own risk.  Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

    Access to information

    Applicable Data Protection Law may give you the right to access personal data held about you.  This will usually be the case where you are based in Europe.  Any request should be made in writing, and the best way for you to do so is to contact us at the email address stated below.  As we must be able to identify the person making the request, we request that you confirm any request made by you via different means by contacting us at the address stated below.  Due to technological constraints and/or information security considerations, it may be inappropriate to use social media to supply information in response to any request by you for access to personal data, and so please provide an alternative delivery address for our response.  We may reject requests and/or charge a fee where we are entitled to do so under Applicable Data Protection Laws, which may include where the request is manifestly unreasonable, in particular due to its repetitive or systematic nature, require disproportionate effort and/or risks the privacy or confidentiality of others.

    Disclosure of your data

    We may share Your Data with:

  • Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006, subject to the terms of this Global Privacy Policy.
  • Selected third parties including:
  • business partners, suppliers and sub-contractors for the performance of the Services (as applicable) or any other contract we enter into with them or you;
  • credit reference agencies for the purpose of assessing your credit score where this is a condition of us providing the Services to you and/or your family and where authorized under Applicable Data Protection Law; and
  • your employer, external medical bodies, disclosure and criminal check services, police forces and courts and relevant immigration authorities for the purpose of preparing and processing your visa application.
  • We may also disclose Your Data to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose Your Data to the prospective seller or buyer of such business or assets.
  • If Interdean Ukraine or substantially all of its assets are acquired by a third party, in which case Your Data may be one of the transferred assets.
  • If we are under a duty to disclose or share Your Data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, or safety of our group, our customers, or others.  This includes exchanging information with other companies and organisations for the purposes of fraud protection and risk reduction.
  • As the case may be, one or more of the above may be located outside of the European Economic Area.

    Your rights

    Under Applicable Data Protection Law, you may have certain rights regarding the personal data we maintain about you.  We also offer you certain choices about what personal data we collect from you, how we use that personal data, and how we communicate with you.

    You can choose not to provide personal data to us.  You also may refrain from submitting personal data directly to us.  However, if you do not provide Your Data when requested, or if you exercise your rights you and/or your family may not be able to benefit from the Services (as applicable), and we may not be able to provide you with information about our products, services and promotions.

    To the extent provided by Applicable Data Protection Law, you may withdraw any consent you previously provided to us, or object at any time to the processing of Your Data.  We will apply your preferences going forward.  In some circumstances, withdrawing your consent to our use or disclosure of Your Data will mean that you cannot take advantage of certain Services.

    In addition you may have the right to: obtain confirmation that we hold personal data about you, request access to and receive information about the personal data we maintain about you, receive copies of the personal data we maintain about you, update and correct inaccuracies in your personal data, object to the processing of your personal data, and have the personal data blocked, anonymized or deleted, as appropriate.  The right to access personal data may be limited in some circumstances by local law requirements including Applicable Data Protection Law.

    You have the right to ask us not to process Your Data for marketing purposes.  We will inform you (before collecting Your Data) and obtain your prior consent where required by the Applicable Data Protection Law if we intend to use Your Data for such purposes or if we intend to disclose Your Data to any third party for such purposes.  You can exercise your right to prevent such processing by advising us of your preferences before we collect Your Data, including on the form that is used to collect Your Data.  Our websites or other digital assets may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

    If you provide us with any information or material relating to another individual, you should make sure that the sharing with us and our further use as described to you from time to time is in line with applicable laws, so for example you should duly inform that individual on the processing of her/his personal data and obtain her/his consent, as may be necessary under Applicable Data Protection Laws.

    Data security and integrity

    The security, integrity and confidentiality of your data is very important to us. We have implemented the following means of controls to protect your data from unauthorized access, modification, disclosure and misuse:  

  • Patching and updating software as soon as options are available.
  • High-grade encryption for sensitive data.
  • Upgrading devices when the software is no longer supported by the manufacturer.
  • Requiring all devices to use a business-grade VPN service and antivirus protection.
  • Enforcing strong credentials and multi-factor authentication to encourage better user cybersecurity practices.
  • Educating employees on best security practices and ways to avoid socially engineered attacks.
  • In case of a data breach that may lead to the destruction, loss, alteration or unauthorized disclosure of personal data, we take the following actions in order to minimize the damage:

      1. Prompt detection of data breach. The following signs indicate that the breach has indeed occurred: buffer overflow attempts against a database server, multiple failed login attempts from an unfamiliar remote system, bounced emails with suspicions contents.

    2. Urgent incident response actions. The following actions should be taken within first 24 hours after a data breach is detected:

    - documenting the date and time the data breach was discovered
    - immediate notifying company IT specialist
    - isolation of the location of the data breach
    - gathering all possible data about the breach
    - interviewing the people who discovered the breach
    - documenting the investigation of the breach.

    3. Containment, eradication and recovery measures

    Containment: the goal of this measure is not only to isolate compromised computers and servers but also to prevent the destruction of evidence that can help in the investigation. This measure includes conducting a comprehensive data breach containment operation and preservation of all evidence.

    Eradication: it is eliminating all sources of the data breach. For example, if the breach occurred because of an insider threat, IT specialist should disable all accounts that leaked information. If the threat was external, such as malware, it may be necessary to clean up the affected system and patch exploited vulnerabilities.

    Recovery: after successful eradication, normal operations should be resumed as soon as possible. This includes returning the affected systems to a fully operational state, installing patches, changing passwords, etc. Company IT specialist should carefully monitor the network, recovered computers, and servers to ensure that the threat no longer exists.

    Please bear in mind that despite our best efforts to safe guard your data, no security measures are perfect or impenetrable.

    Quality of collecting personal data

    We take all reasonable steps to ensure the personal data we hold is correct and that it is not misleading to any matter of fact. Our employees use the following checklist for that:

    1) we check the accuracy of any personal data we create;
    2) we update personal data when necessary;
    3) if we need to keep a record of a mistake, we clearly identify it as a mistake;
    4) we comply with the individual’s right to rectification and carefully consider any challenges to the accuracy of the personal data.

    Monitoring and enforcement

    Interdean monitors compliance with company Global Privacy Policy in the following ways:

    we carry out risk assessments of data systems and acts of the results;
    we maintain up-to-date security system using firewalls and encryption technology;
    we restrict access to personal data only to those who need it;
    we train our staff on data security;
    we review data security regularly on a Yearly Quality Meeting.

    How to contact us and escalation contact

    If you have any questions or comments about this Global Privacy Policy, our privacy practices or if you would like us to update personal data or preferences you provided to us, please e-mail us at: kyiv@interdean.ua or write to us at:

    Interdean Ukraine

    34 Gnata Hotkevycha Str.

    Kyiv, 02094 Ukraine

    If you believe that the information that you have given us was misused or your rights were compromised, please contact General Manager of Interdean:

    Marina Chornokozha

    Marina.chornokozha@interdean.ua

    Reviewed: April 16, 2024