Privacy Policy

Version: 2.0
Date of amendment and entry into force: 06 April 2026
Approved by: Director of the Private Enterprise “PRK “URI”

1. General Provisions

1.1. This Privacy Policy defines the procedure for the collection, receipt, recording, accumulation, storage, adaptation, alteration, updating, use, dissemination, transfer, anonymization, blocking, and destruction of personal data processed by PRK URI LLC (hereinafter referred to as the Company).

1.2. This Policy applies to all personal data processed by the Company in connection with:

  • the provision of private investigation services;
  • the provision of private intelligence and OSINT analytical services;
  • services in the field of corporate security;
  • security, analytical, legally related, and management consulting;
  • international activities;
  • work with clients, including legal entities and individuals;
  • the recruitment of personnel, contractors, partners, and counterparties;
  • the operation of the website, electronic communication channels, office infrastructure, and security systems;
  • the protection of the rights and legitimate interests of the Company, its clients, and partners.

1.3. The Company recognizes confidentiality, lawfulness, and proportionality of personal data processing as among the fundamental principles of its professional activity.

1.4. The Company processes personal data in accordance with:

  • the legislation of Ukraine;
  • the applicable international treaties of Ukraine;
  • the requirements of the GDPR and related European personal data protection standards;
  • the Company’s internal policies, procedures, and technical standards.

2. Terms

Personal Data means any information or set of information relating to an identified or specifically identifiable natural person.

Data Subject means a natural person whose personal data is being processed.

Processing of Personal Data means any operation or set of operations performed on personal data, including collection, recording, storage, alteration, use, transfer, deletion, and destruction.

Controller / Holder of Personal Data means the Company, which determines the purposes and means of processing personal data.

Operator / Administrator / Processor means a person or organization that processes personal data on behalf of the Company on the basis of a contract or law.

Confidential Information means any data, materials, documents, communications, records, information about individuals, clients, projects, sources, methodologies, technical and organizational solutions that are not public and access to which is restricted by the Company or by law.

3. Who We Are and How to Contact Us

Controller of Personal Data:
PRIVATE ENTERPRISE “PRIVATE INTELLIGENCE COMPANY ‘UKRROZSHUKINFO’”
EDRPOU Code: 37698959

Email for personal data matters:
zakazppc@gmail.com

Responsible person / structural unit for personal data protection matters:
Director of the Private Enterprise “PRK “URI”

4. Principles of Personal Data Processing

4.1. Lawfulness, fairness, and transparency

Personal data shall be processed on lawful grounds, fairly, and within the declared purposes.

4.2. Purpose limitation

Data shall be collected only for specific, explicit, and lawful purposes and shall not be processed in a manner incompatible with those purposes.

4.3. Data minimization

The Company processes only the data that is objectively necessary to achieve the relevant purpose.

4.4. Accuracy

The Company takes reasonable steps to update and rectify inaccurate or outdated data.

4.5. Storage limitation

Data shall be retained no longer than necessary for the purpose of processing, unless otherwise required by law or by the protection of legal claims.

4.6. Integrity, confidentiality, and security

The Company applies organizational, legal, and technical measures to protect data against unauthorized access, loss, disclosure, alteration, or destruction.

4.7. Accountability

The Company documents its approaches to personal data processing, allocates responsibility, and monitors compliance with this Policy.

5. Categories of Personal Data We May Process

Depending on the nature of the services, the Company may process the following categories of data:

5.1. Identification data

Full name, date of birth, citizenship, photograph, document data, taxpayer number / tax and registration identifiers, official status.

5.2. Contact data

Telephone number, postal address, messengers, profiles in professional and public networks.

5.3. Professional and corporate data

Position, place of work, links with companies, registration and corporate data, participation in legal entities, business reputation, professional history.

5.4. Data related to contract performance

Requests, instructions, terms of reference, communication history, acceptance certificates, invoices, payment details.

5.5. Analytical data in the course of private investigations

Data from open sources, registers, sanctions and court databases, media, social networks, public archives, corporate sources, the client’s internal sources, witness statements, documents, electronic traces, logs, photo and video materials, where such processing is lawful and necessary.

5.6. Security data

Data relating to incidents, checks, access to premises or systems, security logs, video surveillance, cyber incidents, internal investigations, and compliance checks.

5.7. HR and vendor due diligence data

CVs, references, information on experience, certifications, business reputation, and information on integrity checks within the limits permitted by law.

5.8. Technical data

IP addresses, device identifiers, cookie data, log files, electronic interaction metadata, where processed through the website, portals, security systems, or corporate services.

5.9. Special categories or sensitive data

Only in exceptional cases where this is expressly permitted by law, necessary to protect rights, investigate an incident, comply with a legal obligation, or based on another appropriate legal ground.

6. Sources of Personal Data

  • directly from the data subject;
  • from a client who has lawfully engaged the Company to perform a task;
  • from open sources and public registers;
  • from counterparties, partners, lawyers, auditors, and technical contractors;
  • from the client’s corporate systems within the scope of the contract and granted authority;
  • from official responses of authorities, registers, databases, and compliance screening platforms;
  • from video surveillance systems and physical / information security tools, where lawful;
  • from publicly available sources on the Internet;
  • from insider reports of incidents, submissions, complaints, and evidence packages.

7. Purpose of Personal Data Processing

  • identification of clients, counterparties, partners, and contact persons;
  • conclusion, performance, administration, and termination of contracts;
  • provision of private investigation, private intelligence, corporate security, security consulting, and related analytical services;
  • integrity checks, due diligence, background screening, conflict checks, sanctions screening, and business reputation checks;
  • protection of the rights, legitimate interests, security, and property of the client, the Company, or third parties;
  • consideration of submissions, claims, requests, complaints, incidents, and internal reviews;
  • ensuring information, cyber, physical, personnel, and corporate security;
  • compliance with legal requirements, record keeping, reporting, and archiving;
  • administration of HR processes and cooperation with contractors and candidates;
  • administration of the website, accounts, corporate systems, and security logs;
  • marketing, professional communication, event invitations, and distribution of materials.

8. Legal Grounds for Processing

  • the consent of the data subject, where required;
  • necessity for the conclusion or performance of a contract;
  • compliance with a legal obligation established by law;
  • protection of the vital interests of the person or another natural person;
  • the legitimate interest of the Company or a third party;
  • the establishment, exercise, or defense of legal claims;
  • other grounds provided for by law.

24. Final Provisions

24.1. This Policy is the Company’s core document in the field of confidentiality and personal data protection.

Are you experiencing security issues?
Contact us for advice!

Consultation
Scroll to Top