WORLDMATES.CLUB PRIVACY POLICY

Last Updated: August 12, 2025
Effective Date: August 12, 2025

---

INTRODUCTION

Welcome to the Privacy Policy of WorldMates.club social network. This Privacy Policy (the "Policy") describes how WorldMates.club, operated by an individual entrepreneur registered in accordance with Ukrainian law with registration location in Dnipro, Ukraine (hereinafter "We," "Our Company," "Operator"), collects, uses, stores, and protects your personal data when using the WorldMates.club social network (hereinafter "Service," "Platform").

We take the protection of your personal data seriously and commit to ensuring their security in accordance with applicable legislation, including the Law of Ukraine "On Personal Data Protection" No. 2297-VI, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), as well as considering the specifics of martial law in Ukraine.

Operator Contact Information:

• Name: [Entrepreneur's Full Name]
• Registration Number: [Individual Entrepreneur Registration Number]
• Address: Dnipro, Ukraine, [Full Address]
• Email: privacy@worldmates.club
• Phone: [Phone Number]

---

1. DEFINITIONS AND KEY CONCEPTS

1.1 Basic Terms

• Personal Data — any information that directly or indirectly allows identification of a natural person
• Data Subject — a natural person whose data is being processed
• Data Processing — any action with personal data: collection, recording, systematization, accumulation, storage, updating, use, transfer, deletion
• Data Controller — WorldMates.club as the entity determining purposes and means of personal data processing
• Consent — voluntary, specific, informed, and unambiguous consent of the data subject to processing of their personal data

1.2 Special Categories of Data

According to GDPR, special categories include data about:

• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic and biometric data
• Health data
• Sexual orientation

---

2. LEGAL BASIS FOR DATA PROCESSING

2.1 Basis under Ukrainian Legislation

Personal data processing is carried out on the following legal grounds according to the Law of Ukraine "On Personal Data Protection":

• Data Subject Consent — voluntary consent to process specific data for defined purposes
• Contract Performance — processing necessary for contract fulfillment with the user
• Legal Obligations — compliance with Ukrainian legislation requirements
• Vital Interests — protection of life and health of the data subject
• Public Interests — performance of tasks in public interest
• Legitimate Interests — legitimate interests of the controller while respecting data subject rights

2.2 Basis under GDPR (Article 6)

For EU users, processing is carried out based on:

1. Consent — data subject has given consent for processing
2. Contract — processing is necessary for contract performance
3. Legal Obligation — compliance with controller's legal obligations
4. Vital Interests — protection of vital interests
5. Public Task — performance of task in public interest
6. Legitimate Interests — legitimate interests of controller or third party

2.3 Processing Special Categories of Data

Special categories of data are processed only with:

• Explicit consent of the data subject
• Necessity for protecting vital interests
• Processing of data manifestly made public by the subject
• Prevention or detection of crimes
• Protection of health or social security

---

3. WHAT DATA WE COLLECT

3.1 Data Provided During Registration

Required Data:

• First and last name (real)
• Email address
• Date of birth (for age verification)
• Password (stored encrypted)
• Country of residence

Additional Profile Data:

• Profile photo
• Work and education information
• City of residence
• Interests and hobbies
• Relationship status
• Contact information (phone number, messengers)
• Biography/profile description

3.2 Automatically Collected Technical Data

Device and Browser Data:

• IP address and approximate location
• Device type, operating system
• Browser and its version
• Screen resolution and language settings
• Unique device identifiers

Website Behavior Data:

• Pages you visit
• Time spent on site
• Links you click
• Search queries on the platform
• Content interactions (likes, comments, reposts)

3.3 Data from Third Parties

Social Networks:

• Data from social media profiles when logging in through them
• Public information from linked accounts
• Contacts from imported address books (with consent)

Analytics Services:

• Google Analytics (visit data)
• Yandex.Metrica (behavioral data)
• Facebook Pixel (conversion data)

3.4 User Content

Created Content:

• Text posts and comments
• Uploaded photos and videos
• Audio recordings and files
• File metadata (creation time, geolocation)

Communications:

• Private messages between users
• Messages in groups and communities
• Complaints and support requests

---

4. PURPOSES OF PERSONAL DATA PROCESSING

4.1 Main Usage Purposes

Service Provision:

• Creating and managing user accounts
• Displaying personalized content
• Providing social interaction features
• Technical user support

Security and Protection:

• Preventing fraud and abuse
• Ensuring platform security
• Detecting and blocking spam
• Enforcing community guidelines

Service Improvement:

• Analyzing platform usage
• Developing new features
• Fixing bugs and improving performance
• Conducting user experience research

4.2 Marketing and Advertising

Personalized Advertising:

• Showing relevant advertisements
• Creating advertising profiles (with consent)
• Measuring advertising effectiveness
• Preventing inappropriate ad display

Marketing Communications:

• Sending newsletters (with consent)
• Notifications about new features
• Personal recommendations
• Surveys and research (voluntary)

4.3 Legal Compliance

Legal Obligations:

• Fulfilling Ukrainian legislation requirements
• Complying with Ukraine's Media Law
• Providing data to law enforcement (upon request)
• Maintaining data processing logs

Protection of Rights and Interests:

• Dispute resolution
• Intellectual property protection
• Ensuring Terms of Use compliance
• Crime prevention

---

5. CONSENT TO DATA PROCESSING

5.1 Obtaining Consent

Consent Principles:

• Voluntary — consent given without coercion
• Informed — subject understands processing purposes
• Specific — consent relates to defined purposes
• Unambiguous — consent expressed clearly and understandably

Methods of Obtaining Consent:

• Checkbox during registration
• Explicit consent in profile settings
• Consent when downloading app
• Continued use after change notifications

5.2 Withdrawal of Consent

According to GDPR and Ukrainian legislation, you have the right to withdraw consent at any time:

Withdrawal Methods:

• Through profile settings
• By email to privacy@worldmates.club
• Through feedback form
• When deleting account

Consequences of Withdrawal:

• Cessation of processing for voluntary purposes
• Possible functionality limitations
• Data retention for legal obligations
• Notification about withdrawal consequences

5.3 Minor Consent

Special Requirements:

• Age of consent: 16 years (according to GDPR)
• For users 13-15 years: parental/guardian consent
• For users under 13: use prohibited
• Additional protection for minor data

Verification Procedures:

• Age verification during registration
• Document requests when false data suspected
• Additional protection measures for minors
• Parental notifications about suspicious activity

---

6. DATA SHARING AND THIRD-PARTY TRANSFERS

6.1 Categories of Data Recipients

Service Providers (Processors):

• Hosting providers (data storage)
• Cloud services (backup)
• Analytics platforms (Google, Yandex)
• Payment systems (payment processing)
• Email delivery services (notification sending)

Integration Partners:

• Social networks (Facebook, Google, VK)
• Advertising networks (targeted advertising display)
• Content providers (media files)
• Moderation services (content verification)

6.2 Legal Basis for Transfer

User Consent:

• Explicit consent for transfer to specific third parties
• Integration with external services by user choice
• Publishing content in public access

Legal Obligations:

• Law enforcement requests (according to Ukrainian legislation)
• Court orders
• Tax legislation compliance
• National security protection

Legitimate Interests:

• Fraud prevention
• Platform security assurance
• Protection of other users' rights and freedoms
• System technical maintenance

6.3 International Data Transfers

Transfer Countries:

• EU countries (adequate level of protection)
• USA (Standard Contractual Clauses)
• Other countries (with appropriate safeguards)

Protection Guarantees:

• EU Standard Contractual Clauses
• European Commission adequacy decisions
• Binding Corporate Rules
• Certifications and codes of conduct

6.4 Transfer Prohibitions

We DO NOT transfer data to:

• Marketing companies without consent
• Data brokers for sale
• Third parties for unauthorized marketing
• Organizations in countries without adequate protection (without safeguards)

---

7. DATA STORAGE AND SECURITY

7.1 Data Retention Periods

Active Accounts:

• Profile data: until account deletion
• User content: until deletion or deactivation
• Technical logs: 12 months
• Communication data: until user deletes messages

Inactive Accounts:

• Accounts without activity 2+ years: deactivation notification
• Accounts without activity 3+ years: data deletion
• Backup copies: up to 90 days after deletion
• Anonymized data: without restrictions

Legal Obligations:

• Tax reporting data: according to legislation requirements
• Law enforcement request data: according to request terms
• Security logs: 3 years
• Litigation data: until process completion

7.2 Technical Security Measures

Data Encryption:

• TLS 1.3 for data transmission
• AES-256 for storing particularly important data
• Password hashing (bcrypt, scrypt)
• Backup encryption

Access Control:

• Multi-factor authentication for administrators
• Role-based data access model
• Regular system account password changes
• Personal data access monitoring

Infrastructure Protection:

• Firewalls
• Intrusion detection systems (IDS/IPS)
• Regular security updates
• Isolated network environment for data storage

7.3 Organizational Security Measures

Staff Training:

• Regular privacy training
• Non-disclosure agreement signing
• Limited access to personal data
• Incident response procedures

Audit and Monitoring:

• Regular security audits
• Penetration testing
• User activity monitoring
• All data actions logging

Response Plans:

• Data breach response plan
• Breach notification procedures
• Emergency response contacts
• Regular plan testing

7.4 Security Breach Notifications

Notification Obligations:

• Regulator notification within 72 hours (GDPR)
• User notification for high risk
• All incidents documentation
• Breach remediation measures

Notification Content:

• Description of breach nature
• Categories of affected data
• Approximate number of data subjects
• Breach consequences and measures taken

---

8. DATA SUBJECT RIGHTS

8.1 Rights under Ukrainian Legislation

According to the Law of Ukraine "On Personal Data Protection," you have the following rights:

Right to Information:

• Know purposes of your data processing
• Receive information about categories of processed data
• Know data processing periods
• Receive information about data recipients

Right of Access:

• Receive confirmation of data processing fact
• Receive copies of processed data
• Know data sources
• Receive information about processing methods

Right to Rectification and Deletion:

• Demand correction of inaccurate data
• Demand completion of incomplete data
• Demand data deletion when no legal grounds exist
• Demand processing cessation

8.2 Rights under GDPR

For EU users, the following additional GDPR rights apply:

Right to Data Portability (Article 20):

• Receiving data in structured, machine-readable format
• Transferring data to another controller without hindrance
• Direct transfer between controllers (where technically feasible)

Right to Restrict Processing (Article 18):

• Processing suspension when disputing data accuracy
• Restriction instead of deletion for unlawful processing
• Data preservation for legal claims protection

Right to Object (Article 21):

• Objection to processing based on legitimate interests
• Objection to direct marketing
• Objection to profiling

8.3 Rights under CCPA (for California Residents)

California residents have the following rights under CCPA:

Right to Know:

• Categories of personal data collected
• Purposes of personal data use
• Categories of third parties receiving data
• Specific pieces of collected data

Right to Delete:

• Demand personal data deletion
• Exceptions for legal obligations fulfillment
• Third-party notification about deletion

Right to Opt-Out of Sale:

• Refuse sale of personal data to third parties
• Clear opt-out instructions
• No discrimination for refusal

8.4 Rights Implementation Procedures

Request Submission:

• Email: privacy@worldmates.club
• Website form: worldmates.club/privacy-request
• Written request by postal address
• Through profile settings (for some rights)

Review Timeframes:

• Standard requests: up to 10 days (Ukrainian legislation)
• Complex requests: up to 30 days with possible 60-day extension
• Extension notification: within 30 days
• Emergency requests: within 72 hours

Identity Verification:

• Email address verification
• Additional documents request when necessary
• SMS or other verification methods
• Additional measures for particularly important requests

---

9. COOKIES AND SIMILAR TECHNOLOGIES

9.1 Types of Cookies Used

Essential Cookies:

• Session cookies for maintaining login
• Security cookies
• Language preference cookies
• Shopping cart and form cookies

Functional Cookies:

• User preference saving
• Interface preference memory
• Form auto-completion
• Content personalization

Analytics Cookies:

• Google Analytics (traffic analysis)
• Yandex.Metrica (behavioral analytics)
• Hotjar (user experience analysis)
• Internal analytics systems

Advertising Cookies:

• Facebook Pixel (retargeting)
• Google Ads (relevant advertising display)
• Cookies for preventing inappropriate ad display
• Advertising campaign effectiveness measurement

9.2 Cookie Management

Cookie Consent:

• Cookie banner on first visit
• Ability to choose cookie types
• Separate consent for analytics and advertising cookies
• Easy consent withdrawal method

Browser Settings:

• Instructions for disabling cookies in different browsers
• Impact of disabling on site functionality
• Alternative service usage methods
• Regular settings verification

9.3 Alternative Tracking Technologies

Web Beacons:

• Email newsletter opening tracking
• Content effectiveness analysis
• Technical parameter monitoring

Local Storage:

• HTML5 Local Storage
• Session Storage
• IndexedDB for offline functionality

Device Fingerprinting:

• Device technical characteristics collection
• Used only for security purposes
• Not used for creating permanent profiles

---

10. MINORS PROTECTION

10.1 Age Restrictions and Consent

Minimum Usage Age:

• General rule: 16 years (according to GDPR)
• Ukraine: 16 years (national legislation)
• USA (COPPA): 13 years with parental consent
• California (CCPA): special requirements for persons under 16

Parental/Guardian Consent:

• For users 13-15 years: mandatory parental consent
• Parental consent verification
• Parents' right to control children's data
• Data deletion possibility upon parental request

10.2 Additional Protection Measures

Technical Restrictions:

• Limited visibility of minor profiles
• Ban on direct messages from unknown adults
• Automatic filtering of potentially dangerous content
• Additional privacy settings by default

Educational Measures:

• Digital safety training materials
• Safe online behavior recommendations
• Partnership with educational organizations
• Regular privacy reminders

Parental Controls:

• Tools for monitoring children's activity
• Parent notifications about suspicious contacts
• Usage time limitation capability
• Family safety settings

10.3 Detection and Protection Procedures

Minor Detection:

• Behavior analysis algorithms
• Stated age verification
• Reports from other users
• Proactive content moderation

Violation Response:

• Immediate blocking of suspicious contacts
• Law enforcement notification when necessary
• Support for affected users
• Cooperation with child protection organizations

---

11. INTERNATIONAL DATA TRANSFERS

11.1 Transfer Countries and Regions

Countries with EU Adequacy Decision:

• All EU/EEA member countries
• Andorra, Argentina, Canada (partially)
• Faroe Islands, Guernsey, Isle of Man
• Israel, Japan, New Zealand
• Switzerland, Uruguay, United Kingdom

USA and Other Countries:

• Transfer based on Standard Contractual Clauses
• Additional technical and organizational measures
• Destination country legislation assessment
• Alternative transfer mechanisms when necessary

11.2 Transfer Protection Guarantees

Standard Contractual Clauses (SCC):

• Use of current SCC 2021/914 European Commission
• Additional protection measures according to EDPB recommendations
• Government access assessment in destination country
• Regular adequacy review

Binding Corporate Rules (BCR):

• Internal rules for company groups
• EU supervisory authority approval
• Uniform protection standards in all jurisdictions
• Control and compliance mechanisms

Certifications and Codes of Conduct:

• ISO 27001 (information security)
• SOC 2 Type II (security controls)
• Industry codes of conduct
• Independent compliance audits

11.3 Special Transfer Situations

Emergency Circumstances:

• Protection of data subject vital interests
• Prevention of serious health or safety threats
• Law enforcement cooperation
• International sanctions compliance

Martial Law in Ukraine:

• Special requirements for Ukrainian citizen data protection
• Transfer restrictions to certain jurisdictions
• Additional cybersecurity measures
• Cooperation with Ukrainian law enforcement

---

12. AUTOMATED DECISION-MAKING AND PROFILING

12.1 Automated Systems Usage

Application Areas:

• News feed and recommendation personalization
• Automatic content moderation
• Relevant advertising determination
• Suspicious activity and fraud detection
• Spam prevention system

Machine Learning Algorithms:

• User preference analysis
• Content classification
• Facial recognition (only with consent)
• Text sentiment analysis
• Security behavior prediction

12.2 Data Subject Rights Regarding Automated Decisions

Right Not to be Subject to Automated Decision-Making (GDPR Article 22):

• Information about automated decision-making existence
• Decision-making logic explanation
• Right to request human intervention
• Right to contest automated decision

Special Safeguards:

• Human oversight for critically important decisions
• Ability to appeal automatic moderation decisions
• Algorithm transparency (within reasonable limits)
• Regular algorithm review and adjustment

12.3 User Profiling

Types of Profiling:

• Interests and preferences for personalization
• Advertising profiles (only with consent)
• Security profiles for threat detection
• Profiles for user experience improvement

Profiling Limitations:

• Discriminatory profiling prohibition
• Special protection for minors
• Right to refuse profiling
• Profiling criteria transparency

---

13. DATA PROCESSING IN SPECIAL SITUATIONS

13.1 Martial Law in Ukraine

Additional Security Measures:

• Enhanced protection of Ukrainian user data
• Monitoring unauthorized access attempts
• Geolocation data processing restrictions
• Special procedures for law enforcement requests

Government Agency Cooperation:

• Data provision for national security needs
• Account blocking upon SBU request
• Assistance in disinformation detection
• Critical information infrastructure protection

13.2 Emergency Situations

Life and Health Threats:

• Data processing without consent for life-saving
• Medical information transfer to emergency services
• Emergency services coordination
• Contact notification in emergencies

Cybersecurity:

• Threat information sharing with other platforms
• Incident response center cooperation
• Cyberattack data transfer to law enforcement
• Critical infrastructure protection

13.3 Law Enforcement Activities

Law Enforcement Cooperation:

• Data provision upon official requests
• Data preservation for ongoing investigations
• Emergency data disclosure for life threats
• Suspicious activity reporting

Procedures and Safeguards:

• Request legality verification
• Transferred data minimization
• All transfers documentation
• Data subject rights protection within law

---

14. DATA PROTECTION OFFICER CONTACTS

14.1 DPO Contact Information

Data Protection Officer:

• Email: dpo@worldmates.club
• Phone: [DPO phone number]
• Postal address: [correspondence address]
• Working hours: Mon-Fri, 9:00-18:00 (Kyiv time)

Specialized Contacts:

• GDPR inquiries: gdpr@worldmates.club
• CCPA inquiries: ccpa@worldmates.club
• Ukrainian legislation: ukraine-privacy@worldmates.club
• Emergency situations: emergency-privacy@worldmates.club

14.2 Complaint and Request Submission

Types of Inquiries:

• Data access requests
• Data processing complaints
• Rectification or deletion demands
• Processing consent withdrawal
• Privacy policy questions

Inquiry Form:

• Online form: worldmates.club/privacy-request
• Email with mandatory fields
• Written postal request
• Phone consultation (preliminary)

14.3 Supervisory Authorities

Ukraine:

• Commissioner for Human Rights of the Verkhovna Rada of Ukraine
• Address: 21/8 Institutska St., Kyiv, 01008
• Email: hotline@ombudsman.gov.ua
• Phone: +380 44 253-74-40

European Union:

• For EU users - national supervisory authorities
• European Data Protection Board (EDPB)
• One-Stop-Shop mechanism

USA (California):

• California Attorney General's Office
• Privacy Enforcement Section
• 1300 I Street Sacramento, CA 95814
• privacy@oag.ca.gov

---

15. PRIVACY POLICY CHANGES

15.1 Change Implementation Procedures

Types of Changes:

• Material changes: new processing purposes, data categories
• Technical changes: protection improvements, new technologies
• Legal changes: new legislation compliance
• Editorial changes: clarifications, error corrections

Change Notifications:

• Email to all registered users (material changes)
• App and website notifications
• Official website publication
• Social media notifications

15.2 Notification Timeframes

Material Changes:

• Notification 30 days before effective date
• Ability to refuse new terms
• Change nature explanation
• Service refusal instructions upon disagreement

Non-material Changes:

• Notification 7 days prior
• News section publication
• Policy change marking

15.3 Change Consent

Obtaining Consent:

• Continued service use means consent
• Active consent for material changes
• Refusal possibility before changes take effect
• Clear disagreement expression instructions

---

16. FINAL PROVISIONS

16.1 Policy Applicability

Territorial Applicability:

• Policy applies to all WorldMates.club users
• Additional rights for EU users (GDPR)
• Special rights for California residents (CCPA)
• Ukrainian legislation compliance for all

Temporal Applicability:

• Policy effective from publication date
• Changes take effect from specified date
• Previous versions archived
• Transitional provisions for existing users

16.2 Relationship with Other Documents

Document Hierarchy:

1. Applicable legislation
2. WorldMates.club Terms of Use
3. This Privacy Policy
4. Additional agreements and policies

Contradiction Resolution:

• Legislation takes priority in case of contradictions
• Stricter requirements take priority
• Individual agreements may provide additional guarantees

16.3 Language Versions

Official Languages:

• Ukrainian (primary version)
• English (for international users)
• Ukrainian version takes priority in case of discrepancies

Translations:

• Unofficial translations may be provided for convenience
• Only official versions have legal force
• Regular translation updates

---

17. ADDITIONAL INFORMATION

17.1 Useful Resources

For Users:

• Help Center: help.worldmates.club
• Privacy settings guide
• Data protection FAQ
• Digital safety educational materials

For Developers:

• API documentation for data handling
• Personal data processing requirements
• Technical security standards
• Privacy-compliant integration procedures

17.2 Self-Service Tools

Data Management:

• Download copy of your data
• Profile data correction tools
• Privacy and visibility settings
• Activity history and deletion capability

Consent Settings:

• Processing consent management
• Advertising preference settings
• Notification subscriptions
• Third-party data transfer consents

17.3 Reporting and Transparency

Regular Reports:

• Annual transparency report
• Law enforcement request statistics
• Security breach data
• Data protection improvements

Initiative Participation:

• Regulator cooperation
• Industry standards participation
• Privacy research support
• Educational programs

---

APPENDICES

Appendix A: Data Processor List

Main Technology Partners:

1. Hosting and Infrastructure

   • [Provider Name]
   • Server locations: [countries]
   • Data categories: all user data
   • Protection measures: [measures list]

2. Analytics Services

   • Google Analytics
   • Data: anonymized statistics
   • Agreements: Standard Contractual Clauses

3. Communication Services

   • Email providers
   • SMS gateways
   • Push notifications
   • Data: contact information, message content

Appendix B: Technical Documentation

Encryption Algorithms Used:

• TLS 1.3 for HTTPS connections
• AES-256-GCM for data storage
• bcrypt for password hashing
• RSA-4096 for key exchange

Compliance Standards:

• ISO 27001 (information security)
• SOC 2 Type II (security controls)
• GDPR Article 32 (processing security)
• NIST Cybersecurity Framework

---

Contact Information:

WorldMates.club
Individual Entrepreneur
Address: Dnipro, Ukraine
Email: privacy@worldmates.club
Phone: [Phone Number]

Data Protection Officer:
Email: dpo@worldmates.club

For Urgent Inquiries:
Email: emergency-privacy@worldmates.club

---

This Privacy Policy has been developed in accordance with Ukrainian legislation, GDPR, CCPA requirements and industry best practices. We recommend regularly checking for updates at worldmates.club/privacy

Last Updated: August 12, 2025
Next Scheduled Review: February 12, 2026