GENERAL TERMS AND DEFINITIONS
1.1. Controller or Pitaya - Individual Entrepreneur Pidmurniak T.A. "Pitaya.ua" 1.2. Personal Data - information about an individual that is identified or can be identified by one or several characteristic factors that determine the physical, physiological, genetic, mental, economic, cultural, or social identity, including the IP address of the device, location data, internet identifier, as well as information collected through cookies and similar technologies.

1.3. Policy - this Privacy Policy, which contains information about the processing of Personal Data and the use of cookies and similar tracking technologies on the Website.

1.4. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1.5. Website - the website operated by the Controller at the domain https://pitaya.ua/, accessible through web browsers.

1.6. Store - Pitaya online store, accessible through the Website, where Pitaya carries out remote sales of goods.

1.7. User - any individual who visits the Website or uses one or more services or features described in the Policy.

1.8. Device - means an electronic device through which the User accesses the Website.
GENERAL INFORMATION

2.1. In connection with your use of the Website, we collect data necessary for the provision of the offered services, as well as information about your activity on the Website. In this regard, we are the controller of your Personal Data and attach great importance to their proper protection. We ensure that our data processing procedures comply with the applicable legal requirements, including GDPR. Our goal is to provide you with complete information about the processing of your Personal Data and provide you with tools to exercise your rights. Below, we provide information on how we process your Personal Data.

2.2. We process your Personal Data in accordance with the law, ensuring that they are up-to-date and accurate. Therefore, from time to time, we may remind you to update them by sending a message to the email address you provided or by posting a relevant notification on the Website after you log into your account.

HOW CAN I CONTACT THE CONTROLLER AND DATA PROTECTION OFFICER?

3.1. If you have any questions regarding the processing of your Personal Data or if you want to exercise your rights, please contact our Data Protection Officer directly at the email address: pitaya.ua@gmail.com (This email address is not used for sending cooperation offers and marketing proposals; such messages will be ignored by our ticketing system) or at our legal address.
HOW DO WE OBTAIN YOUR PERSONAL DATA?
4.1. We obtain your Personal Data directly from you for the purpose of providing our services and ensuring the uninterrupted functioning of our Website. You provide us with your data primarily through special forms when making purchases in our Store, which operates based on the Store Terms of Use, subscribing to our newsletter, or contacting us using the contact form. We also receive your data when you use other services available on the Website, such as browsing products from the Store's range.

IS IT MANDATORY TO PROVIDE PERSONAL DATA?

5.1. It is up to you to decide whether to provide us with Personal Data and what Personal Data to provide - it is not mandatory. However, please remember that in some cases, providing Personal Data is necessary for the proper provision of services offered by us or for the conclusion and performance of a contract, as described in detail below.

HOW DO WE PROCESS YOUR PERSONAL DATA? USE OF THE WEBSITE

6.1 When you use the Website but you are not a registered User (i.e., you do not have an account on the Website), we process your Personal Data (including the IP address or other identifiers and information collected through cookies or similar technologies) for the following purposes:

6.1.1 to provide services electronically within the scope of displaying content collected on the Website - then the legal basis for processing is the necessity of processing for the performance of a contract (Art. 6(1)(b) GDPR);

6.1.2 for analytical and statistical purposes - then the legal basis for processing is the legitimate interest of the Controller (Art. 6(1)(f) GDPR), which consists of conducting an analysis of Users' activities and preferences in order to improve the functionality and services provided;

6.1.3 for the possible establishment and assertion of claims or defense against claims - the legal basis for processing is the legitimate interest of the Controller (Art. 6(1)(f) GDPR), which consists of protecting its economic rights and interests;

6.1.4 for marketing purposes of the Controller and other subjects, including those related to displaying behavioral advertising - the rules for processing Personal Data for marketing purposes are described in the MARKETING section.

6.2 Your activity on the Website, including your Personal Data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities related to the information system used to provide our services). The information collected in the logs is primarily processed for purposes related to the provision of services. We also process it for technical and administrative purposes, to ensure the security of the information system and manage this system, as well as for analytical and statistical purposes - here the legal basis for processing is the legitimate interest of the Controller (Art. 6(1)(f) GDPR). REGISTRATION AND MAINTENANCE OF AN ACCOUNT

6.3 We ask individuals who register on the Website to provide the necessary data for creating and maintaining an account. To facilitate the service, you may provide additional data, thereby agreeing to their processing. Such data can be deleted at any time. Providing the data marked as mandatory is necessary for the creation and maintenance of an account, and failure to provide them will result in the inability to create an account. Providing other data is voluntary.

6.4 Your personal data is processed for the following purposes:

6.4.1 to provide services related to the management and maintenance of an account on the Website - the legal basis for processing is the necessity of processing for the performance of a contract (Art. 6(1)(b) GDPR), and regarding optional data - the legal basis for processing is consent (Art. 6(1)(a) GDPR);

6.4.2 for analytical and statistical purposes - the legal basis for processing is the Controller's legitimate interest (Article 6(1)(f) of the GDPR), which involves analyzing Users' activity on the Website, the usage of their accounts, as well as their preferences to improve the functionality used.

6.4.3 for the purpose of possible establishment and defense of legal claims - the legal basis for processing is the Controller's legitimate interest (Article 6(1)(f) of the GDPR), which involves protecting its economic rights and interests.

6.4.4 for marketing purposes of the Controller and other entities - the rules for processing Personal Data for marketing purposes are described in the MARKETING section.

6.5 You can also log into your account on the Website using the social network Facebook. In this case, the Website will only load the data necessary for registration and account servicing from your social network account. The extent of your data to which we will have access will be indicated in the notification displayed with the question of whether to continue logging into the account. By continuing the login, you agree to the transfer of data to our Website. Facebook will remember your choice, and if you log in again using this social network, the notification will no longer be displayed. Detailed information about the extent and purposes of data processing by the social network, as well as the related rights and privacy protection configuration parameters, are described in Facebook's Privacy Policy.

6.5.1. You can use AppleID to log into your account. In this case, our website will only request the data necessary for registration or account servicing from your Apple account. Your registration data will be indicated in the message displayed when logging in. Upon continuation, this data will be transferred to our website. Detailed information about the extent and purposes of data processing by Apple Inc., as well as the corresponding rights and privacy protection configuration parameters, are described in Apple's Privacy Policy.

6.5.2. You can also log into your account on the website using your Google account. In this case, the website will only load the data necessary for registration and account operation from your Google account. The extent of your data to which we will have access will be indicated in the notification displayed with the login continuation request. By continuing the login, the specified data will be transferred to our website. Google will remember your choice, and if you log in again using the same method, the notification will no longer be displayed. Detailed information about the extent and purposes of data processing by the website, as well as the related rights and privacy protection configuration parameters, are described in Google's Privacy Policy.

6.6 If a User posts any Personal data of other individuals (including their names, addresses, phone numbers, or email addresses) on the Website, they may only do so if they do not violate the law and the personal rights of these individuals.

ORDER PROCESSING

6.7 When placing an order for products or services offered by us, your Personal Data will be processed. Providing the data marked as mandatory is necessary for the acceptance and processing of the order, and failure to provide them will result in the inability to fulfill the order. Providing other data is not mandatory.

6.8 Your personal data is processed:

6.8.1 for the purpose of fulfilling the placed order – the legal basis for processing is the necessity of processing for the performance of a contract (Art. 6(1)(b) GDPR); and regarding optional data – the legal basis for processing is your consent (Art. 6(1)(a) GDPR);

6.8.2 for the purpose of fulfilling legislative obligations imposed on the Controller, arising in particular from tax legislation and the "Accounting Act" – the legal basis for processing is a legal obligation (Art. 6(1)(c) GDPR);

6.8.3 for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Art. 6(1)(f) GDPR), which consists of analyzing user activity on the Website, as well as the use of user accounts and preferences regarding purchases to improve the functionality used;

6.8.4 for the purpose of possible establishment and assertion of legal claims or defense against legal claims – the legal basis for processing is the legitimate interest of the Controller (Art. 6(1)(f) GDPR), which consists of protecting its economic rights and interests. COMPLAINTS AND RETURNS

6.9 When you file a complaint or request a return, we process your Personal Data. Providing data in the complaint form is not mandatory, but it is necessary for proper consideration of the complaint. Providing data in the return form is not mandatory, but it is necessary for the effective withdrawal from the contract.

6.10 Your personal data is processed:

6.10.1 for the purpose of considering the submitted complaint – the legal basis for processing your Personal Data is the obligation of the Controller arising from the provisions of the legislation on guarantee for defects in sold goods (Art. 6(1)(c) GDPR);

6.10.2 for the purpose of processing the return – the legal basis for processing your Personal Data is the obligation of the Controller arising from the provisions of legislation on consumer rights protection (Art. 6(1)(c) GDPR), if the basis for the return is the provision on the right to withdraw from the contract or the need for processing to fulfill the contract (Art. 6(1)(b) GDPR), if the basis for the return is the terms of use of our Store;

6.10.3 for the purpose of fulfilling other legislative obligations imposed on the Controller, arising in particular from tax legislation and the "Accounting Act" – the legal basis for processing is a legal obligation (Art. 6(1)(c) GDPR);

6.10.4 for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Art. 6(1)(f) GDPR), which consists of analyzing user activity on the Website, as well as the use of user accounts and preferences regarding purchases to improve the functionality used;

6.10.5 for the purpose of possible establishment and assertion of legal claims or defense against legal claims – the legal basis for processing is the legitimate interest of the Controller (Art. 6(1)(f) GDPR), which consists of protecting its economic rights and interests.

CONTACT FORM

6.11 We provide the opportunity to contact us through a contact form. Using the form requires providing Personal Data necessary to get in touch with you and respond to your inquiries. Providing the data marked as mandatory is necessary for accepting and processing the request, and failure to provide them will result in the inability to process the inquiry. Providing other data (e.g., in the text of the inquiry) is voluntary.

6.12 Your personal data is processed for the following purposes:

6.12.1 for the identification and processing of your inquiry submitted through the available form – the legal basis for processing is the legitimate interest of the Controller (Art. 6(1)(f) GDPR) which is the necessity to resolve the matter you refer to and correspond with you addressed to the Controller in relation to its business activities;

6.12.2 for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Art. 6(1)(f) GDPR) which is keeping statistics of inquiries received from users through the Website to improve its functional capabilities. GEOLOCATION

6.13 Your Personal Data, including information about your location, are processed so that you can find the nearest stationary delivery points. The use of this function is optional and not required for proper use of the Website. The legal basis for processing this data is your consent (Art. 6(1)(a) GDPR) expressed in the form of permission in the mobile application "Answear - fashion store" to use location services of your mobile device. We process your location data only with your consent. Consent can be revoked at any time by withdrawing permissions for the mobile application to access location information on your mobile device. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

MARKETING

7.1 We process your Personal Data for the purpose of carrying out marketing activities, which may include:

7.1.1 displaying marketing content that corresponds to your interests (behavioral advertising);

7.1.2 taking actions related to direct marketing of goods and services (sending commercial information electronically and engaging in telemarketing activities).

7.2 For the purpose of carrying out marketing activities, we use profiling in some cases. This means that through automatic processing of data, we evaluate certain factors related to you, in order to analyze your behavior or create forecasts for the future. This allows us to better adapt the displayed content to your individual preferences and interests. BEHAVIORAL ADVERTISING

7.3 Together with our reliable partners, we process your Personal Data, including Personal Data collected using cookies and similar technologies, for marketing purposes related to targeting you with behavioral advertising (i.e., advertising that corresponds to your preferences). In such a case, the processing of Personal Data also includes profiling, and the consequence of this profiling is only the display of tailored advertising based on your Personal Data obtained by us and our partners.

7.4 The list of reliable partners of the Controller can be viewed below in the "Cookie Usage Information" section in the "Our Partners" tab.

DIRECT MARKETING

7.5 If you provide consent, your data may be used by us for sending you marketing content through various channels, such as email (in the form of a newsletter), MMS/SMS, or phone. The legal basis for processing your data in this case is the legitimate interest of the Controller (Art. 6(1)(f) of the General Data Protection Regulation) in relation to the consent you have given, which involves marketing of the offered products and services. We only perform such actions after you have provided your consent, which you can revoke at any time. You can withdraw your consent at any time by clicking the link we send in every commercial email containing marketing information, by contacting us at the email address: pitaya.ua@gmail.com (This email address is not used for sending cooperation offers and marketing proposals; such messages will be ignored by our application support system) or through the contact form. Withdrawing your consent does not affect the lawfulness of data processing during the period before its withdrawal.

7.6 We may also conduct direct marketing through traditional postal communication to the mailing address provided by you. The legal basis for processing your data in this case is the legitimate interest of the Controller (Art. 6(1)(f) of the General Data Protection Regulation) in marketing the offered products and services. You can object to the processing of your data for this purpose at any time. You can express your objection by writing to us at the email address: pitaya.ua@gmail.com (This email address is not used for sending cooperation offers and marketing proposals; such messages will be ignored by our application support system) or through the contact form.

PUSH NOTIFICATIONS

7.7 If you provide separate consent to receive push notifications, you may receive notifications in the form of messages displayed on your mobile device and web browser, containing marketing content related to our offers, services, and promotions. The legal basis for processing your personal data for this purpose is the legitimate interest of the Controller (Art. 6(1)(f) of the General Data Protection Regulation) in marketing the offered products and services in connection with your expressed consent to receive notifications in the form of push messages. You can revoke your consent to receive push notifications at any time. The withdrawal of consent does not affect the legality of the processing that occurred prior to its withdrawal. Consent can be revoked by changing the settings of the web browser used or your mobile device.

GOOGLE ADS CUSTOMER MATCH

7.8 Marketing of the products and services we offer may be carried out using the Google Ads Customer Match tool. Google Ads Customer Match is a tool that allows the Controller to upload a hashed database of email addresses (customer list) to Google's tools to check if user accounts have been created using the same email addresses in Google services such as YouTube, Gmail, etc. If a match is found, advertisements from the Controller may be displayed to users of Google services after they log in.

7.9 Marketing of the products and services we offer may also be carried out using the Facebook Custom Audience tool. Facebook Custom Audience is a tool that allows the Controller to upload a hashed database of email addresses to Facebook's tools to check if user accounts have been created using the same email addresses on the Facebook network. If a match is found, advertisements from the Controller may be displayed to users of the Facebook network after they log in.

PROCESSING OF DATA OF INDIVIDUALS VISITING THE CONTROLLER'S SOCIAL MEDIA PROFILES

8.1 The Controller has publicly accessible profiles on social media platforms such as Facebook, Instagram, LinkedIn, Pinterest, and YouTube. As a result, the Controller processes data left by visitors to these profiles, including comments, likes, and internet identifiers.

8.2 Personal data of such individuals is processed for the following purposes:

8.2.1 to enable their interaction with the profiles;

8.2.2 for effective management of the profiles by providing social media users with information about the Controller's initiatives, events, services, and products, as well as promoting various events, services, and products;

8.2.3 for statistical and analytical purposes;

8.2.4 the data may be processed for the purpose of asserting possible legal claims or defending against legal claims.

8.3 The legal basis for processing Personal Data is the legitimate interest of the Controller (Art. 6(1)(f) GDPR), which includes:

8.3.1 promoting their own brand and improving the quality of services provided,

8.3.2 analyzing activity and preferences,

8.3.3 if necessary, for asserting legal claims or defending against legal claims. NOTE: The above information does not apply to the processing of personal data by social media controllers.

INFORMATION ABOUT THE USE OF COOKIES WHAT ARE COOKIES?

9.1 Cookies are small text files that are stored on devices used by users to access the website. Cookies collect information that facilitates the use of the website, such as remembering user visits and actions. The cookies we use are safe for the user's device. Specifically, viruses or other unwanted or harmful software cannot enter users' devices through these files. These files allow the identification of software used by the user and personalize the website's operation for each user.

TYPES OF COOKIE FILES USED BY THE CONTROLLER

9.2 We use the following types of cookie files:

9.2.1 Essential cookie files are necessary for the proper functioning of the Website. These files allow the Controller to securely perform actions such as processing user orders, remembering users who have entered the Website from another page, or automatically filling in address data during purchases. Blocking these cookie files in the user's browser may result in improper functioning of the Website. These cookie files are mandatory and cannot be deactivated. Special purposes of using technical cookie files: a) Ensuring the security and reliability of the Website; b) Implementing processes necessary to ensure the full functionality of the Website, including:

adapting the content of the Website to provide users with the ability to fully utilize available functional features and optimize the use of Website pages. In particular, these files allow recognizing the basic parameters of the user's device and properly displaying the Website to them;

correct operation of the "Recommend to a friend" program, including the ability to check the source of user redirection to the Website pages;

providing the ability to use the "Clipboard" and "Cart" functions on the Website.

9.2.2 Analytical cookie files are used by the Controller for analyzing user behavior on the Website for business purposes and to understand how users use the Website. This allows identifying functional features that need improvement or updating. The information obtained by the Controller using analytical cookie files is anonymous, and based on this information, the Controller cannot identify the user from whom the information was obtained.

9.2.3 Personalization cookie files allow analyzing user behavior and preferences regarding purchases on the Website, enabling personalized product offers to be provided to users, making changes to the Website's functionality, and publishing sponsored content. Data obtained through these types of cookie files can also be used to improve existing systems and software and to develop new solutions and functionalities.

9.2.4 Advertising cookie files allow the Controller to customize the displayed advertisements according to the preferences and interests of users, targeting them with so-called behavioral advertising. With their use, entities cooperating with the Controller, such as operators of the Facebook or Instagram network, can properly configure the displayed advertising content to correspond to the user's preferences.

COOKIE RETENTION PERIOD

9.3 The above-described cookie files can be divided into two types depending on their retention period:

9.3.1 Session cookie files are stored on the user's device and remain there until the end of the session of the particular browser. After that, the stored information is permanently deleted from the device's memory.

9.3.2 Persistent cookie files are stored on the user's device until they are deleted. The end of the browser session or turning off the device does not result in their deletion. If the user does not delete persistent cookie files from their device, they will be stored for up to 60 days from the time of their storage

MANAGING COOKIE FILES ON THE WEBSITE

9.4 Only essential cookie files are necessary for the proper functioning of the Website. For other types of cookie files, you can provide consent for their use, but it is not mandatory. You can manage the use of analytical cookie files, personalization cookie files, and advertising cookie files by giving or withdrawing your consent for their use. You have the ability to manage consents for individual types of cookie files at any time using the panel on our website. The panel can be accessed through the "Your Cookie Files" tab at the bottom of the Website.

OUR PARTNERS

9.5 Some cookie files are placed on the Website by external partners who collaborate with us. The current list of partners with whom we cooperate for the use of cookie files, along with the category of cookie files they place, can be found in the table below. Detailed information on this matter can be found in the privacy policy of each respective partner.

TO WHOM WILL WE TRANSFER YOUR PERSONAL DATA?

10.1 We may transfer your personal data to entities with whom we collaborate in providing the services we offer.

10.2 Depending on the chosen method of delivery for purchased goods, we will provide your data necessary for delivery to one of the entities we collaborate with in the field of delivery. In the case of using geolocation services to search for stationary delivery points, your personal data will also be transferred to entities that provide location services.

10.3 Depending on the payment method you chose for the purchased goods, we will transfer your data necessary for receiving or making payments to one of the entities we collaborate with in the payment processing field.

10.4 If you have given consent to receive commercial information at the email address or phone number provided by you, we will transfer your data to entities that provide the service of sending commercial information on our behalf.

10.5 Additionally, your data will be transferred to entities that process customer personal data on our behalf to the extent necessary for website hosting.

10.6 We may also transfer your personal data to other entities we start collaborating with, including legal and tax consultants, as well as entities providing accounting, IT, logistics, and marketing services.

10.7 We also have the right to disclose certain information about our users to competent authorities or third parties who request such information based on the appropriate legal basis and in accordance with applicable law.

HOW LONG WILL WE PROCESS YOUR PERSONAL DATA?

11.1 The processing period of your data depends on the type of service we provide and the purpose of processing. Generally, data is processed throughout the entire period of service provision or order fulfillment until the withdrawal of consent or the submission of objection to the processing, in cases where the legal basis for data processing is the legitimate interest of the Controller.

11.2 The data processing period may be extended if processing is necessary for establishing and presenting possible legal claims or for defense against legal claims, and after this period, only to the extent required by law. After the processing period is complete, the data is either deleted irretrievably or anonymized.

HOW DO WE PROTECT YOUR DATA?

12.1 We employ various IT and organizational security measures to minimize the risk of data leakage, destruction, and disintegration. Security measures include firewall systems, antivirus and spam protection systems, internal access and data processing procedures, emergency recovery procedures, and a multi-level backup system. Our Store ensures a high level of security by using a web application firewall (WAF) and DDoS protection systems. We also utilize high-level encryption with HTTPS/SSL connection in accordance with leading practices, and collaborate with a carefully selected hosting service provider that holds ISO 9001 quality certification and AQAP-2110 compliance certification, as well as ISO/IEC 27001 compliance certification for information security management systems.

12.2 Please be aware that using the internet always carries a risk of certain security incidents. However, we assure you that through implemented procedures of regular monitoring and updating of information processing systems, as well as active monitoring of critical system points, we strive to minimize this risk.

WHAT RIGHTS DO YOU HAVE REGARDING THE PROCESSING OF YOUR PERSONAL DATA?

13.1 As we process your Personal Data, you have the following rights:

13.1.1 Right to Information about the processing of Personal Data - on this basis, the Controller provides you with information about the processing of your Personal Data, including primarily information about the purposes and legal bases for processing, the scope of available data, the recipients to whom they are disclosed, and the planned data deletion date.

13.1.2 Right to obtain a copy of data - on this basis, the Controller provides you with a copy of your Personal Data being processed.

13.1.3 Right to rectification - the Controller is obliged to rectify any possible inaccuracies or errors in the Personal Data being processed and complete them, if they are incomplete.

13.1.4 Right to erasure - on this basis, you may demand the erasure of data when their processing is no longer necessary for the achievement of any of the purposes for which they were collected.

13.1.5 Right to restriction of processing - upon receiving such a request, the Controller ceases to perform operations with your Personal Data, except for operations to which you have given consent, and keeps the data in accordance with the adopted storage rules, or until the reasons for restricting data processing cease to exist (for example, until a supervisory authority issues a decision allowing further data processing).

13.1.6 Right to data portability - on this basis, to the extent that data is processed by automated means, in connection with a concluded contract or given consent, the Controller provides you with the issued data in a format that allows for reading the data through a computer. You may also request that this data be sent to another subject, provided that there are technical capabilities on the part of both the Controller and yourself.

13.1.7 Right to object to data processing for marketing purposes - you may object to the processing of your Personal Data for marketing purposes at any time without having to justify such objection.

13.1.8 Right to object to other purposes of data processing - you may object at any time, due to reasons related to your particular situation, to the processing of your Personal Data carried out on the basis of the legitimate interest of the Controller (e.g., for analytical or statistical purposes, or reasons related to the protection of property rights). Objections in this scope must be substantiated.

13.1.9 Right to withdraw consent - if data is processed based on your consent, you have the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out prior to the withdrawal of consent.

13.1.10 Right to lodge a complaint - if you believe that the processing of Personal Data violates the provisions of the GDPR or other regulations regarding the protection of personal data, you may lodge a complaint with the supervisory authority responsible for overseeing the processing of personal data, depending on your place of residence, work, or the place of the likely violation.

SUBMISSION OF APPLICATION WITH RIGHTS RELATED TO THE IMPLEMENTATION OF RIGHTS

13.2 You may independently exercise some of the rights listed above. If you have an account with the Store, you always have access to your Personal Data and can correct and update it.

13.3 You can submit an application with a request for all the rights mentioned above by writing to our Data Protection Officer at the email address: pitaya.ua@gmsil.com (This email address is not used for sending cooperation proposals and marketing offers, such messages will be ignored by our request servicing system).

13.4 We will attempt to fulfill your request as quickly as possible and respond to your inquiries regarding the processing of your data. You will receive a response within 30 days of us receiving your request. If it is found that due to the complexity of the request or the number of requests we have received, we cannot provide you with information about the actions taken within this period, we will notify you of an extension of the deadline.

13.5 If we have doubts as to whether you are submitting the request, we may ask you a few additional questions to confirm your identity. Providing such information is not mandatory, however, the failure to provide it will result in the denial of your request. We may also require additional information to determine the exact content of your request.

13.6 The request can be submitted personally or through a representative (such as a family member). For data security reasons, we recommend that you use a power of attorney certified by a notary or an authorized lawyer, which will facilitate the verification of the authenticity of the request.

13.7 If the request was sent to us in electronic form, we will respond in the same form, unless the applicant requests a response in a different form. In other cases, we will provide a written response. In the event that the deadline for fulfilling the request does not allow for a written response, and the volume of the applicant's processed data allows for electronic communication, we will provide a response electronically.

13.8 We keep information about the received request and the person who submitted the request in order to provide the opportunity to demonstrate compliance and establish and present claims or defend against claims from data subjects. The register of requests is kept in a manner that ensures the integrity and confidentiality of the data contained therein.

CHANGES TO THE PRIVACY POLICY

14.1 The policy is constantly reviewed and updated as necessary. Last update: April 11, 2023.