Privacy Policy
Effective date of this Privacy Policy Version: 12 June 2025
1. Introduction
Welcome to Inforce.digital (the “Site“). We — Inforce Digital, sole proprietorship of Illia Kovtun (referred to as “Inforce,” “we,” “us” or “our“) — respect your privacy and protect your personal data in accordance with:
- the EU General Data Protection Regulation (GDPR);
- the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA); and
- the Law of Ukraine “On Personal Data Protection.”
This Policy describes what data we collect, why, how we process it, with whom we share it, how long we keep it and what rights you have. If anything remains unclear after reading, please get in touch.
Quick contact: info@inforce.digital
Postal address: 31 Sofii Yablonskoi St., Lviv, 79000, Ukraine
2. Who we are
The data controller is Illia Kovtun, FOP (sole proprietor), Ukraine. Because our data processing is limited in scope, we have not appointed a Data Protection Officer (DPO). Should we appoint a DPO or an EU representative under Art. 27 GDPR, we will update this section.
3. Data we collect
3.1. Data you give us directly
| Category | Examples | Source |
|---|---|---|
| Contact data | Name, surname, email, phone, company, job title | Contact forms, emails, calls |
| Communication data | Messages, files, briefs, contracts | Free-text fields, uploads |
| Recruitment data | CV, LinkedIn profile, portfolio | “Join the team” form, email |
3.2. Data we collect automatically
| Category | Examples | Source |
|---|---|---|
| Technical data | IP address, browser type/version, OS, screen resolution, language, time-zone | Cookies, server logs |
| Usage data | Pages viewed, time on page, clicks, referrers | Analytics cookies, GA4, Microsoft Clarity |
Sensitive data. We do not intentionally collect special-category data (race, health, etc.). Please do not provide such information. If we inadvertently receive it, we will delete it.
CCPA categories. The above map to CCPA “Identifiers,” “Internet Activity,” “Professional Information,” and similar categories under §1798.140 CCPA.
4. Our legal bases (GDPR Art. 6)
| Purpose | Data categories | Legal basis |
|---|---|---|
| Responding to enquiries & consultations | Contact, Communication | Legitimate interest (business development) or Contract performance (pre-contractual steps) |
| Provision & administration of services | Contact, Communication | Contract performance |
| Recruitment | Recruitment, Contact | Consent + Legitimate interest (candidate assessment) |
| Marketing emails | Contact | Consent (you may withdraw at any time) |
| Analytics & UX improvement | Technical, Usage | Consent (non-essential cookies) + Legitimate interest (improving UX) |
| Security & fraud prevention | Technical, Usage | Legitimate interest (protecting systems) |
| Compliance with legal obligations | All listed | Legal obligation (tax, accounting, defence of rights) |
5. How we use your data
- respond to your enquiries and send quotations;
- conclude and perform contracts;
- send newsletters if you’ve opted in;
- analyse traffic to improve the Site;
- secure our systems and prevent fraud;
- process job applications;
- meet accounting and legal requirements.
6. Sharing your data
We do not sell or “share” your personal data with third parties for their own benefit or for cross-context behavioural advertising.
| Recipient category | Examples | Purpose |
|---|---|---|
| Cloud hosting | Hetzner Cloud, AWS | Hosting, backups |
| Analytics | Google Analytics 4, Microsoft Clarity | Site analytics (cookie-based, consent) |
| CRM & email marketing | Pipedrive, Zoho Mail | Customer relationship management, newsletters |
| Advertising networks | Google Ads, LinkedIn Ads | Marketing (only if you accept marketing cookies) |
| Professional advisers | Lawyers, auditors, accountants | Legal / accounting services |
| Public authorities | Courts, supervisory authorities, law enforcement agencies | Where required by law |
All processors act under written contracts, use the data only in accordance with our instructions, and implement appropriate security measures, except for processing carried out by public authorities. Such processing is performed in accordance with applicable law, and any disclosure of information to them is made solely in the cases and to the extent required by law.
7. International data transfers
We operate from Ukraine, while some servers are located in the EU and USA. When transferring personal data from the European Economic Area we rely on:
- Standard Contractual Clauses (SCC) approved by the European Commission;
- an Adequacy Decision where applicable; or
- your explicit consent / contract necessity where relevant.
8. Cookies & similar technologies
8.1. What are cookies?
Cookies are small text files stored in your browser. They enable core functionality, remember preferences and help us analyse traffic.
8.2. Types we use
| Category | Purpose | Examples |
|---|---|---|
| Strictly necessary | Core functions (e.g. forms) | PHP Session, Cloudflare Security |
| Analytics | Understand site usage | GA4 (_ga), Clarity (_clck) |
| Functional | Remember your choices | LangPref, ThemePref |
| Marketing / targeting | Measure ad performance | Google Ads Conversion, LinkedIn Insight |
8.3. Your choices
- On first visit, a cookie banner lets you accept all, reject non-essential, or customise categories.
- You can later revisit your choice via “Cookie Settings” in the footer.
- You can also delete/block cookies in your browser settings.
- We honour the Global Privacy Control (GPC) signal as an opt-out for marketing cookies for California residents.
9. Security & retention
9.1. Security measures
- TLS 1.3 encryption (HTTPS)
- Role-based access control & 2-factor authentication
- Regular patch management
- Encrypted backups
- Staff privacy & security training
9.2. Retention periods
| Data category | Typical period | Rationale |
|---|---|---|
| Contact enquiries | Up to 1 year after last contact | Legitimate interest |
| Contracts & invoices | 5–7 years | Accounting law |
| Newsletter list | Until you unsubscribe | Consent |
| Analytics logs | 14 months (GA4 default) | Consent / legitimate interest |
| CVs | Up to 6 months post-hiring cycle (unless you consent to longer) | Legitimate interest |
After expiry, data are securely deleted or anonymised. Backup copies are purged within 30 days via our backup rotation.
10. Your rights
- Receive information about the processing of your personal data.
- Obtain a copy of your personal data that we process.
- Request the correction of inaccurate or incomplete personal data.
- Request the deletion (erasure) of your personal data where applicable and where it does not conflict with legal retention obligations.
- Request the restriction of the processing of your personal data.
- Object to the processing of your personal data if you believe your rights override our legitimate interests.
- Withdraw your consent to data processing at any time when processing is based on consent.
- Lodge a complaint with your local data protection authority.
- Receive information about data disclosures to third parties, including the legal grounds for such disclosures.
- Learn about automated decision-making (if applicable). We do not use automated decision-making that produces legal or similarly significant effects on users.
10.1. Additional Rights of Data Subjects in the EU/EEA residents (GDPR)
- The right to data portability (to receive your data in a structured, commonly used, machine-readable format or to request its transfer to another controller).
- The right to object to processing for direct marketing purposes or processing based on “legitimate interests.”
- The right to contact your supervisory authority, e.g., CNIL, ICO, UODO, or your national regulator.
10.2. Additional rights of California residents (CCPA/CPRA)
- The right to know the categories of personal information collected.
- The right to delete your personal information.
- The right to correct inaccuracies in your personal information.
- The right to opt out of the “sale” or “sharing” of personal information (we do not sell personal data, but we honor GPC signals and direct requests).
- The right to non-discrimination for exercising your rights.
- The right to appoint an authorized agent to submit requests on your behalf.
10.3. Rights of Residents of Ukraine
- To know the sources and location of their personal data.
- To receive information about the conditions of access to their personal data.
- To obtain information about third parties to whom their personal data is transferred.
- To request the correction or deletion of personal data if it is processed unlawfully or is inaccurate.
- To protect their personal data from unlawful processing, accidental loss, or destruction.
- To file complaints with the Commissioner of the Verkhovna Rada of Ukraine for Human Rights.
10.4. Rights of Residents of other Countries
If the local laws of your country of residence provide additional or specific rights regarding personal data, you are also entitled to exercise those rights. We will fulfill your request in accordance with the applicable legal requirements of your jurisdiction.
10.5. How to exercise your rights
Email info@inforce.digital with subject “Privacy Request” and state which right you wish to exercise. We may verify your identity. We respond within 30 days.
11. Children’s privacy
The Site and services are not intended for individuals under 16. We do not knowingly collect data from children. If we learn we have received personal data from a child without parental consent, we will delete it promptly.
12. Changes to this Policy
We may update this Policy from time to time. For material changes we will give an explicit notice on the Site or via email. The latest version is always available on this page
13. Contact us
Controller: Illia Kovtun, FOP
Address: 31 Sofii Yablonskoi St., Lviv, 79000, Ukraine
Email: info@inforce.digital
Website: https://inforce.digital/