Login
ua
Ambulance
(044) 495-2-888
Order a call back
Ambulance
Ambulance

Privacy and Cookie Policy

Last updated: 28.04.2026

This Privacy Policy explains in clear terms what information we collect, why we collect it, how we use it, and what rights you have regarding your data.

This policy applies to all services, websites, and platforms operated by LLC "Medical center "Dobrobut-Polyklinika", LLC "Medical center "Dobrobut-Statsionar", LLC "Medical center "Dobrobut-Dentistry", LLC "Medical center "Dobrobut-Vertebrology" and its affiliated companies (collectively referred to as “Dobrobut”, “we”, “our”, or “us”), including https://dobrobut.com/ and any other services that link to this Privacy Policy.

If you are located in the European Economic Area (EEA) or the United Kingdom, your personal information is protected under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK GDPR. These regulations establish strict rules on how organizations may collect, use, and protect personal data.

Under GDPR, “personal data” means any information that can identify you directly or indirectly, such as your name, email address, IP address, or employment information (Article 4 GDPR).

In some situations, our services may involve the processing of health-related or medical information. Under GDPR, such information is classified as “special category data” and is subject to stronger protections (Article 9 GDPR). Whenever such data is processed, we apply additional safeguards and legal requirements.

By accessing or using our Services, you acknowledge that your personal data may be processed as described in this Privacy Policy.

Who Is Responsible for Your Data

(Article 13 GDPR)

The organization responsible for deciding how and why your personal data is processed is known as the data controller.

For the purposes of this Privacy Policy, the data controller is:

LLC "Medical center "Dobrobut-Polyklinika"

If you have questions about this policy, about your personal data, or about how we process information, you can contact our Data Protection Officer (DPO):

Email: [email protected]

Our Data Protection Officer is responsible for ensuring that personal data is processed in accordance with applicable data protection laws.

What Personal Data We Collect and How

We collect personal data in several ways:

  • Directly from you, when you voluntarily provide information
  • Automatically, when you use our website or services
  • From trusted third parties, such as recruitment platforms or marketing partners

The types of information we collect depend on how you interact with us and/or our services.

Information You Provide Directly

Event Registration and Participation

If you register for events such as:

  • conferences
  • talks
  • workshops
  • meetups
  • hackathons
  • competitions

we may ask you to provide basic information including:

  • your first and last name
  • your email address
  • your professional affiliation
  • any message or comments you include when registering

We collect this information so we can manage registrations, communicate event details, and provide event-related materials.

Communication With Us

If you contact us through our website, email, or other communication channels, we may collect information such as:

  • your name
  • your email address
  • your phone number
  • the contents of your message
  • any attachments you send

We use this information primarily to respond to your request and provide assistance.

If you subscribe to updates from our blog or newsletters, we may also ask for:

  • your name
  • your email address
  • your areas of interest

This helps us send you information that is relevant to your professional interests.

Recruitment and Careers

If you apply for a job with Dobrobut, we collect information necessary to evaluate your application.

This may include:

  • contact details
  • resume or CV
  • employment history
  • education history
  • professional qualifications

If you apply through a third-party platform such as LinkedIn, we may also receive information you make publicly available on that platform.

This information is used strictly for recruitment and hiring purposes.

Information Collected Automatically When You Use Our Services

Whenever you visit our website or interact with our services, certain technical information is collected automatically.

This includes:

  • your IP address
  • browser type
  • operating system
  • device identifiers
  • pages visited
  • interaction logs
  • timestamps of visits
  • referring websites

This information helps us understand how people use our website and how we can improve it.

For example, by analyzing this data we can determine:

  • which pages are most useful to users
  • where users experience technical issues
  • how to optimize website performance

We may also estimate your general geographic region based on your IP address. This allows us to better understand where our users come from, but it does not identify your exact location.

Shape

Cookies and Tracking Technologies

(Article 6(1)(a) GDPR)

Like most websites, we use cookies and similar technologies.

Cookies are small files stored on your device that help websites function properly and improve user experience.

We use cookies for several purposes:

Essential Cookies

These cookies are required for the basic operation of our website. Without them, certain features would not function.

Functional Cookies

These cookies remember preferences such as language settings or previously entered information.

Analytics Cookies

These help us understand how visitors interact with our website. For example, we may analyze how long users stay on certain pages or which pages are most frequently visited.

Advertising Cookies

These cookies help deliver advertisements that are more relevant to your interests.

Where required by law, we ask for your consent before placing non-essential cookies on your device.

You can manage or withdraw your cookie preferences at any time through your browser settings.

Information From Third Parties

Sometimes we receive information about you from third parties.

This may include:

  • social media platforms where you interact with our content
  • event partners
  • marketing partners
  • recruitment platforms

For example, if you interact with our page on LinkedIn or Facebook, some information about your interaction may be shared with us through those platforms.

Processing of Health or Medical Data

(Article 9 GDPR)

In some limited situations, our services may involve the processing of health-related information.

Under GDPR, this type of information is considered special category personal data, which means it requires stronger protections.

We process such data only when legally permitted, including when:

  • you have given explicit consent (Article 9(2)(a))
  • processing is necessary for health-related services (Article 9(2)(h))
  • processing is required for legal or regulatory reasons

Whenever such data is processed, we apply additional safeguards such as:

  • strict access controls
  • encryption
  • role-based permissions
  • confidentiality obligations for staff

Why We Use Your Personal Data

(Articles 5 and 6 GDPR)

We use the information we collect for several purposes, including:

  • providing and maintaining our services
  • responding to inquiries and requests
  • managing event registrations
  • improving our websites and services
  • conducting research and analytics
  • sending marketing communications when permitted
  • detecting fraud and security issues
  • complying with legal obligations

In some cases, we also use aggregated or anonymized data for internal analysis and business insights.

Legal Bases for Processing

(Article 6 GDPR)

Under GDPR, we must have a valid legal reason to process personal data.

We rely on the following legal bases:

Consent

In some cases we process data because you have given permission. For example:

  • subscribing to marketing emails
  • accepting cookies
  • participating in certain events

You can withdraw consent at any time.

Contractual Necessity

Some data processing is necessary in order to provide services you request, such as:

  • responding to inquiries
  • managing event registrations
  • handling recruitment applications

Legal Obligations

Sometimes we must process personal data to comply with laws and regulations, including:

  • tax laws
  • employment regulations
  • financial reporting requirements

Legitimate Interests

We may also process personal data when it is necessary for our legitimate business interests, provided that your rights and freedoms are not overridden.

Examples include:

  • improving our services
  • protecting system security
  • preventing fraud
  • conducting internal analytics

Sharing of Personal Data

(Article 28 GDPR)

We may share personal data with trusted partners who help us operate our services.

These may include:

  • cloud infrastructure providers
  • marketing service providers
  • analytics providers
  • recruitment platforms
  • IT support providers

All such partners are contractually required to protect personal data and process it only according to our instructions.

We may also disclose personal data:

  • if required by law
  • to protect legal rights
  • during mergers or business transactions

International Data Transfers

(Articles 44–49 GDPR)

Because Dobrobut operates in Ukraine, personal data may sometimes be transferred outside the European Economic Area.

When this happens, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • additional technical safeguards

These mechanisms ensure that your personal data remains protected even when transferred internationally.

Data Retention

(Article 5 GDPR)

We keep personal data only as long as necessary for the purposes described in this policy.

Retention periods depend on several factors, including:

  • legal requirements
  • contractual obligations
  • operational needs

When personal data is no longer needed, it is securely deleted or anonymized.

Security of Your Data

(Articles 24 and 32 GDPR)

Protecting personal data is extremely important to us.

We implement technical and organizational measures including:

  • encryption
  • access controls
  • network monitoring
  • vulnerability scanning
  • employee security training

Our security program aligns with internationally recognized standards such as ISO 27001:2022.

However, no system can guarantee absolute security, and we continuously improve our safeguards.

Personal Data Breach Notification

(Articles 33–34 GDPR)

Despite the technical and organizational security measures we implement to protect personal data, no system can be completely immune from security incidents. In the unlikely event that a personal data breach occurs, we has established procedures designed to detect, investigate, contain, and respond to such incidents as quickly as possible.

A personal data breach refers to a security incident that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data (Article 4(12) GDPR).

Incident Detection and Response

We maintains internal security monitoring systems and incident response procedures designed to identify potential security issues quickly. When a potential breach is detected, our security and privacy teams immediately investigate the incident to determine:

  • the nature and scope of the breach
  • what categories of personal data may be affected
  • the number of individuals potentially impacted
  • the potential risks to individuals' rights and freedoms

Our goal is to contain the incident, mitigate potential harm, and restore system security as quickly as possible.

Notification to Supervisory Authorities

If a personal data breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant data protection supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of the breach.

The notification will include, where possible:

  • a description of the nature of the breach
  • the categories and approximate number of affected individuals
  • the categories and approximate number of affected data records
  • the likely consequences of the breach
  • the measures taken or proposed to address the breach and mitigate potential harm

Notification to Affected Individuals

If the breach is likely to result in a high risk to individuals' rights and freedoms, we will notify affected individuals without undue delay.

Such notification will include clear information about:

  • the nature of the breach
  • the possible consequences
  • the measures we have taken or are taking to address the breach
  • recommended steps individuals can take to protect themselves

However, notification to individuals may not be required if:

  • the compromised data was protected through strong security measures such as encryption;
  • immediate corrective actions eliminated the risk to individuals; or
  • notifying individuals would involve disproportionate effort, in which case public communication may be used instead.

Internal Documentation and Review

In accordance with GDPR requirements, we maintains internal records of all personal data breaches, including incidents that do not require notification. These records help us monitor patterns, improve our security practices, and prevent similar incidents in the future.

Following any incident, we conduct a post-incident review to evaluate our response and strengthen our technical and organizational safeguards where necessary.

Your Rights Under GDPR

(Articles 15–22 GDPR)

If you are located in the European Economic Area or the United Kingdom, you have several rights regarding your personal data.

These include the right to:

  • access your personal data
  • correct inaccurate data
  • request deletion of your data
  • restrict processing
  • transfer your data to another organization
  • object to certain types of processing

You have the right to withdraw your consent at any time. Requests relating to the withdrawal of consent are processed within 72 hours.

If you believe your data has been handled improperly, you may lodge a complaint with a data protection authority.

Children's Privacy

Our services are not intended for children under the age of 16, and we do not knowingly collect personal data from minors.

If we discover that such information has been collected, it will be deleted promptly.

Third-Party Websites

Our services may contain links to websites operated by third parties.

We are not responsible for the privacy practices of those websites, and we encourage you to review their privacy policies before providing any personal data.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

When significant changes are made, we will notify users through our website or other appropriate channels.

The updated version will always include the date of the latest revision.