General Data Protection Regulation (GDPR) Compliance Policy

Last Updated: December 6, 2025

Cavix Purath ("we," "our," or "us") is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller Information

Cavix Purath operates as the data controller for personal information collected through our online education platform.

Contact Details:

  • Address: Prazka St, 30, Kyiv, Ukraine, 02091
  • Email: info@cavixpurath.com
  • Phone: +380507678490

2. Legal Basis for Processing Personal Data

We process your personal data based on one or more of the following legal grounds:

  • Consent: You have given explicit consent for processing your personal data for specific purposes
  • Contract Performance: Processing is necessary to fulfill our contractual obligations to provide educational services
  • Legal Obligation: Processing is required to comply with legal requirements
  • Legitimate Interests: Processing is necessary for our legitimate business interests, provided your rights do not override these interests

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide

  • Identity data: name, username, date of birth
  • Contact data: email address, telephone number, postal address
  • Account data: login credentials, preferences, settings
  • Payment data: billing information, transaction history
  • Educational data: course enrollments, progress, assessments, certificates
  • Communications: messages, feedback, support requests

3.2 Information We Collect Automatically

  • Technical data: IP address, browser type, device information, operating system
  • Usage data: pages viewed, time spent, navigation paths, click patterns
  • Location data: general geographic location based on IP address
  • Cookies and tracking data: as described in our Cookie Policy

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Providing and managing access to educational content and services
  • Processing enrollments, payments, and issuing certificates
  • Communicating about courses, updates, and platform changes
  • Personalizing your learning experience and recommendations
  • Improving our platform, content, and services
  • Ensuring platform security and preventing fraud
  • Complying with legal obligations and enforcing our terms
  • Analyzing usage patterns and conducting research
  • Sending marketing communications (with your consent)

5. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

5.1 Service Providers

Third-party vendors who provide services on our behalf, including:

  • Cloud hosting and infrastructure providers
  • Payment processors and financial institutions
  • Email and communication service providers
  • Analytics and performance monitoring tools
  • Customer support platforms

5.2 Legal Requirements

We may disclose your data when required by law, regulation, legal process, or governmental request.

5.3 Business Transfers

In connection with mergers, acquisitions, or sale of assets, your data may be transferred to the acquiring entity.

5.4 With Your Consent

We may share your data with other parties when you have provided explicit consent.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside your region. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by regulatory authorities
  • Adequacy decisions recognizing equivalent data protection standards
  • Binding corporate rules for intra-group transfers
  • Your explicit consent for specific transfers

7. Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

7.1 Right to Access

You can request confirmation of whether we process your data and obtain a copy of your personal data.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure

You can request deletion of your personal data in certain circumstances, including:

  • Data is no longer necessary for the original purpose
  • You withdraw consent and no other legal basis exists
  • You object to processing and no overriding legitimate grounds exist
  • Data has been unlawfully processed

7.4 Right to Restriction of Processing

You can request limitation of how we use your data in specific situations.

7.5 Right to Data Portability

You can receive your personal data in a structured, commonly used format and transmit it to another controller.

7.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

7.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

7.8 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of prior processing.

8. Exercising Your Rights

To exercise any of your data protection rights, please contact us at:

  • Email: info@cavixpurath.com
  • Phone: +380507678490

We will respond to your request within one month, though this period may be extended by two additional months for complex requests. We may request verification of your identity before processing requests.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Retention periods depend on:

  • The nature of the data and purpose of processing
  • Legal, regulatory, or contractual obligations
  • Legitimate business needs, including dispute resolution
  • Your consent duration for marketing communications

When data is no longer needed, we securely delete or anonymize it.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and audits
  • Employee training on data protection practices
  • Incident response and breach notification procedures

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware
  • Inform affected individuals without undue delay when the breach poses a high risk
  • Document all breaches, including facts, effects, and remedial actions

12. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children without verifiable parental consent. If we become aware of such collection, we will delete the information promptly.

13. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information about our use of cookies, including your choices and controls, please refer to our Cookie Policy.

14. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

15. Changes to This Policy

We may update this GDPR Compliance Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will:

  • Post the updated policy on our website with a revised "Last Updated" date
  • Notify you of material changes through email or platform notifications
  • Obtain your consent where required for significant changes affecting your rights

We encourage you to review this policy regularly to stay informed about how we protect your data.

16. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe we have processed your personal data unlawfully or violated your rights under GDPR. You can contact your local data protection authority or the authority in the jurisdiction where we operate.

17. Data Protection Officer

For questions about this policy or our data protection practices, you may contact our data protection team at info@cavixpurath.com.

18. Contact Information

For any questions, concerns, or requests regarding this GDPR Compliance Policy or your personal data, please contact us:

Cavix Purath

  • Address: Prazka St, 30, Kyiv, Ukraine, 02091
  • Email: info@cavixpurath.com
  • Phone: +380507678490
  • WhatsApp: https://wa.me/380507678490

By using our platform and services, you acknowledge that you have read and understood this GDPR Compliance Policy and agree to the collection, use, and disclosure of your personal data as described herein.

Cookie Settings

We use cookies to enhance your experience. Choose your preferences below.

Allows us to measure and analyze site performance.

Enables advertising cookies for personalized content.

Allows personalized advertising based on your interests.

Collects user data for advertising purposes.