Privacy Policy
PRIVACY POLICY
Kharkiv, January 01, 2026
1. INTRODUCTION
1
This Personal Data Privacy Policy (hereinafter — Policy) defines the procedure for collecting, using, storing, transferring, and protecting users' personal data while using "Torgsoft" services, as well as the procedure for exercising the rights of personal data subjects.
2
The Policy is developed and applied in accordance with the requirements of Ukrainian legislation, in particular the Law of Ukraine "On Personal Data Protection", as well as, where applicable, in accordance with the EU General Data Protection Regulation (GDPR).
2. PERSONAL DATA OWNER/CONTROLLER AND CONTACTS
1
The owner of personal data (controller) is the individual entrepreneur Lukashyn Serhii Olehovych (RNOKPP 2389414979) (hereinafter — Rightsholder or We).
2
Contact for inquiries regarding personal data processing and the exercise of personal data subject's rights: info@torgsoft.ua
3. SCOPE OF THE POLICY
1
This Policy applies to the processing of personal data of users in connection with the use of "Torgsoft" services, in particular:
"Torgsoft" website: https://torgsoft.ua/
"Torgsoft" online store: https://store.torgsoft.ua/
marketplace: https://torgsoft-online-market.com/
"Torgsoft" software for personal computers;
"Torgsoft" mobile applications for Android and iOS;
communication channels and technical support (user inquiries, support requests, correspondence).
2
The Policy does not apply to third-party websites, services, and products that the user may navigate to via links or interact with during payment, delivery, or other use of "Torgsoft" services. Personal data processing by such third parties is carried out in accordance with their own documents and rules.
4. WHAT DATA WE COLLECT
1
We process personal data in the minimum amount necessary to provide "Torgsoft" services, fulfill orders, provide support, and comply with legislative requirements.
2
Data provided by you
We may process personal data that you provide to us when placing an order, registering/receiving a demo version, arranging delivery, contacting support, or during other interactions with our services, in particular:
We may process personal data that you provide to us when placing an order, registering/receiving a demo version, arranging delivery, contacting support, or during other interactions with our services, in particular:
full name;
phone number;
email address;
delivery address (if required for order fulfillment);
purchase/order history in our services.
3
Data collected automatically (cookies, logs)
While using "Torgsoft" websites and/or services, technical data necessary for service operation, security, and analytics may be processed automatically, in particular:
While using "Torgsoft" websites and/or services, technical data necessary for service operation, security, and analytics may be processed automatically, in particular:
cookies and related identifiers (for proper site/cart/settings operation, as well as analytics);
technical logs and connection data, which may include, in particular, IP address, date and time of access, browser or operating system type/version, device technical parameters, pages/actions within services — to the extent necessary to ensure operation, security, and diagnostics;
website usage analytics data via Google Analytics (in the form of statistical/analytical usage metrics).
4
Mobile app permissions (camera, microphone, storage)
"Torgsoft" mobile applications for Android and iOS may request access to device functions only with user permission and only for the operation of relevant functionality, in particular:
"Torgsoft" mobile applications for Android and iOS may request access to device functions only with user permission and only for the operation of relevant functionality, in particular:
Camera — for functions requiring camera use (e.g., scanning/reading data, creating/adding images within user actions).
Microphone — only in cases where the user initiates a function requiring microphone use within the app.
Storage (files/media) — for saving and using files/materials on the device within the app's functionality (e.g., user-created or downloaded files).
5
Important regarding Google user data and Google Drive API
"Torgsoft" does not store or use Google user personal data as credentials (login/password) or other Google authentication data.
When using the database archiving function via Google Drive API, authorization data is entered and processed in the Google authentication window to obtain an access token and perform operations with the Google Drive API; "Torgsoft" does not store the user's Google credentials.
5. WHY WE USE DATA (PROCESSING PURPOSES)
1
We process users' personal data only for defined, clear, and lawful purposes, to the extent necessary to provide "Torgsoft" services, fulfill orders, and comply with legislative requirements.
2
Registration and processing of inquiries/applications
To process your applications, registration forms, requests for demo versions, newsletter subscriptions, and other inquiries, as well as to identify you as a client in our accounting and support systems.
To process your applications, registration forms, requests for demo versions, newsletter subscriptions, and other inquiries, as well as to identify you as a client in our accounting and support systems.
3
Contract performance, service provision, and licensing
placing, processing, and fulfilling orders for software products/licenses and/or trade equipment;
generating, providing, and maintaining licenses (including sending information necessary for license activation/maintenance);
ensuring proper service operation and protection against unauthorized software use (within necessary technical checks related to the license).
4
Delivery organization and execution
To organize the delivery of ordered goods/equipment and/or documents, including transferring necessary data to delivery services (e.g., full name, phone number, delivery address/branch) exclusively to the extent needed for delivery execution.
To organize the delivery of ordered goods/equipment and/or documents, including transferring necessary data to delivery services (e.g., full name, phone number, delivery address/branch) exclusively to the extent needed for delivery execution.
5
Accounting and tax records
invoicing, issuing primary documents, acts/waybills, and other documents related to payment and supply;
maintaining accounting and tax records and complying with legislative requirements regarding storage and confirmation of business transactions.
6
Technical support and communication
processing support inquiries, diagnosing problems, providing consultations and information regarding product/service use;
informing about order status, delivery, license maintenance, as well as important notifications related to service provision (including technical and security notifications).
7
Marketing communications
To send news, update information, promotions, and special offers — only provided you have consented to receive such messages (e.g., by checking the relevant box or subscribing to the newsletter). You may opt-out of marketing communications at any time in the manner specified in such messages or by contacting info@torgsoft.ua.
To send news, update information, promotions, and special offers — only provided you have consented to receive such messages (e.g., by checking the relevant box or subscribing to the newsletter). You may opt-out of marketing communications at any time in the manner specified in such messages or by contacting info@torgsoft.ua.
6. LEGAL BASIS FOR PROCESSING
1
We process users' personal data only where there are lawful grounds. For users from the European Economic Area (EEA), legal bases are defined by Article 6 of the GDPR, and for users in Ukraine — in accordance with the Law of Ukraine "On Personal Data Protection".
2
Performance of a contract / taking steps prior to entering into a contract
We process personal data if necessary to provide "Torgsoft" services, process orders, grant licenses, organize delivery, communicate with the user, and provide technical support.
We process personal data if necessary to provide "Torgsoft" services, process orders, grant licenses, organize delivery, communicate with the user, and provide technical support.
3
Compliance with a legal obligation
We process personal data if necessary for maintaining accounting and tax records, processing and storing documents, as well as fulfilling lawful requirements of state bodies in the manner prescribed by legislation.
We process personal data if necessary for maintaining accounting and tax records, processing and storing documents, as well as fulfilling lawful requirements of state bodies in the manner prescribed by legislation.
4
Legitimate interest
We may process certain data if necessary to ensure information and network security, prevent abuse and fraud, diagnose failures, and improve service quality, as well as to protect the rights and legitimate interests of the Rightsholder — provided that such interests do not override the user's rights and freedoms.
We may process certain data if necessary to ensure information and network security, prevent abuse and fraud, diagnose failures, and improve service quality, as well as to protect the rights and legitimate interests of the Rightsholder — provided that such interests do not override the user's rights and freedoms.
5
User consent
We process personal data based on user consent in cases where such consent is necessary or chosen by us as a legal basis, particularly for marketing communications and for using those categories of cookies/technologies requiring consent. The user may withdraw consent at any time; withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
We process personal data based on user consent in cases where such consent is necessary or chosen by us as a legal basis, particularly for marketing communications and for using those categories of cookies/technologies requiring consent. The user may withdraw consent at any time; withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
7. COOKIES AND ANALYTICS
1
We use cookies and similar technologies (hereinafter collectively — cookies) to ensure "Torgsoft" website operation, enhance security, save settings, as well as to obtain traffic statistics and improve services.
2
Types of cookies that may be used
Mandatory (technical) cookies
These cookies are necessary for the correct operation of websites and the online store (including cart operation, session saving, basic settings, protection against abuse). Without them, certain functions may work incorrectly or be unavailable.
These cookies are necessary for the correct operation of websites and the online store (including cart operation, session saving, basic settings, protection against abuse). Without them, certain functions may work incorrectly or be unavailable.
Analytical cookies (Google Analytics)
With user consent, we may use analytical cookies, specifically Google Analytics, to obtain statistical data on interaction with websites (e.g., viewed pages, visit duration, referral sources). Such data is used to improve service quality and convenience, as well as to identify and resolve technical problems.
With user consent, we may use analytical cookies, specifically Google Analytics, to obtain statistical data on interaction with websites (e.g., viewed pages, visit duration, referral sources). Such data is used to improve service quality and convenience, as well as to identify and resolve technical problems.
3
Consent and cookie management
During the first visit to "Torgsoft" websites, a cookie banner is displayed to the user, through which the user can grant or deny consent to the use of analytical cookies. The user can change their choice regarding analytical cookies via settings in the cookie banner (if such function is available) and/or by configuring their browser settings (blocking or deleting cookies).
Refusing analytical cookies does not limit access to the main website functionality. However, blocking mandatory (technical) cookies in browser settings may lead to incorrect operation of certain online store functions.
8. WHO WE SHARE DATA WITH (RECIPIENTS / PROCESSORS)
1
We do not sell or transfer users' personal data to third parties for remuneration. Transfer of personal data is possible only in cases where it is necessary to provide "Torgsoft" services, fulfill a user's order, process payment, organize delivery, ensure support, or comply with legislative requirements, and only in the minimum necessary amount.
2
Payment providers
To accept and process payments, we engage payment providers (LiqPay, Platon). If a user makes a payment, payment details (including payment card data) are entered and processed directly on the payment provider's side. We do not receive or store full payment card data (card number, CVV/CVC, etc.), but receive from the provider only information necessary to confirm the fact and parameters of payment (e.g., payment status, transaction ID).
To accept and process payments, we engage payment providers (LiqPay, Platon). If a user makes a payment, payment details (including payment card data) are entered and processed directly on the payment provider's side. We do not receive or store full payment card data (card number, CVV/CVC, etc.), but receive from the provider only information necessary to confirm the fact and parameters of payment (e.g., payment status, transaction ID).
3
Delivery services / logistics partners
To deliver ordered goods/equipment and/or documents, we may transfer minimal necessary data to delivery services: recipient's full name, phone number, and delivery address (or other information required for delivery/shipment). Delivery services process data in accordance with their own rules and documents.
To deliver ordered goods/equipment and/or documents, we may transfer minimal necessary data to delivery services: recipient's full name, phone number, and delivery address (or other information required for delivery/shipment). Delivery services process data in accordance with their own rules and documents.
4
Hosting and infrastructure
Our web resources and infrastructure, including databases, are hosted in Hetzner Online GmbH (Germany) data centers and with the provider Ukraine.com.ua (Ukraine). Such providers offer hosting/infrastructure services and may act as data processors regarding ensuring infrastructure storage and operation. Access to personal data is granted only to the extent necessary to provide such infrastructural services, applying organizational and technical security measures.
Our web resources and infrastructure, including databases, are hosted in Hetzner Online GmbH (Germany) data centers and with the provider Ukraine.com.ua (Ukraine). Such providers offer hosting/infrastructure services and may act as data processors regarding ensuring infrastructure storage and operation. Access to personal data is granted only to the extent necessary to provide such infrastructural services, applying organizational and technical security measures.
5
CRM and support tools
To account for orders, licenses, interaction history, and support inquiries, we use our own (internal) CRM and internal service tools. Access to such systems is granted only to authorized persons of the Rightsholder within official necessity. Personal data is stored and processed within the Rightsholder's controlled environment.
To account for orders, licenses, interaction history, and support inquiries, we use our own (internal) CRM and internal service tools. Access to such systems is granted only to authorized persons of the Rightsholder within official necessity. Personal data is stored and processed within the Rightsholder's controlled environment.
6
Authorized partners / dealers
The Rightsholder is the owner (controller) of personal data processed within "Torgsoft" services.
Authorized partners/dealers may be engaged for sales, implementation, training, or providing local support to users. In such cases:
In cases where the user enters into separate agreements with a dealer or provides data to a dealer outside "Torgsoft" services, such processing is carried out in accordance with the terms and documents of the respective dealer.
The Rightsholder is the owner (controller) of personal data processed within "Torgsoft" services.
Authorized partners/dealers may be engaged for sales, implementation, training, or providing local support to users. In such cases:
personal data obtained during interaction with the user within the scope of providing services regarding "Torgsoft" products are subject to entry into the Rightsholder's closed database/CRM and are processed under the Rightsholder's control;
partners/dealers are obliged to use personal data exclusively for providing services related to "Torgsoft" products and do not have the right to use them for their own marketing or transfer them to any other third parties unless expressly provided by law or agreed by the user;
access of partners/dealers to personal data (if granted) is limited by the principle of minimum necessity and terms of relevant agreements/instructions of the Rightsholder.
7
Requests from state bodies and law enforcement agencies
We may disclose user personal data to state bodies and/or law enforcement agencies only in cases and in the manner expressly provided by legislation, in particular based on a duly executed and mandatory request, court decision, or other document provided by law. The scope of disclosure is limited to data necessary to fulfill the relevant legal requirement.
We may disclose user personal data to state bodies and/or law enforcement agencies only in cases and in the manner expressly provided by legislation, in particular based on a duly executed and mandatory request, court decision, or other document provided by law. The scope of disclosure is limited to data necessary to fulfill the relevant legal requirement.
9. DATA STORAGE LOCATION AND INTERNATIONAL TRANSFERS
1
Personal data processed within "Torgsoft" services is stored and processed on infrastructure that may be located in various jurisdictions depending on the specific service and its technical architecture.
2
Physical/legal location of infrastructure
Our servers and/or web resources (including website and online store) may be hosted and/or located in data centers:
Our servers and/or web resources (including website and online store) may be hosted and/or located in data centers:
Hetzner Online GmbH (Germany);
Ukraine.com.ua (https://www.ukraine.com.ua/).
3
Access and processing across countries
The Rightsholder, its employees, and/or authorized persons may access personal data from the territory of Ukraine and/or other countries to the extent necessary to provide services, administration, ensure security, and provide technical support. Such access is carried out using organizational and technical security measures and based on the principle of minimum necessary access.
The Rightsholder, its employees, and/or authorized persons may access personal data from the territory of Ukraine and/or other countries to the extent necessary to provide services, administration, ensure security, and provide technical support. Such access is carried out using organizational and technical security measures and based on the principle of minimum necessary access.
4
International transfers for users from the EEA
If a user is located in the European Economic Area (EEA), access to personal data from the territory of Ukraine and/or data processing outside the EEA may be considered an international transfer. In such cases, where applicable, we ensure an adequate level of personal data protection by applying mechanisms provided by GDPR (in particular, appropriate contractual and/or organizational measures), taking into account the nature of processing and risks to users' rights and freedoms.
If a user is located in the European Economic Area (EEA), access to personal data from the territory of Ukraine and/or data processing outside the EEA may be considered an international transfer. In such cases, where applicable, we ensure an adequate level of personal data protection by applying mechanisms provided by GDPR (in particular, appropriate contractual and/or organizational measures), taking into account the nature of processing and risks to users' rights and freedoms.
10. DATA STORAGE PERIODS
1
We store personal data in a form that allows identification of the user no longer than is necessary to achieve the processing purposes and/or fulfill legal requirements.
2
Data in CRM and interaction history (orders/licenses/inquiries)
Contact data, order history, license information, and support inquiries may be stored in our CRM and related internal systems for the duration of service use and thereafter — to the extent necessary for user support, restoration of service/order history, and protection of our rights and legitimate interests (e.g., in case of claims or disputes), unless another period is established by law.
Contact data, order history, license information, and support inquiries may be stored in our CRM and related internal systems for the duration of service use and thereafter — to the extent necessary for user support, restoration of service/order history, and protection of our rights and legitimate interests (e.g., in case of claims or disputes), unless another period is established by law.
3
Accounting and tax documents
Documents and information related to the fulfillment of tax/accounting requirements (including primary documents) are stored for periods provided by the Tax Code of Ukraine. Specifically, the Tax Code establishes document storage periods and explicitly provides for a period of 1095 days, according to the Tax Code of Ukraine (specifically Art. 44), for certain categories of documents (depending on the type of documents and circumstances defined by the Code).
If a user submits a request for deletion, we may delete/anonymize data, except for those subject to mandatory storage in accordance with legislation.
Documents and information related to the fulfillment of tax/accounting requirements (including primary documents) are stored for periods provided by the Tax Code of Ukraine. Specifically, the Tax Code establishes document storage periods and explicitly provides for a period of 1095 days, according to the Tax Code of Ukraine (specifically Art. 44), for certain categories of documents (depending on the type of documents and circumstances defined by the Code).
If a user submits a request for deletion, we may delete/anonymize data, except for those subject to mandatory storage in accordance with legislation.
4
Technical logs
Technical logs of events and access, which may contain technical identifiers (e.g., IP address, date/time of event, technical parameters), are stored for a limited period necessary to ensure security, failure diagnosis, and service administration, after which they are deleted or anonymized.
Technical logs of events and access, which may contain technical identifiers (e.g., IP address, date/time of event, technical parameters), are stored for a limited period necessary to ensure security, failure diagnosis, and service administration, after which they are deleted or anonymized.
5
Backups
To ensure service recovery and protection against data loss, we create backup copies. Data may be stored in backups for a period determined by our internal security procedures and are deleted/overwritten cyclically. Deletion of data based on a user request is carried out in active (working) systems; however, data may remain in backups for some time until their scheduled overwrite.
To ensure service recovery and protection against data loss, we create backup copies. Data may be stored in backups for a period determined by our internal security procedures and are deleted/overwritten cyclically. Deletion of data based on a user request is carried out in active (working) systems; however, data may remain in backups for some time until their scheduled overwrite.
6
Marketing contacts
Data for marketing communications (e.g., e-mail) is stored until the user withdraws consent or opts out of the mailing list (via the unsubscribe mechanism or by contacting info@torgsoft.ua), unless otherwise required by law.
Data for marketing communications (e.g., e-mail) is stored until the user withdraws consent or opts out of the mailing list (via the unsubscribe mechanism or by contacting info@torgsoft.ua), unless otherwise required by law.
11. YOUR RIGHTS AND HOW TO EXERCISE THEM
1
You may contact the Rightsholder regarding access, correction, deletion, or other actions with your personal data by sending a request to info@torgsoft.ua.
2
Rights under Ukrainian legislation
In accordance with the Law of Ukraine "On Personal Data Protection", you have the right, in particular, to receive information about the processing of your data, access to it, demand correction of inaccurate data, object to processing in cases provided by law, as well as lodge a complaint with the Ukrainian Parliament Commissioner for Human Rights or a court.
Law of Ukraine "On Personal Data Protection" No. 2297-VI.
In accordance with the Law of Ukraine "On Personal Data Protection", you have the right, in particular, to receive information about the processing of your data, access to it, demand correction of inaccurate data, object to processing in cases provided by law, as well as lodge a complaint with the Ukrainian Parliament Commissioner for Human Rights or a court.
Law of Ukraine "On Personal Data Protection" No. 2297-VI.
3
Rights under GDPR
If processing falls under GDPR, you have rights provided by Articles 15–22 GDPR (in particular, the right to access, rectification, erasure, restriction of processing, data portability, and the right to object — in cases and within limits defined by GDPR).
GDPR (Regulation (EU) 2016/679)
If processing falls under GDPR, you have rights provided by Articles 15–22 GDPR (in particular, the right to access, rectification, erasure, restriction of processing, data portability, and the right to object — in cases and within limits defined by GDPR).
GDPR (Regulation (EU) 2016/679)
4
Identity verification and limitations
For the purpose of protecting personal data, we may request additional information to identify the applicant and/or confirm authority. We may refuse to fulfill a request or limit its fulfillment in cases provided by law, particularly if the request is unidentified, manifestly unfounded/excessive, or if fulfilling the request contradicts legislative requirements (e.g., regarding mandatory storage of certain documents).
For the purpose of protecting personal data, we may request additional information to identify the applicant and/or confirm authority. We may refuse to fulfill a request or limit its fulfillment in cases provided by law, particularly if the request is unidentified, manifestly unfounded/excessive, or if fulfilling the request contradicts legislative requirements (e.g., regarding mandatory storage of certain documents).
12. DATA DELETION (ACCOUNT/DATA DELETION REQUEST)
1
A user may submit a request to delete personal data by sending an email to info@torgsoft.ua with the subject "Personal Data Deletion".
2
The request must specify minimum information to identify the user in our systems (e.g., full name, phone number, and/or e-mail used during ordering/inquiry). If necessary, the Rightsholder may request additional confirmation to prevent unauthorized data deletion.
3
After confirming identity, we perform the deletion of personal data from active (working) systems within a reasonable time. Deletion does not apply to data that the Rightsholder is obliged to store in accordance with legislation (in particular, accounting/tax documents), as well as data that may temporarily remain in backup copies until their scheduled overwrite.
13. SECURITY MEASURES
1
We apply organizational and technical security measures aimed at protecting personal data from unauthorized access, loss, destruction, alteration, disclosure, or other unlawful processing.
2
In particular, depending on the service and nature of processing, the following measures may be applied:
encryption of data during transmission via communication channels;
restriction of access to personal data on a need-to-know basis (separation of access rights);
logging (accounting) of actions and events related to administration and security;
backup copying and data restoration within internal business continuity procedures;
organizational access control measures and briefing of authorized persons.
3
At the same time, no security measures can guarantee absolute protection against all possible threats, including due to actions of third parties or circumstances beyond the Rightsholder's control.
14. PROCEDURE IN CASE OF SECURITY INCIDENT (DATA BREACH)
1
In the event of an information security incident that may lead to unauthorized access, loss, alteration, or disclosure of personal data, we take reasonable and necessary measures to:
localize the incident and mitigate possible consequences;
establish the circumstances of the incident to the extent necessary for response;
notify users if the incident may significantly affect their rights and interests, using available communication channels (in particular email, if provided);
2
fulfill legislative requirements regarding notification of authorized bodies in cases where such notification is mandatory.
15. CHILDREN'S DATA
1
"Torgsoft" services and products are intended for professional use and are not directed at children. We do not knowingly collect children's personal data.
2
If we become aware that a child's personal data has been provided to us by mistake or without proper grounds, we will take reasonable steps to stop processing and delete such data (to the extent permitted and required by legislation). Inquiries can be sent to info@torgsoft.ua.
16. CHANGES TO THE POLICY
1
The Rightsholder may update this Policy from time to time to reflect changes in service operation, legislative requirements, or internal personal data processing procedures.
2
The new version of the Policy enters into force from the date of its publication on the relevant Rightsholder's web resource, unless otherwise specified in the new version. The last update date is indicated in the text of the Policy.
In case of significant changes affecting the order of personal data processing, the Rightsholder may notify users by email if the user has provided their email address and such address is available for communication.
Go back to the previous step