Privacy Policy

GENERAL INFORMATION

This Privacy Policy describes how the “LLC COXIT (EDRPOU code: 43299209, legal address: 64A Kulparkivska street, apartment 902, Lviv, Lviv region, 79015, Ukraine) &  COXIT Corp. (EIN: 32-0757448, legal address: 1611 E 2ND Street STE 26, Casper, Wyoming, 82601, USA)(hereinafter collectively – the “Team”, “We”, “Our” and “Us”) may use your personal data (sometimes referred to as “personal information” or “personally identifiable information”), and provides information about your rights in relation to personal data (hereinafter – the “Privacy Policy”) in a situation when you: (i.) visit Our website (available at https://www.coxit.co/), or (ii.) when you contact Us via Our contact data posted on Our website, or (iii.) visiting Our social media profiles that you accessed through Our website. Hereinafter, such persons are collectively referred to as “User(s)”.

We are the owner and operator of the website: https://www.coxit.co/ (hereinafter – the “Website”). We are the “Controller” of the User(s) personal data in the following cases: (i.) when We provide the following services to the User(s): Software Development, Team Expansion, ML/AI Development or other customized business services (collectively, the “Services”), (ii.) when contacting potential Our User(s) who are interested in Our Services, and (iii.) when the User(s) interacts with our Website.

We are required under data protection legislation to notify Our User(s) of the information contained in this Privacy Policy. This Privacy Policy does not in any way imply the conclusion of a principal cooperative agreement or any other contractual relationship between Us and the User(s).

Please read Our Privacy Policy carefully to get a clear understanding of how we collect, use, store, share, protect, or otherwise handle your personally identifiable information in accordance with our Website.

Notice: Our Website may contain links to other websites that are not operated by Us. If a User(s) clicks on a third-party link on Our Website, such User(s) will be directed to that third party’s website. We strongly recommend that the User(s) review the privacy policy of each website that the User(s) visit. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites and/or services located outside Our Website.

DEFINITIONS

The terms used, such as “controller”, “processor”, “third-party”, “personal data breach”, “personal data” or their “processing”, etc. refer to the definitions in Article 4 of the GDPR.

The term “User” covers all categories of persons affected by data processing. These include our business partners, customers, potential customers, employees, contractors, subcontractors, service providers, etc., and other visitors to Our Website. The terms used, such as “Users” are to be understood gender-neutral.

GROUNDS FOR COLLECTION OF PERSONAL DATA

Any process of User(s) personal data is performed only in accordance with this Privacy Policy, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJEU No L 119 of 4 May 2016) (hereinafter – the “General Data Protection Regulation” and the “GDPR”), the UK Data Protection Act of 2018 (hereinafter – the “UK DPA”), and other regulatory acts.

We process personal data of User(s) only in compliance with the relevant data protection regulations. This means that Users’ data will only be processed if we have a legal permit. That is, especially if the data processing for the provision of Our Services is required or required by law, the consent of the user exists, as well as Our legitimate interests (i.e., interest in the analysis, optimisation and economic Operation and security of Our Services offer within the meaning of Art. 6 (1) lit. GDPR).

Please note that: (1) the legal basis for the consent is Art. 6 para. 1 lit. a. and Art. 7 GDPR; (2) the legal basis for processing for the purpose of fulfilling our services and implementing contractual measures is Art. 6 para. 1 lit. b. GDPR; (3) the legal basis for processing for the purpose of fulfilling our legal obligations is Art. 6 para. 1 lit. c. GDPR; (4) the legal basis for the processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f. GDPR, etc.

In the event that the User(s) is a resident of Ukraine, the User(s) has certain privacy rights under Ukrainian law, including the Law of Ukraine (Law of Ukraine of 01.06.2010 No.2297-VI on Personal Data Protection).

If any of the Users is a resident of the United States, the User(s) has rights under the following state-specific law, which We are committed to comply with (the name of the document refers to the state): (i.) the California Consumer Privacy Act of 2018 (hereinafter – the “CCPA”), (ii.) the Colorado Consumer Privacy Act (hereinafter – the “CPA”), (iii.) the Connecticut Data Privacy Act of 2023 (hereinafter – the “CTDPA”), (iv.) the Delaware Personal Data Privacy Act (hereinafter – the “DPDPA”), (v.) the Florida Digital Bill of Rights (hereinafter – the “FDBR”), (vi.) the Biometric Information Privacy Act (hereinafter – the “BIPA”), (vii.) the Consumer Data Protection Act (hereinafter – the “CDPA”), (viii.) the Iowa Consumer Data Protection Act (hereinafter – the “ICDPA”), (ix.) the Montana Consumer Data Privacy Act (hereinafter – the “MCDPA”), (x.) the Oregon Consumer Privacy Act (hereinafter – the “OCPA”), (xi.) the Nevada Privacy of Information (hereinafter – the “Senate Bill 220” or the “SB 220”), (xii.) the Utah Consumer Privacy Act (hereinafter – the “UTCPA”), (xiii.) the Tennessee Information Protection Act (hereinafter – the “TIPA”), (xiv.) the Texas Data Privacy and Security Act (hereinafter – the “TDPSA”), (xv.) the Virginia Consumer Data Protection Act (hereinafter – the “VCDPA”), etc. If You are a U.S. federal government end User, Our Service is a “Commercial Item” as that term is defined at 48 C.F.R. §2.101.

HOW AND WHAT PERSONAL INFORMATION WE COLLECT ABOUT THE USER(S)

The User(s) directly provide Us with most of the personal data we collect. We collect, process, etc. the following personal data:

  • Personal data: We do not collect personal data such as last name, first name, date of birth, passport number and series, individual tax number, address of actual location, personal email address, mobile phone number, company data (such as name, legal address, tax number, email address, etc.) and your position in the company, curriculum vitae (in the case of employment), etc., when the User(s) visits our Website, unless the User(s) intentionally provide them through the contact forms for communication with us (for more details, see the “Contact Us” section) and/or when the User has provided personal consent through a pop-up questionnaire (by clicking the “Accept” button) on Our Website and/or in the process of registration (more details in the “Terms of Use” available at https://www.coxit.co/terms-of-use/), and hereby give full consent to the collection and processing of the User’s personal data. We will use this personal data to, but not limited to, to improve our Website and Services and to respond to such User’s request and subsequently send the User several promotional or informational emails regarding Our Services. If the User(s) do not wish to receive such emails, an unsubscribe option will be provided in the email or, if the User(s) wishes, may send an email with a request to [email protected]. Sometimes, we also collect and process personal data that is public knowledge about a certain User(s) during a personal research process of the User(s) on the social network (such as LinkedIn, Instagram, YouTube, etc.).
  • Non-personally identifiable information (such as the type of browser, referring website, date, and time of each User request, and other log data). Our purpose in collecting such information is to better understand how our Website is used and to maintain its proper functionality and usefulness for each User(s).
  • Other information about the User, which combines parts of each of the previous ones: We collect other information that the User may provide to us when completing a survey from Us or participating in promotional/marketing offers, etc.

COOKIE FILES

When the User uses Our Website, browses Our Services, and uses the available systems (in particular, to create contact requests sent via the contact form), so-called “cookies”* are created when the User browses these web pages.

*These are text files of small size that are stored in the User’s device, through which the User browses the websites. They are commonly used to ensure the operation of websites and other services provided over the Internet, and to improve and develop these websites, which is done by reading the contents of these files.

We collect information contained in “cookies”, such as the date of the User’s connection to the Website or the IP-address of the device from which the User connects to the Website, which is data that shows how the User(s) use Our Websites. This information is used for administrative and statistical purposes and aimed at improving Our Website and enhancing User’s user experience. In addition, this automatically processed data may be used to analyse the behaviour of the content User(s) on Our Website (e.g., time spent on the Website) or to personalise the content of the Website’s web pages, in particular by providing online advertising.

The User(s) are not obliged to accept cookies (the User(s) may agree to the use of cookies by clicking the appropriate button on our Website or by making the appropriate settings in your Web browser), but this may result in Our Website not functioning fully properly.

We use “Persistent Cookies” that are designed to store data over a long period of time and are activated each time the User visits Our Website that created that particular cookie. Each persistent Cookie is created with an expiry date that can be anywhere from a few days to several years in the future. When the Cookie expires, it is automatically deleted. Moreover, Persistent Cookies allow Our Website to “remember the User”.

First and Third Party Cookies on Our Website:

  • Cookies placed on your device include “first party Cookies”, which are Cookies that are placed by Us or by third party service providers acting on Our behalf. If such Cookies are managed by third parties, We only allow the third parties to use the Cookies for Our purposes as described in this Cookie Policy and not for their own purposes.
  • The Cookies placed on your device may also include “third party Cookies”, which are Cookies placed there by third parties. These Cookies may include third-party advertisers who display advertisements on Our Website and/or social media providers, etc. They may also include third parties who provide video content embedded on Our Website (e.g., YouTube, etc.). We have no control over the settings of these third-party cookies, so we encourage you to check the third-party websites to learn more about their use of cookies and how to manage them.

We also use social media buttons and/or plugins on the Website that allow you to connect with Our social network. In order for them to work, they set Cookies on Our Website that can be used to improve your profile on their website or to supplement the data they store for various purposes specified in their respective privacy policies and cookies policies.

CHILDREN’S PRIVACY

Our Website and Services are not directed to anyone under the age of 18 (hereinafter – the “Children”). We do not knowingly collect personal data from anyone under the age of 18. In case the User(s) is a parent or guardian and knows that your Children have provided Us with the personal data, please contact us (see “Contact Us” section). If We become aware that We have collected personal data from Children without parental consent, We take steps to delete this personal data from Our servers (taking into account the relevant provisions of Our Terms of Use).

PROTECTION AND USE OF PERSONAL DATA OF THE USER(S)

We use appropriate methods of personal data collection, storage, processing and share, as well as security measures to protect against unauthorised access, alteration, disclosure, or destruction of personal data of the User(s) and data stored on Our Website. We do not share personal data of the User(s) with third parties, except for Our affiliates, Our employees and/or contractors and/or subcontractors and/or recruitment service providers for Us, which have agreed in written consent not to collect, store, process and transfer the personal data of Our User(s) to other third parties without Our prior written permission, as well as to third parties described in the “APPLICABLE TERMS” section with whom We have signed their terms of use (offer agreement) or service agreement, and privacy policy when We registered for their services. We may (and do) enter into agreements (i.e., master service agreement and non-disclosure agreements, etc.) with each User(s) with whom we cooperate in various business areas that define the protection of Our confidential information, which includes the personal data of the User(s), and the liability for violation of these requirements.

We use User(s) personal data to (1) respond effectively to User(s) inquiries, (2) improve the quality of service to User(s), (3) facilitate the use of Our Website, (4) fulfill Our risk management and fraud prevention obligations to protect User(s) and Us from misuse of Our Services, (5) inform User(s) about changes and new features of Our Services; (6) share with our marketing and advertising partners to further improve Our marketing strategies, (7) comply with local, national and international laws and regulations to be able to provide Our Services to the User(s), etc. We may also use User(s)’ personal data to send newsletters, marketing or promotional materials and other information about Our Services and Our business.

Notice: We do not currently sell any personal data we collect from Users to third parties. If we do so in the future, we will update this Privacy Policy and provide all of Our Users with notice of this with an opportunity to opt-in or opt-out of the sale of their personal data.

We may be required to disclose all or any part of the User(s) personal data if required to do so by law or at the request of a governmental or regulatory organization/authority, or if We believe in good faith that such disclosure is necessary to (1) comply with legal or regulatory requirements or to conform to legal process; (2) to prevent crime; (3) to prevent any terrorist activity or threat to national security; (4) to protect and defend Our property rights; (5) to protect the safety or welfare of the User(s).

STORAGE OF OUR USER(S) PERSONAL DATA

We securely store User data on the hosting servers: https://www.ukraine.com.ua/.

The data retention period that we receive from the User(s) is calculated for each moment of cooperation individually in compliance with all relevant regulations, which are confirmed by this Privacy Policy. However, in general, the period is from 6 (six) months from the first collection of such data to the maximum period allowed by applicable law, taking into account such circumstances as whether the User continues to use Our Services or whether We cooperate with the User, etc. Retention periods from other recipients (owners of other websites outside of Our Website) are set exclusively by them in their privacy policies.

Notice: In case the User(s) requests that We do not store personal data by sending Us a request to [email protected], We will take all reasonable measures to delete all personal data about such User(s). However, with the explicit consent of the User, we may retain a streamlined version of their profile, including their email address, for future purposes, enabling us to keep the User informed about our recruitment campaigns or marketing offers.

YOUR RIGHTS (INCLUDING CHAPTER III, ARTICLES 15 – 21 OF THE GDPR , AND OTHER REGULATORY ACTS)

The User(s) has (have) the following rights in connection with the processing of personal data by Us (the exercise of each of the following rights is carried out at the request of the User(s)):

  • Submit a request to Us for access to the personal data of the User(s) (generally known as a “data subject access request”). This will allow the User(s) to obtain a copy of the personal data We hold about such User(s) and to verify that We are processing it lawfully.
  • Request correction of the personal data We store about the User(s). This will allow the User(s) to correct any incomplete or inaccurate information that We store about the User(s).
  • Request for deletion of personal information of the User(s). This allows the User(s) to ask Us to delete personal information if there are no compelling reasons for its further processing. The User(s) also have the right to ask Us to delete personal information if the User(s) have exercised their right to object to processing.
  • Object to the processing of the User(s) personal data when We rely on a legitimate interest (or the interest of a third party) and there is something specific to the situation that makes the User(s) object to the processing on this basis. The User(s) also have the right to object if We process personal data for direct marketing purposes, for example, in our recruitment campaigns.
  • Request to restrict the processing of personal data of the User(s). This allows the User(s) to request Us to pause the processing of personal data, for example, if the User(s) wants Us to check its accuracy or the reason for processing.
  • Submit a request to Us to transfer the User’s personal data to another party.

The User(s) does not need to pay for access to personal data (or for exercising any other rights). However, We may charge a reasonable fee if the User(s)’ request for access is manifestly unfounded or excessive, and in such circumstances We may refuse to grant the request.

We may need to request certain information from the User(s) to help Us verify the identity of the User(s) and to ensure that such User(s) have the right to access the information (or to exercise any other rights of the User(s)). This is another appropriate security measure to ensure that personal data is not disclosed to any person who is not entitled to receive it.

Notice: In the event that the User(s) wish to review, verify, correct or request deletion of personal data, object to the processing of personal data or request that We transfer a copy of personal data to another party, please contact Us at [email protected] in writing.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

The User’s personal data is transferred to (or within) third countries if the Services provided by Us will also be provided in the territory of a third country. The personal data of the User(s) may also be transferred to entities that provide tax, legal, and audit advice to Us if they operate in or outside the territory of a third country. In each of the above cases, We protect the processing of the User’s personal data, in particular, by entering into confidentiality agreements and processing personal data in a manner that complies with the provisions of generally applicable EU and UK data protection laws, as well as on terms designed to ensure the security of the processing of the User’s personal data. We do not transfer personal data of the User(s) to international organizations. We also do not transfer personal data of the User(s) to third countries, if such transfer is impossible or prohibited by generally accepted legislation.

  • Any transfer of personal data to the United States of America and other countries outside the European Union (hereinafter – the “EU”) and the European Economic Area (hereinafter – the “EEA”) will be carried out on the basis of Standard Contractual Clauses (hereinafter – the “Standard Contractual Clauses” or the “SCC”) together with a Transfer Impact Assessment (hereinafter – the “TIA”) in accordance with Art. 46(2)(c) GDPR and with the consent of the User(s), e.g., if the User consents to the use of cookies, this will also be consent to the possible transfer of the User’s personal data to the United States of America in accordance with Art. 49(1)(a) GDPR in connection with Art. 6(1)(a) GDPR.
  • Any transfer of personal data to the EU and/or the EEA is carried out on the basis of a Data Protection Agreement (hereinafter referred to as “Data Protection Agreement” and/or the “DPA”), if necessary, together with a TIA, in accordance with Art. 28 GDPR, Art. 32 GDPR, etc., and with the consent of the User(s) (e.g., based on Art. 6(1)(a) GDPR).

Note: By accepting Our Privacy Policy, You agree and authorize Us to transfer Your data as described in this section, subject to applicable law. If You wish to withdraw this authorization, please contact Us at [email protected].

APPLICABLE TERMS

We may partner with third-party companies and individual entrepreneurs to facilitate the operation of our Services, to provide Services on Our behalf, or to assist Us in the analysis of how Our Services and/or Our Website are used for the purpose of improving it, etc. (collectively, “Service Providers”). Such third parties have access to the Personal Data of the User(s) only to perform the tasks provided directly by Us and are obliged not to disclose or use them for any other purpose, except as provided in the customized cooperation agreement (as described below) or in the terms of use (offer agreement) and privacy policy on the websites of such third parties. Such cooperation with third parties must be documented by the necessary documents (including the master service agreement and non-disclosure agreements and/or terms of use (offer agreement) and privacy policy, etc.) with appropriate penalties for breach of obligation, but the User(s) approve by granting Us consent to the processing etc. of personal data that We are not responsible (including solidary responsibility) for the unlawful use of the User’s personal data by such Service Providers (please note that each Service Provider manages personal data in accordance with the personal terms of use (offer agreement) and privacy policy on the Service Providers’ websites).

  • Google Analytics (Google LLС) is a web analysis service provided by Google Inc. Google utilizes the data collected to track and examine user behavior, to prepare reports, and share insights with other Google services. Google may use the data collected to contextualize and personalize the advertisements launched via Google’s advertising network. The service is subject to Google’s Privacy Policy (available at the link).
  • Google Tag Manager (Google LLС) is a web service designed to optimize the Google Analytics management process. The service is provided by Google Inc. and is subject to Google’s Privacy Policy (available at the link).
  • Google AdWords Tools (Google AdWords Conversion Tracking/ Dynamic Remarketing / User List / DoubleClick) (Google LLС) Google AdWords conversion tracking and other Google Ads services are analytic instruments, connect data from the Google AdWords advertising network with actions taken on our website. The services are provided by Google Inc. and are subject to Google’s Privacy Policy (available at the link).
  • Google AdWords (Google LLC) DoubleClick (Google Inc.) / DoubleClick Bid Manager / Google DoubleClick Google AdWords and Double Click are advertising services that enable efficient interaction with potential customers by suggesting relevant advertisements across Google Search, as well as Google’s partner networks. The services are provided by Google Inc. and are subject to Google’s Privacy Policy (available at the link).
  • Facebook Ads conversion tracking (Facebook, Inc.) Facebook Ads conversion tracking is an analytics service that binds data gathered from the Facebook advertising network with actions performed on our website. The service is provided by Facebook, Inc. and is subject to Facebook’s Privacy Policy (available at the link).
  • Facebook Audience Network (Facebook, Inc.) is an advertising service that helps to monitor and evaluate the efficiency of advertising campaigns launched via Facebook. The service is provided by Facebook, Inc., and is subject to Facebook’s Privacy Policy (available at the link).
  • LinkedIn Marketing Solutions / LinkedIn Ads (LinkedIn Corporation) LinkedIn Ads allows for tracking the efficiency of advertising campaigns launched via LinkedIn. The service is provided by LinkedIn Corporation and is subject to LinkedIn’s Privacy Policy (available at the link).
  • X Advertising / X Conversion Tracking (X Corp.) The X Ads network allows for tracking the efficiency of advertising campaigns launched via X. The service is provided by X Corp. and is subject to X’s Privacy Policy (available at the link).
  • Hotjar (Hotjar Limited) is an analytical tool that allows website owners and digital marketers to gain deep insights into user behavior on their site. The service is subject to Hotjar’s Privacy Policy (available at the link).
  • GitHub (GitHub, Inc.) is a web-based platform that allows developers to collaborate on software projects, manage code repositories, and track version control. The service is subject to GitHub’s Privacy Policy (available at the link).
  • Anyscale (Anyscale, Inc.) is a platform that enables developers to build, deploy, and manage scalable distributed applications with ease. The platform leverages Ray, an open-source framework, to facilitate efficient and scalable processing for machine learning and other computational workloads. The service is subject to Anyscale’s Privacy Policy (available at the link).
  • Microsoft Outlook (Microsoft Corporation) is an email and personal information management service that offers features such as email organization, calendar scheduling, task management, and contact management. The service is subject to Microsoft’s Privacy Policy (available at the link).
  • HubSpot (HubSpot, Inc.) is an inbound marketing, sales, and customer service platform that helps businesses attract visitors, convert leads, and close customers. The service is subject to HubSpot’s Privacy Policy (available at the link).
  • Clutch (Clutch Co LLC) is a comprehensive platform designed to connect businesses with service providers, facilitating client reviews, and project management. This service allows users to find, evaluate, and engage with service providers in various industries. The platform is provided by Clutch Co LLC and is subject to the privacy policy of Clutch Co LLC (available at the link).
  • Upwork (Upwork Global Inc.) is a freelancing platform that connects businesses with independent professionals for various projects, facilitating collaboration across multiple industries. The service is governed by Upwork’s Privacy Policy (available at the link).
  • Calendly (Calendly, LLC) is a scheduling automation platform designed to streamline appointment bookings and optimize scheduling workflows, enabling users to coordinate meetings efficiently. The service is subject to Calendly’s Privacy Policy (available at the link).
  • Ukraine.com.ua is a web hosting and domain registration platform that supports businesses and individuals in establishing an online presence through various hosting solutions, domain services, and website tools. The service is subject to Ukraine.com.ua’s Privacy Policy (available at the link).

REPORTING A VULNERABILITY

If you have discovered an issue that you believe is an in-scope vulnerability, please email [email protected].

Include the following, as applicable:

  • A detailed description of the vulnerability
  • Full URLs associated with the vulnerability
  • A Proof of Concept (POC) or instructions (e.g., screenshots, video, etc.) on how to reproduce the vulnerability, or steps taken to exploit the vulnerability
  • Entry fields, filters, or other input objects involved
  • Your assessment of risk, or exportability assessment
  • Instructions for how to reach you with follow-up questions

Offering a solution is encouraged, but not required, to report a vulnerability. Lack of detailed vulnerability explanation may result in delays in our response and subsequent potential actions on the finding.

UPDATES TO THIS PRIVACY POLICY

We have the right to periodically change, update and supplement the Privacy Policy to ensure the security of Personal Data, notify the User(s) of changes in the use of Personal Data and comply with the requirements of GDPR, CCPA, UA legislation, etc.

In the event of significant changes regarding personal data, We notify the User(s) of such changes by posting news on the Website before the changes become effective and update the “Last update” at the top of Our Privacy Policy and/or by means of an e-mail newsletter. We recommend that the User(s) periodically review the Privacy Policy to obtain information about how We use the User’s personal data.

In case the User(s) have opted out of emails in which We inform the User(s) of changes in legal documentation, the User(s) are still responsible for familiarizing Yourself with them.

After making changes to the Privacy Policy, We have the right to request the Users’ re-consent to the updated Privacy Policy. Changes to the current Privacy Policy shall become effective 30 (thirty) calendar days from the date of publication of the new, amended version of the Privacy Policy.

Our electronic or otherwise stored copies of the Privacy Policy shall be deemed to be the true, complete, valid and enforceable version of this Privacy Policy in effect at the time of the User(s) interaction with Our Website.

By continuing to interact with Our Website, the User(s) confirm the User’s acceptance of the changes made to this Privacy Policy.

This Privacy Policy is written in English, and if You use a web browser translator or any other translation tool, We are not responsible for the accuracy and quality of such translation.

CONTACT US

In the event that the User(s) has any questions about Our Privacy Policy, the data We hold about the User(s), or the User(s) would like to exercise one of the data protection rights, please contact Us by sending an email to [email protected] or [email protected].