We, UKLON LTD, a company incorporated under the laws of the Republic of Cyprus, Company Number HE 357185, located at 12 Dimostheni Severi Avenue, Office 601, 1080, Nicosia, Cyprus (hereinafter referred to as “we”, “us” and the “Company”), have prepared this Privacy Policy (hereinafter referred to as the “Policy”) to show how responsibly and seriously we treat the privacy of the information of our customers and visitors of https://uklon.eu (hereinafter referred to as the “Website”). Please be informed we do not require you to register and provide your Personal data to browse our Website. This Policy explains:
➢ what is Personal data;
➢ what Personal data we collect;
➢ our information practices when you provide your Data;
➢ whom we can share Personal data with;
➢ information on users’ privacy rights;
➢ how to contact us if you have any questions regarding Data processing.
Unless otherwise provided herein, the definition and formulation used in this Privacy Policy
retain the meanings defined in the General Data Protection Regulation (EU) 2016/679 (hereinafter
referred to as the “GDPR”).

1. PERSONAL DATA PROTECTION STATEMENT We do our best to protect the personal data of our customers and users of the Website, and, of course, we attempt to comply with all local data protection laws to the extent they apply to us. In general, we do not collect personal data when you visit our website unless you give us special consent or choose to provide us with some information about yourself. We inform you that the Company is the “Data Controller” for the GDPR and other applicable data protection legislation when we control data collection methods and identify the goals for which such data will be used. We process your Data only upon at least one of the following legitimate grounds for such processing, including but not limited to: o processing is required to execute or fulfil an agreement with you (including any offer and acceptance), including when you are using our services; o such processing is required under the legislation of the countries to which we provide our services or make our services available; o you consented to your data processing; o processing is required for any legitimate interests of the Company as the controller or third party (unless interests on fundamental rights and freedoms of the data subject that require data protection prevail over the above interests). The Company does not request or collect special categories of data (“sensitive data”) of our customers and the Website’s users. Please note this Policy may be updated from time to time, including if required by applicable law. The Company will notify you about the Policy changes by prominently posting a notice on our Website. We suggest that you review this Policy from time to time to see if there are any modifications. Your continued use of our services after this Policy has been updated means your consent to such an update. You may refuse to use our services if you disagree with the updates. Anyway, you can permanently delete or change your data accordingly.
2. WHAT PERSONAL DATA DO WE PROCESS
   (A) The following information about you can be collected and processed by the Company via
   our Website:
   ● IP address and geo-location (country, state or region);
   ● device information (such as device name/model, operating system, browser information,
   including browser type and language settings);
   ● Twitter ID;
   ● other information that we collect using cookies and similar technologies. (B) Uklon Partners (users of the online service “Uklon Driver”). We may process personal data as a data controller if the Partner enters into the Adhesion Contract (public offer) with the Company to provide access to the online service through the “Uklon Driver” Mobile Application. In this case, we receive the following personal data:
   − name,
   − surname,
   − email address,
   − telephone number,
   − vehicle registration certificate data,
   − driver’s licence data,
   − passport or residence permit data,
   − taxpayer registration number (TIN),
   − photo,
   − location,
   − account (personal account) data,
   − reviews,
   − rating,
   − order history,
   − other information you voluntarily provide at the time of conclusion or after the conclusion of the specified Adhesion Contract.
   Mainly, you can create an account (personal account), which allows you to save personal settings, upload photos, view completed orders, etc. To register an account, you must provide us with a certain amount of personal data. You provide us with a contact phone number at the first registration stage. At this stage, you can familiarize yourself with this Privacy Policy. After sending the phone number, we will have the right to use this number to send you messages (SMS, push notifications) and make calls. Such messages and calls may occur during unsuccessful registration (for example, when you have not completed the registration process) or to confirm or clarify certain registration information. Mobile Applications can access various services and data on your mobile device, including, but not limited to, location and external data storage devices (memory cards). Access to your mobile device’s services is possible only if you provide your separate and unambiguous consent in response to our push message. You may provide us with personal data by participating in promotions or sweepstakes or by sending us feedback about the Mobile Application. We also process your personal data when you contact our Partner support service or us through other channels. Particularly when you call the Partner support service or when the Partner support service contacts you, we use an automatic caller ID system to identify your phone number with your order. This will help both you and us save time. Conversations with support services can be listened to in real-time (by our employees or contractors) or recorded to monitor the quality of services and further training of our team. Records are stored for a limited time and are deleted automatically, except when we consider it necessary to keep them for a more extended period (if required, including to investigate cases related to law violations). All telephone conversation recordings will be used per this Privacy Policy. To strengthen the security measures of the users of the online service “Uklon” and the proper additional verification/identification of your identity, we may also process the following personal data: data of identity documents (for example, passport number and series, its validity period, date of issue and name of the body that issued it; data of residence permit; criminal record certificate) and/or their copies, other information voluntarily provided by you. (С) In addition to the above, we can process other personal data if you voluntarily submit it to the Company. (D) If the data processing is not required for using our Website and/or services by you or is not explicitly required by applicable law, we will delete it.
3. CHILDREN’S DATA
   This Website and our services don’t intend to collect information about children under 18. Our services are not intended for use by children. Acceptance of this Policy and continued use of the Website and/or our services means that the user/customer is not a child. If you are a parent of a child under 18 (or any other age established by applicable law), and you believe that your child disclosed any information to us, please notify us immediately, and we will erase this information.
4. HOW WE OBTAIN PERSONAL DATA
   The Company may obtain your Data from various sources and with multiple aims, including,
   without limitation:

• when you visit our Website,
• when you contact us (via a unique form, via email, or by phone);
• when you install the “Uklon Driver” Mobile Application and register your account there We can also gather information based on analysing actions taken during Website use (by cookies and similar technologies).

1. PURPOSES OF PERSONAL DATA PROCESSING
   We use Personal data for the following purposes:
   ▪ to provide you with access to and use of the “Uklon Driver” Mobile Application (performance
   of a contract);
   ▪ to operate and improve the Company’s services (performance of a contract, legitimate
   interest);
   ▪ to provide customers’ support (performance of a contract, legitimate interest);
   ▪ administrative, analytical and statistical purposes (legitimate interest);
   ▪ direct marketing and efficiency assessment (legitimate interest);
   ▪ protection against any malicious actions of users and in connection with other security
   considerations of the Company (legitimate interest);
   ▪ the safeguarding of the Company’s legitimate interests (legitimate interest);
   ▪ to comply with other legislative requirements, including providing timely feedback to
   requests of data subjects and supervisory/law enforcement authorities (legal obligation);
   ▪ to personalise user’s experience and to allow us to deliver the type of content and product
   offerings in which you are most interested (consent);
   ▪ to provide promotional information about our services (consent);
   ▪ subscription management and unsubscribing (consent).
2. PERSONAL DATA SHARING/DISCLOSURE AND THIRD PARTY LINKS
   Usually, no personal data will be disclosed or transferred to any third parties outside the Company and its affiliated entities except in the following cases:
   ✔ when we have your consent or according to your request;
   ✔ to provide you with our services and support (when you use the “Uklon Driver” Mobile
   Application);
   ✔ to state, federal or other regulatory and/or administrative authorities/agencies as part of the
   title or ownership transfer process;
   ✔ in response to court orders or an official request in other legal, administrative, regulatory,
   arbitration or similar process;
   ✔ to establish or exercise the Company’s, or an affiliate of the Company, rights or defend
   against claims;
   ✔ to investigate and/or prevent fraud by users/customers;
   ✔ if we believe that doing so is required or is in the Company’s best interest to protect its rights
   or the rights of others affiliated with us.
   We can transfer your name and phone number to users of the online service “Uklon” to help them return personal things left in the car during transportation (search for things left in the car). We also can transfer the personal data received from you to the insurance company to insure your life and health during transportation, including for the transfer of personal data to foreign subjects of relations related to personal data, to fulfil the requirements of legislation, life and health insurancecontracts, other contracts, including reinsurance, exercise the rights granted to the insurance company by law or contract and ensure the implementation of tax relations and relations in the areas of accounting, audit, financial services and assistance services, advertising, marketing and actuarial research, evaluation of the quality of the insurance company’s service. In case of transfer of your personal data to foreign subjects of relations related to personal data (outside the EU), if it is necessary for the purposes outlined above, you hereby give your unequivocal consent to the transfer (as well as further processing) of your data, including jurisdictions that are not recognized as providing adequate data protection (mainly, to Ukraine). We transfer the data above to the insurance company immediately after receiving it from you, and after transferring it, we delete it. We may use third-party services to process your personal data on our behalf. This processing takes place for various purposes, for example, for sending informational materials on our behalf and in our interests. Independent service providers agree to mandatory confidentiality and may not use your personal data for other purposes. We can transfer the history of completed orders, personal data specified by you during registration and using the “Uklon Driver” Mobile Application, data contained in your personal account, as well as data confirming the fact of communication with you regarding the made trips at the relevant requests of financial companies – providers of financial services. Any Personal data passively collected by the third-party website will not be transmitted or stored by the Company. When you use the services, the codes of other Internet resources and third parties may be present on the pages of the Website, because of which such Internet resources and third parties receive your Data. Therefore, these Internet resources can receive and process information you have visited these pages and other information that the User’s browser transmits. These Internet resources may include:
   ⇒ banner display systems (e.g. DoubleClick for Publishers, Admixer, AdRiver, etc.);
   ⇒ systems for collecting statistics on service visits (for example, Google Analytics counters);
   ⇒ social network plugins (e.g. Facebook, Twitter, Google).
   These administration services are necessary for the operational analysis of visits to the
   Website, internal and external assessments of Website traffic, volume of views, and user activity. We do not retain Personal data from these services. Accordingly, if you do not want these services to gain access to Personal data, you can voluntarily log out of your account or profile and clear cookies (via a browser). Our Website may contain hyperlinks to other 3rd party websites (such as Twitter/X) that the Company does not own or control. The Company is providing this content to you only as a convenience, and including any link does not imply our endorsement of the linked website. Please be aware that we are not responsible for the privacy practices of these third-party websites. The Company encourages you to be aware when you leave the website and to read the privacy policies of each third-party website that collects and/or uses your Data. If the Company is acquired by or merges with another company, to the extent permitted by applicable law, you agree that we may transfer your personal information to such company. In this event, we will notify you by email/or a prominent notice on the Website of any choices you may have regarding Personal data before your Data is transferred and becomes subject to a different privacy policy.
3. DURATION OF DATA PROCESSING/STORAGE
   We will not keep your data longer than is necessary to achieve the purpose for which it is collected and processed or to comply with regulatory requirements. To identify the relevant storage period, we recognise the nature and category of the personal data, the purposes of the processing, and whether we can hit those purposes otherwise. We can store Partners’ data to comply with our tax, accounting and/or financial reporting obligations, where we must retain the data by our contractual commitments to our financial partners. Please be informed that regulations of other countries may impose additional requirements, so the data storage period may vary. In particular, if a regulation of the country where our service user resides contains the limitation of action provisions defining the period during which you may file your claim or complaint against us, and we, accordingly, need relevant proof of legal relations with you, we may process personal data during this limitation of action period. We also need to consider any periods when we might need to keep personal data to comply with our legal commitments to our customers and/or supervisory authorities. Anyway, you can delete or change your data using your right to be forgotten. For that purpose, please get in touch with the Data Protection Officer (see contact details below). If you find out that some of the data we process is outdated, please notify us, too. If we process personal data under your consent (specifically, with the purpose of marketing mailings), any subsequent processing may be terminated at any time. It only takes to revoke your consent to such processing. If an option is available, you may opt-out by following the instructions in each communication. You can also withdraw your consent to the processing of any personal data that we have received on the basis of your consent by sending a request to our Data Protection Officer at privacy@uklon.eu. Please indicate “Withdrawal of consent” in the subject line of your message to expedite our response. If you are a Uklon Partner (user of the “Uklon Driver” Mobile Application) and withdraw your consent to processing or ask us to delete personal data, a specific part of the data received from you will remain in processing for some time, even after deleting your account and terminating cooperation, namely: phone number; name; the date you started using our service. This is because the relevant Adhesion Contract is concluded between us (by accepting the public offer). Following the GDPR, the primary legal basis for the processing of personal data, in this case, is the conclusion and execution of a transaction to which the personal data subject is a party or which is concluded in favour of the personal data subject or for the implementation of measures preceding the conclusion of a transaction at the request of the personal data subject. And this is not the only legal basis for processing your data. In particular, we are obliged to comply with specific requirements of the tax legislation regarding the payment and accrual of relevant taxes and fees in respect of the funds received (the need to fulfil the obligation of the personal data controller provided for by law). In addition, in some instances, in particular, when we detect signs of fraud or other questionable actions on the part of the Partner or third parties that violate the applicable law or the Adhesion Contract or when there are unresolved claims or disputes between the Company and the Partner, we need to protect the legitimate interests of the data controller or a third party to whom personal data were transferred. Please be informed that deleting the “Uklon Driver” Mobile Application on your device does not mean deleting your personal data.
4. TECHNICAL, ADMINISTRATION AND OTHER DATA PROTECTION MEANS
   The Company takes the security of all personal data very seriously. We use generally accepted standards for technological and operational protection of information and personal data from loss, misuse, alteration, or destruction. To ensure the secure storage of your data, we have implemented special technical and administrative tools that protect personal data against any unauthorised or unlawful processing and any unintentional data loss, destruction, or damage. We routinely test our security measures to ensure they remain operational and practical. First, we use regular Malware Scanning. The Company uses Secure Socket Layer (“SSL”) encryption when transmitting certain kinds of Personal data. During SSL transactions involving credit cards and other forms of payment, an icon resembling a padlock is displayed at the bottom of most browser windows. Of course, we use other technical controls, such as encryption, firewalls, and password protections, to secure the information we collect online. The Company adheres to the principle of data minimisation. We process only the information related to our users/customers that we need to perform certain functions and for specific purposes or the information that you (upon your consent) share with us beyond the scope of the necessary processing. Your data is only accessible to a limited number of personnel who need access to it to perform their duties. We provide access to information and personal data only to authorised employees who have agreed to ensure the confidentiality of such information. We train appropriate personnel on our privacy and security policies and compliance requirements. Please note emailing may not necessarily be secure against interception. We suggest you do not send personal data (such as your ID and credit card details) to us via email. The personal data you provide will be stored securely. We do our best to safeguard the data; however, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. If the Company learns of a security systems breach, we may attempt to notify you electronically so that you can take appropriate protective steps. We may also post a notice on the website if a security breach occurs. Depending on where you live, you may have a legal right to receive written notification of a security breach. In compliance with the GDPR, the Company provides relevant protection for data disclosure to countries outside the European Economic Area based on the standard contractual clauses for transferring personal data approved by the European Commission or any other applicable provisions referred to in Article 46 of the GDPR.
5. COOKIES AND OTHER TRACKING TECHNOLOGIES
   Cookies are small text files placed on your device, such as a computer or mobile device, by websites you visit. The website will remember your preferences and actions for a certain period so that you will not have to set them up again. Our cookies do not identify a specific user; they only identify the device used. Information collected using this type of file is stored to maintain the User’s session within the Website; they may improve the Website by making estimates regarding website usage statistics and help to assist in customising the products we provide to the individual preferences and actual needs of Users, speed up the search process, and may also allow the display of advertisements, both from websites managed by Company and from third party websites or otherwise, based on the analysis of the User’s browsing habits. Our website’s cookies and other tracking technologies may be used in various ways, such as website operation, traffic tracking, or advertising. We use cookies and other tracking technologies to improve the quality and efficiency of our services. The list of cookies and other tracking technologies the Company uses on its website is available in a separate Cookie Policy. To learn more about what cookies are, how they work, and how to manage or delete them, please visit www.allaboutcookies.org Please note that certain browsers’ settings prohibit cookies and other tracking technologies. Please be aware that switching some cookies off will result in a loss of functionality of our website or application, and, accordingly, you will not be able to use all of their options, and some features/services might not be working correctly.
6. THE RIGHTS OF DATA SUBJECTS (INDIVIDUALS)
   Please be advised that when you contact us, you should go through the identification process and submit your specific requirements so we can process your request and respond on legitimate grounds. If we cannot identify you through messaging or your request to the support service or if we have reasonable suspicions about your identity, we may request that you provide us with specific information about you. Any additional information collected for verification will only be used to verify the individual. We process requests as quickly as possible, but please remember that providing a complete and legitimate response regarding personal data is a complex process that may take up to a month or even longer. We will let you know if we need more time to prepare a response. The GDPR has secured the following rights of data subjects to safeguard their data: Right to be informed This Privacy Policy lets you read general information about what personal data we process. If you want to know what personal data we process about you, you can request this information anytime by contacting our DPO. Right of access You have the right to obtain confirmation from the Company as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data. Right to rectification If you find out that some of the data that we process is incorrect or outdated, please notify us accordingly, including via the DPO’s contacts. In some instances, we cannot modify Personal data. For example, when your Data has already been used in the offer and acceptance agreement and/or is contained in any written instrument executed and submitted to any state agency or otherwise according to applicable law. Right to erasure (right to be forgotten) If we process your Personal data under processing consent (specifically, with the purpose of marketing mailings), any subsequent processing may be terminated at any time. It only takes to revoke your consent to such processing. If an option is available, you may opt-out by following the instructions in each communication. The Company reserves the right to send you certain communications relating to our services, including, without limitation, notifications, service announcements, and administrative messages. Generally, you may not opt out of these communications which are not promotional/marketing. Right to data portability Sometimes, you may obtain or request that we provide your data to any third party in a structured, commonly used and machine-readable format. Right to restrict processing You may request to restrict your data processing so only we can keep it. This means demanding that we terminate data processing other than storage under certain circumstances. Right to object You have the right to object to processing Personal data in certain circumstances and have an absolute right to stop your Data from being used for direct marketing. However, in these circumstances, the right to object is not absolute, and you must give specific reasons why you object to processing your Data. Right not to be subject to a decision based solely on automated processing The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. Automated decision-making takes place when an electronic system uses personal information to make decisions without human intervention. There are no fully automated decision-making or profiling systems within the Company, so this right does not currently apply to any processing activities. Right to lodge a complaint If you want to make a complaint, you may write to the Office of the Commissioner for Personal Data Protection, which is an independent Cyprus regulator. Any complaint to the Office of the Commissioner for Personal Data Protection is without prejudice to your right to seek redress through the courts. The Cyprus regulator website: https://www.dataprotection.gov.cy
7. HOW TO CONTACT US
   If you have any questions about this Policy or complaints regarding your data, please contact us electronically or send physical mail. We have designated a Data Protection Officer (DPO) who is a single point of contact for any questions or comments regarding data protection and privacy issues. You may submit your request to the DPO in writing: 12, Dimostheni Severi Avenue, Office 601, 1080, Nicosia, Cyprus, or E-mail: privacy@uklon.eu Effective Date: 01.01.2024