Privacy Policy
Last updated: March 2026
1. Introduction
Posimos respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use and process it, and what rights you have over your personal data when using our service.
2. Data Controller
Posimos (the "Controller") is the party responsible for the processing of personal data in connection with the provision of this platform's services. For any questions relating to personal data protection, please contact us at: [email protected].
3. Roles in Data Processing
In our relationship with Clients (business owners and their staff), Posimos acts as a data controller and independently determines the purposes and means of processing their personal data. With respect to the personal data of End Consumers (customers and guests of our Clients' establishments), Posimos acts as a data processor, handling information solely on the instructions of and on behalf of the Client-controllers.
4. Data We Collect
We collect and process the following categories of personal data:
Account data: first and last name, email address, phone number, business information (name, address, establishment type).
Operational data: order information, menu items and products, inventory and stock data, staff and shift records.
Technical data: IP address, browser and operating system type, pages visited, dates and times of visits, device information.
Payment data: transaction history, subscription information and status. We do not store payment card numbers - card data is processed directly by the payment provider in accordance with PCI DSS standards.
5. How We Use Your Data
The personal data we collect is used to: provide and maintain the functionality of the Posimos service; process payments and manage subscriptions; send transactional notifications (registration confirmations, invoices, technical notices); improve and develop the platform based on usage analysis; prevent fraud and ensure the security of the service; comply with applicable Ukrainian law.
6. Legal Basis for Processing
We process personal data on the following legal grounds: performance of a contract - for data necessary to deliver services under the agreement concluded with you; legitimate interests - for improving the service, ensuring security, and preventing misuse; compliance with legal obligations - to meet requirements under tax, accounting, and other applicable legislation; consent - for sending marketing communications where required by law.
7. Disclosure to Third Parties
We do not sell, rent, or share your personal data with third parties for commercial purposes. Data may be shared only with trusted service providers acting on our behalf: hosting providers, the payment provider for processing transactions, and analytics and monitoring services. All such providers are required to comply with applicable data protection requirements. We may also disclose personal data at the request of authorised government authorities in cases provided for by Ukrainian law.
8. International Data Transfers
Some of our trusted service providers may be located outside Ukraine or the European Economic Area. In such cases, we ensure an adequate level of personal data protection through standard contractual clauses or other safeguards recognised under applicable data protection law.
9. Data Retention
We retain personal data only for as long as necessary for the purposes described in this Policy:
- account data: for the duration of the account and for 3 years after its closure;
- financial and transaction data: in accordance with Ukrainian tax legislation requirements;
- technical logs: 12 months;
- operational data (orders, inventory, staff): in accordance with accounting and tax legislation requirements.
10. Your Rights
Under personal data protection law, you have the right to: access your personal data and receive a copy of it; rectify inaccurate or incomplete data; request erasure of data in cases provided for by law; restrict the processing of your data; object to the processing of your data; receive your data in a portable, machine-readable format.
To exercise any of these rights, please contact us at: [email protected].
You also have the right to lodge a complaint with the supervisory authority - the Ukrainian Parliament Commissioner for Human Rights - if you believe that the processing of your personal data violates applicable law.
11. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. In particular, we use TLS encryption for data in transit, and access to personal data is granted only to authorised staff within the scope of their duties.
12. Cookies
Our service uses cookies and similar tracking technologies to support platform functionality, analyse usage, and improve the user experience. For detailed information about the types of cookies we use and how to manage them, please see our Cookie Policy.
13. Children
The Posimos service is not intended for or directed at persons under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data without parental or guardian consent, please contact us at [email protected] and we will take steps to delete that information.
14. Changes to This Policy
We reserve the right to update this Privacy Policy in response to changes in legislation or our business practices. We will notify you of any material changes in advance - by email to your registered address or by posting a notice on the website. Continued use of the service after the changes take effect constitutes your acceptance of the updated Policy.
15. Contact Information
For questions about this Policy or the processing of your personal data, please contact us: [email protected], phone: +380 99 899 70 59.