Privacy Policy

The data controller responsible for the processing of personal data described in this policy is:

LIMITED LIABILITY COMPANY "BRKS Labs"
EDRPOU 45737101
02068, Kyiv, Drahomanova St. 42, apt. 32, Ukraine
Email: kylogor@gmail.com

We have not appointed a formal Data Protection Officer. For any privacy matter, write to the address above and your request will be handled by an authorized member of the team.

This policy applies to personal data we process in connection with this website and with inquiries received through it. For data we process on behalf of our clients under a service agreement, the relevant Data Processing Agreement (DPA) prevails.

We follow the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the ePrivacy Directive and the Law of Ukraine "On Personal Data Protection" No. 2297-VI.

We only process data that you actively provide to us:

• Inquiry data: name, email address, company, and any information you include in the body of a message you send us by email.
• Technical data: standard server-side access logs (IP address, user agent, timestamp, requested URL) generated by our web infrastructure for security and reliability.

We do not use third-party analytics, advertising pixels, session replay, or behavioural tracking on this website.

We process the data above for the following purposes:

• Responding to your inquiries — legal basis: Article 6(1)(b) GDPR (steps prior to entering into a contract) or Article 6(1)(f) GDPR (legitimate interest in responding to business correspondence).
• Operating and securing the website — legal basis: Article 6(1)(f) GDPR (legitimate interest in preventing abuse and keeping services reliable).
• Compliance with legal obligations — legal basis: Article 6(1)(c) GDPR, where applicable (e.g., tax, accounting).

Inquiry correspondence is retained for as long as the engagement or business relationship is active, plus up to 24 months afterwards, or longer where retention is required by Ukrainian law (e.g., tax and accounting records — up to the statutory period).

Server access logs are retained for up to 30 days unless a security incident requires longer retention.

We do not sell personal data. We share personal data only with:

• Infrastructure providers processing data strictly on our instructions (hosting, email). These act as processors under Article 28 GDPR.
• Competent public authorities where disclosure is required by law.

Because we work with clients and vendors in the EU, the UK and beyond, personal data may be transferred to countries outside Ukraine and the EEA. We rely on appropriate safeguards including adequacy decisions, EU Standard Contractual Clauses, or equivalent legal mechanisms.

Subject to the applicable law, you have the right to access, rectify, erase or restrict processing of your personal data, to object to processing based on legitimate interest, and to data portability. You can withdraw any consent you have given at any time, without affecting processing carried out before withdrawal.

To exercise any of these rights, email kylogor@gmail.com. We respond within 30 days.

You also have the right to lodge a complaint with the competent supervisory authority — in Ukraine, the Ukrainian Parliament Commissioner for Human Rights; in the EU, the data protection authority of your member state.

We apply technical and organizational measures appropriate to the risk, including encryption in transit (HTTPS), access controls, least-privilege principles, and periodic reviews of our infrastructure.

This website is not directed at children under 16. We do not knowingly collect personal data from minors. If you believe a child has provided data to us, please contact us and we will delete it.

We may update this policy from time to time. Material changes will be announced on this page with an updated "last updated" date.