PRIVACY POLICY

This document (“Privacy and Personal Data Protection Policy”) defines the procedure for collecting, using, disclosing, storing, and processing the personal data of Users of the trading platform inbulk.com in accordance with Regulation (EU) 2016/679 (GDPR), the Law of Ukraine “On the Protection of Personal Data” and other applicable laws and regulations (hereinafter referred to as “Data Protection Legislation”).

The purpose of this Policy is to ensure transparency and clarity for Users regarding what personal data is collected, for what purpose it is used, to whom it may be disclosed, and what rights Users have regarding their data.

Important: By using the Platform (registering, sending information, using its functionality), the User confirms that they have read the provisions of this Policy and accept its terms.

The processing of personal data is carried out on the grounds provided for in Article 6 of the GDPR, in particular:

on the basis of the consent of the data subject;
in connection with the need to perform a contract to which the User is a party;
to fulfill the legal obligations of the Platform;
to pursue the legitimate interests of the Platform, which do not override the rights and freedoms of the User.

1. DEFINITION OF TERMS

1.1. The following terms are used in this Privacy Policy:

1.1.1. “Site Administration” – employees who are authorized to manage the site, act on behalf of the site inbulk.com, organize and/or process personal data, and determine the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data.

1.1.2. “Personal data” – any information relating directly or indirectly to a specific natural person (subject of personal data) or a natural person (subject of personal data) who is being identified.

1.1.3. “Processing of personal data” means any action (operation) or set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.

1.1.4. “Confidentiality of personal data” means a mandatory requirement for the Operator or other person who has access to personal data to prevent its dissemination without the consent of the subject of personal data or without other legal grounds.

1.1.5. “Website user” – a person who has access to the website via the Internet and uses the Website.

1.1.6. “IP address” – a unique network address of a node in a computer network built using the IP protocol.

2. GENERAL PROVISIONS

By using the inbulk.com website, the User acknowledges and agrees to the terms of this Privacy Policy.

2.2. Legal grounds for processing

The User’s personal data is processed exclusively on legal grounds specified by applicable law and Regulation (EU) 2016/679 (GDPR), in particular:

on the basis of the User’s voluntary, specific, informed, and unambiguous consent;
in connection with the need to perform a contract to which the User is a party, or to take action at the User’s request prior to entering into a contract;
in cases where processing is necessary for the Website Administration to comply with a legal obligation;
for the purposes of the legitimate interests of the Site Administration or third parties, unless such interests override the rights and interests of the User.

2.3. Disagreement with the terms

If the User does not agree with the terms of this Privacy Policy, they must stop using the site.

2.4. Third-party websites

This Privacy Policy applies exclusively to the website inbulk.com. The Website Administration does not control and is not responsible for third-party websites that the User may access via links available on the website.

3. SUBJECT OF THE PRIVACY POLICY

3.1. Data processing procedure

This Privacy Policy defines the procedure for collecting, storing, using, and protecting Users’ personal data, as well as the obligations of the Site Administration regarding their confidentiality and security.

3.2. Personal data collected

Personal data that may be processed in accordance with this Policy includes data that the User voluntarily provides by filling out a registration or other form on the website inbulk.com, in particular:

3.2.1. surname, first name, and (if any) patronymic;
3.2.2. telephone number;
3.2.3. email address;
3.2.4. postal address;
3.2.5. other data that the User may voluntarily provide while using the Website.

3.3. Technical data

In addition to the above, technical data may be automatically collected during the use of the Website using cookies, server logs, and other analytics tools, including:

IP address;
information about the browser and/or other program used to access the Website;
date and time of visit;
address of the page from which the User came to the Website (referrer);
information about the operating system and device.

3.3.1. The inbulk.com Website may use this information to support the proper functioning of the Website, ensure information security, identify and eliminate technical problems, and for statistical and analytical purposes.

3.4. Other data

Any other personal data not covered by this Policy shall be processed only with the User’s separate consent or in cases expressly provided for by law.

4. PURPOSE OF COLLECTING AND PROCESSING PERSONAL DATA

4.1. Legitimate processing purposes

The website administration processes Users’ personal data solely for specific and legitimate purposes. In particular, personal data may be used for:

4.1.1. Providing the User with access to personalized features and resources of the Website.
4.1.2. Organizing feedback with the User, including sending messages, responding to requests, processing applications, and ensuring the provision of services.
4.1.3. Confirming the accuracy and relevance of the personal data provided by the User.
4.1.4. Providing technical and customer support to Users.
4.1.5. Fulfilling contractual obligations to the User.
4.1.6. Sending the User (with their prior consent) informational and marketing materials: product updates, special offers, news, pricing information, and other communications on behalf of inbulk.com.
4.1.7. Conducting advertising and marketing activities only with the prior consent of the User.
4.1.8. Detecting and preventing fraud, ensuring information security and protecting the Website.
4.1.9. Fulfilling legal obligations imposed on the Website Administration in accordance with the law.
4.1.10. Providing the User with access to services or resources of partners (if necessary for the performance of a contract or based on the User’s consent).

5. METHODS AND TERMS OF PROCESSING PERSONAL INFORMATION

5.1. Processing methods

The User’s personal data is processed in accordance with the principles and requirements set forth in the legislation and Regulation (EU) 2016/679 (GDPR). Processing may be carried out with or without the use of automated means.

5.2. Storage terms

Personal data is stored for no longer than is necessary to achieve the purposes for which it was collected, or for the periods expressly provided for by law or contract. Once these purposes have been achieved or the relevant periods have expired, the data shall be deleted or anonymized, unless otherwise required by law.

5.3. Security breach

Important: In the event of a breach of personal data security (loss, unauthorized access, disclosure, etc.), the Site Administration is obliged to notify the User without undue delay, as well as, in cases provided for by the GDPR, the relevant supervisory authority no later than 72 hours from the moment the incident is detected.

5.4. Security measures

The Site Administration shall apply appropriate technical and organizational measures to ensure the security of personal data, including protection against unauthorized or accidental access, destruction, alteration, blocking, copying, distribution, and other illegal forms of processing.

5.5. Damage prevention

The site administration, together with the User, takes the necessary measures to prevent possible damage or other negative consequences that may be caused by a breach of personal data confidentiality.

6. OBLIGATIONS OF THE PARTIES

6.1. The User is obliged to:

6.1.1. Provide accurate, complete, and up-to-date personal data during registration and use of the platform;
6.1.2. Refrain from providing personal data of third parties without proper legal grounds or consent of such persons;
6.1.3. Timely update personal data in case of changes, inaccuracies, or incompleteness;
6.1.4. Not to abuse the rights of the personal data subject, not to interfere with the lawful activities of the Site Administration;
6.1.5. To familiarize yourself with updates to this Privacy Policy and comply with its provisions when using the site.

6.2. The website administration is obliged to:

6.2.1. Use the personal data obtained solely for the purposes specified in Section 4 of this Policy;
6.2.2. Ensure the confidentiality of personal data and not transfer it to third parties without legal grounds or the User’s consent, except as provided by law or this Policy;
6.2.3. Take appropriate technical and organizational measures (in particular, encryption, pseudonymization, access control, backup) to protect personal data;
6.2.4. Ensure the blocking or restriction of the processing of the User’s personal data for the period of verification in the event of a request from the User, their legal representative, or an authorized body regarding inaccurate or unlawfully processed data;
6.2.5. Perform other duties provided for by the GDPR and the current legislation of Ukraine.

6.3. The website administration has the right to:

6.3.1. Process the User’s personal data on the grounds specified by law, in particular for the purpose of performing a contract, complying with legal obligations, or realizing a legitimate interest;
6.3.2. Store personal data for the period necessary to achieve the purpose of processing or as provided by law;
6.3.3. Transfer personal data to third parties, including abroad, subject to compliance with the requirements of the law and ensuring an adequate level of protection;
6.3.4. Refuse to satisfy certain requests of the User (for example, to delete data) if the processing is carried out on the basis of the law or is necessary for the realization of a legal interest;
6.3.5. Update, change, or supplement this Policy in accordance with changes in legislation or data processing practices.

6.4. The user has the right to:

6.4.1. Receive confirmation of the processing of their personal data;
6.4.2. Access their personal data and information about the purposes of processing, data categories, storage periods, and recipients;
6.4.3. Request the correction of inaccurate or outdated personal data;
6.4.4. Have personal data deleted (“right to be forgotten”) if there are no legal grounds for further processing;
6.4.5. Restrict processing in the cases provided for in Article 18 of the GDPR;
6.4.6. Transfer their personal data in a structured, machine-readable format (right to data portability);
6.4.7. Object to the processing of personal data, including for direct marketing or profiling purposes;
6.4.8. Not be subject to a decision based solely on automated processing, including profiling, which may have legal consequences or otherwise significantly affect you;
6.4.9. Withdraw consent to the processing of personal data at any time, if such processing is based on consent;
6.4.10. Lodge a complaint with a supervisory authority for personal data protection.

7. RESPONSIBILITY OF THE PARTIES

7.1. Administration liability

The website administration is liable for violations of personal data protection requirements in accordance with the current legislation of Ukraine and Regulation (EU) 2016/679 (GDPR) if it is proven that such violations occurred through its fault.

7.2. Exclusion of Administration liability

The website administration is not responsible for the loss or disclosure of personal data if such information:

7.2.1. Became publicly available prior to its loss or disclosure;
7.2.2. Was obtained from a third party on legal grounds prior to its receipt by the Site Administration;
7.2.3. Was disclosed with the consent of the User;
7.2.4. Became known as a result of the actions or inaction of the User himself.

7.3. User responsibility

The User is responsible for the accuracy and relevance of the personal data provided by them, as well as for the unlawful use of personal data of third parties provided without their consent or proper legal basis.

7.4. Damage compensation

In the event of a proven violation by the Site Administration or the User, the violating party is obliged to compensate for the damage caused within the limits provided for by current legislation.

7.5. Third-party liability

In the event of the transfer of personal data to third parties (processors or controllers), the Site Administration is responsible for their compliance with the requirements of the GDPR and Ukrainian legislation, unless otherwise expressly provided by contract or law.

8. SECURITY OF YOUR PERSONAL DATA

8.1. Security measures

In order to protect Users’ personal data from unauthorized access, collection, use, disclosure, copying, alteration, destruction, loss, or other unlawful use, the Site Administration implements appropriate administrative, technical, and physical security measures that correspond to the level of risk associated with the processing of such data.

8.2. Technical protection measures

Protective measures may include, in particular:

encryption and pseudonymization of personal data;
control of access to information systems;
multi-level authentication and security protocols;
regular monitoring and auditing of information systems;
data backup and incident recovery plans.

8.3. Security improvements

The website administration continuously improves information security measures in line with technological developments and standards, ensuring compliance with the requirements of current Ukrainian legislation in the field of personal data protection, as well as international standards, including Regulation (EU) 2016/679 (GDPR).

8.4. Incident response

Important: In the event of a personal data breach that may pose a risk to the rights and freedoms of Users, the Site Administration undertakes to take immediate measures to eliminate the consequences of the incident and notify Users and, in cases provided for by the GDPR, the competent supervisory authority.

9.1. Use of cookies

In order to improve the quality of services, analyze user activity, and personalize content, the Site Administration may use cookies and other similar tracking technologies.

9.2. What are cookies

Cookies are small text files that are stored in the user’s browser when visiting the site. They allow us to recognize the user’s browser or device and help us tailor the site to their needs.

We may use the following categories of cookies:

Necessary (mandatory) — provide the basic functionality of the website and do not require the User’s separate consent.
Functional — store user settings (e.g., language or region).
Analytical — help collect statistics about website traffic to improve its performance.
Marketing (advertising) — used to personalize advertising and informational messages, require prior consent from the User.

9.4. User identification

The use of cookies alone does not allow us to identify the user, but it may allow us to recognize the device or browser.

Before using any cookies other than those that are necessary, we ask for the User’s explicit and informed consent via a banner or other cookie settings interface. The User has the right to withdraw their consent or change their cookie settings at any time.

Users may also independently restrict or block the use of cookies in their browser settings. If certain cookies are disabled, some features of the website may not function properly.

10. DISPUTE RESOLUTION

10.1. Pre-trial procedure

Before filing a lawsuit regarding disputes arising from the relationship between the Website User and the Website Administration, it is mandatory to submit a claim (a written proposal for voluntary settlement of the dispute).

10.2. Claim consideration period

The recipient of the claim shall notify the claimant in writing of the results of the consideration of the claim within 30 calendar days from the date of receipt of the claim.

10.3. Court proceedings

If the dispute cannot be settled out of court, it shall be considered by a competent court in accordance with applicable law.

11. ADDITIONAL TERMS

11.1. Right to make changes

The website administration has the right to make changes to this Privacy Policy in order to bring it into line with current legislation, technical changes, new website features, or best practices for personal data protection.

11.2. Effective date of changes

All changes shall take effect from the moment they are published on the website inbulk.com, unless otherwise expressly provided by the new version of the Policy.

In the event of changes relating to the processing of personal data or significantly affecting the rights of the User, the Website Administration undertakes to notify Users in an accessible manner (for example, by email or a banner on the website).

11.3. Current version

The current version of the Privacy Policy is always posted on the inbulk.com website and is available for Users to review at any time.

11.4. Feedback

Users may send suggestions, questions, or comments regarding this Privacy Policy through the “Contacts” section on the inbulk.com website or by other means of communication determined by the Site Administration.

11.5. Language versions

In case of any discrepancies between the Ukrainian and English versions of this Privacy Policy, the English version shall prevail, unless otherwise provided by applicable law.

Contacts:
LLC “INBULK.COM”
Website: https://inbulk.com