Privacy Policy

Notice on the Processing of Personal Data

Last updated: December 2025

In accordance with the Law of Ukraine "On Personal Data Protection", the Tallinn Mechanism Project Office (hereinafter - TMPO), acting as the data controller, informs users of the Tallinn Mechanism Platform (the "Platform") about the purposes, scope, and conditions of personal data processing carried out through this website and its related services.

By using the Platform, you agree to be bound by these terms and Privacy Policy.  If you do not agree with the terms of this notice, please refrain from using the Platform and its related services.The Platform operates in compliance with the principles and safeguards set out in the EU General Data Protection Regulation (GDPR) and applicable Ukrainian data-protection legislation.

TMPO is responsible for determining the purposes and means of processing personal data collected via the Platform.

For any questions or concerns regarding data protection or this notice, please contact us at:

• Tallinn Mechanism Project Office (TMPO)
• Email: info@tmpo.com.ua

We are committed to protecting your personal data and your right to privacy. When you visit the Platform, register a company profile, or otherwise use its services, you entrust us with certain personal information.

We take this responsibility seriously and process your data only to the extent necessary to operate, improve, and secure the Platform, as described in this Privacy Policy.

1. About this Policy

The Tallinn Mechanism Platform is part of the Tallinn Mechanism initiative. Our goal is to connect verified companies, donors, and partners working in cybersecurity and related fields. Through this Platform you can explore company profiles, learn about donor-endorsed opportunities, and read news and success stories from across the ecosystem.

We take the protection of your personal data seriously. This Privacy Policy explains in clear terms what information we collect when you visit or interact with the Platform, why we collect it, how we use it, and what rights you have under data-protection laws.

This Policy applies to:

• people who visit our public pages (for example, News, Company List, Success Stories, Tenders List);
• registered users who represent companies or otherwise interact with the Platform’s restricted features.

The Platform operates in English.

Analytics and third-party tools

We use privacy-friendly analytics to understand how the Platform is used and to improve its performance. Non-essential cookies and similar technologies load only after you give consent. Full details about the types of cookies and analytics providers are available in our Cookie Policy.

2. Data We Collect

We collect only the information that is necessary for the operation, security, and continuous improvement of the Platform.

The categories of data depend on how you interact with the Platform - whether you simply browse public pages or register a company profile.

2.1 Information you provide voluntarily

You may choose to give us personal or organisational data when you:

• Submit a registration request for a company profile,  including the company name, country of registration, website, corporate email, and selected areas of expertise.
• Complete or update a company profile after approval (e.g., logo, description, services, experience, certificates).
• Contact us via feedback forms or email for technical support or cooperation.
• Subscribe to updates, newsletters, or similar communications (if such features are enabled).

All information is provided voluntarily. Certain fields are marked as required only to enable us to process a registration or respond to a request.

2.2 Information collected automatically

When you visit the Platform, our systems automatically record limited technical data necessary for security and performance monitoring, such as:

• IP address (stored in anonymised  form, not linked to personal identifiers);
• browser type and version, device and operating system;
• pages viewed, time and duration of visit;
• referring site or campaign (if applicable);
• basic diagnostic logs for error handling and security events.

This information is used in aggregated form to ensure reliable operation of the Platform and to detect potential abuse or performance issues.

2.3 Cookies and analytics data

We use privacy-friendly analytics to understand how visitors use the Platform. 

In order for the Platform to function properly, we sometimes place small data files called cookies on Your device - files stored on your device that help us remember preferences, measure performance, and improve usability. It is important to note that all data collected through these cookies is used solely to optimize the functionality and user experience of the Platform and is fully controlled. Non-essential cookies or similar technologies load only after you consent.

The cookie-related information is not used to identify you personally. You have the option block some cookies if desired, however, this may limit the performance of certain site features. 

Details on cookie categories, storage duration, and analytics providers are described in the Cookie Policy.

3. Legal bases for Processing

We rely on one or more of the following legal bases when processing your personal data:

4. How We Use the Data

We process your information only for purposes connected with the operation, security, and improvement of the Platform - based on legitimate interests, consent, legal obligations, or the performance of our agreement with you.

We use the personal information collected through the Platform for the following purposes:

• To create and manage company accounts - to receive and process registration requests, approve eligible profiles, and enable secure access to the company dashboard.
• To provide access to Platform features - including the Company List, Tenders List, News, and other public information resources.
• To publishing donor-endorsed tenders and collaboration opportunities.
• To send administrative or service messages - such as confirmations, technical updates, or information about new or changed Platform features.
• To maintain and protect the Platform - for monitoring, detecting, and preventing misuse, fraud, or technical issues.
• To analyse usage and improve performance - to better understand aggregated trends, usability, and content relevance (using analytics tools only with your consent).
• To comply with legal or institutional requirements - including transparency, reporting, audit, and security obligations related to the Platform’s operation  and if necessary and appropriate, for the preparation and in legal disputes.

TMPO does not use personal data for automated decision-making or profiling that would have legal or significant effects. 

4.1 Data Retention

We keep your information only for as long as it is necessary to achieve the purposes described above, unless a longer period is required by law or institutional obligations. Once the data is no longer needed, it is securely deleted or anonymised in our systems and backups. 

If you request the deletion of your personal data, we will honour your request in accordance with applicable data-protection rules and technical feasibility.

See more details under data retention.

5. With Whom We Share Data

We respect the confidentiality of all personal data and limit access to it as much as possible, in line with these terms, the website’s terms, and applicable laws.

Your information is not sold, rented, or shared for marketing purposes except to the extent that you have granted a licence for the website’s own promotion. Any disclosure of personal data is made only when it is allowed under contract or is necessary to operate the Platform securely and in compliance with legal or institutional obligations.

5.1 Service and technical providers

The Platform may use external service providers (for example, hosting, maintenance, or analytics providers) that process data on behalf of TMPO and only under our documented instructions.

Such providers are bound by confidentiality and data-processing agreements ensuring that personal data is handled securely and only for the purposes defined by TMPO.

5.2 Institutional partners

Where required for coordination or reporting within the Tallinn Mechanism framework, TMPO may share limited information with institutional or donor partners that support the Platform (processor).

In such cases, only the minimum necessary data is shared, and only when appropriate safeguards are in place. When we use authorized processors outside Ukraine or the European Economic Area (EEA), we comply with the permitted grounds set out in the GDPR.

5.3 Legal and regulatory requirements

We may disclose personal data if required to do so by law, by a competent authority, or to protect the rights, property, or safety of TMPO, its users, or the public.

5.4 International transfers

If personal data needs to be transferred outside Ukraine or the European Economic Area (EEA), TMPO will ensure that adequate protection measures are implemented - for example, by using Standard Contractual Clauses or other safeguards (encryption, minimisation etc) recognised under data-protection law.

6. Security of Your Data

We take appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, misuse, or disclosure, and to ensure that it is processed securely in accordance with applicable data-protection laws and GDPR.

7. Data retention

Personal data is retained only as long as necessary for the purposes described in this Policy.

Examples: 

• Account data: until account deletion + 3 years 
• Security logs: up to 12 months 
• Communication records (e.g., support emails): 2 years 
• Analytics cookies: according to Cookie Policy (1–12 months)
• After the retention period, data is securely deleted.

The above deadlines shall not apply if, during that period, it becomes necessary to keep them for longer. For example, in the event of a legal dispute or if there is suspicion of a criminal offence, fraud, or false information, the data will be kept for as long as required by internal rules and applicable laws.

If your account has not been used for 3 years, it will be considered inactive and all of its content and data may be deleted. If you have seriously violated the agreement, we may deactivate your account and immediately delete all of its content and data.

8. Your Rights

You have the right to know what personal data we hold about you and how it is used. You may ask us to correct, update, or delete your personal information, or to limit its use where permitted by law. You have the following rights:: 

• Access your personal data 
• Obtain a copy of personal data 
• Request correction or update 
• Request deletion (“right to be forgotten”) 
• Request restriction of the processing of your personal data in cases where its necessity, accuracy, or lawfulness is contested, or while an objection to processing is being considered. 
• Transfer your data (data portability) 
• Object to processing based on legitimate interests 
• Withdraw consent at any time 

File a complaint with the relevant supervisory authority

If our processing is based on your consent, you can withdraw that consent at any time. To exercise these rights or ask any questions about your data, please contact us at info@tmpo.com.ua.

If you are not satisfied with how we handle your request, you may file a complaint with the relevant data-protection authority. Supervisory authorities:

·         Ukraine: Ukrainian Parliament Commissioner for Human Rights

·         For more information, visit your data protection authority's website.

9. Use by Minors

The Platform is intended for professional and institutional use. We do not knowingly collect personal data from individuals under the age of 18.

10. Contact and Policy Updates

If you have any questions or concerns about how we process personal data, please contact us at info@tmpo.com.ua. 

We may occasionally update this Privacy Policy to reflect changes in legislation, technology, or how the Platform operates. The latest version will always be available on this page, with the date of the most recent update shown at the top.