Edition effective from May 26, 2025
1. Introduction
This Privacy Policy (hereinafter referred to as the “Policy”) defines the procedure for processing and protecting personal data of users of the website https://evgeniianikulina.com (hereinafter referred to as the “Website”), as well as regulates the relationships between users and the company EVGENIIA NIKULINA SL, a legal entity registered in the Kingdom of Spain, and its partners (in accordance with the Offer), and other engaged parties acting on the basis of contractual relationships for the purpose of fulfilling obligations towards users (hereinafter referred to as the “Controller” or “Service Provider”).
The Service Provider processes personal data in accordance with the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and other applicable legal norms.
Legal basis for personal data processing.
We process your personal data on the legal basis provided for in Article 6(1)(b) GDPR — processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
Thus, the processing of personal data is necessary for:
• processing and fulfillment of orders for information and educational services;
• fulfilling our obligations to users under the concluded contract (public offer);
• providing access to courses and services, supporting users in the course of service delivery;
• fulfilling the legal obligations of the Service Provider.
Therefore, a separate consent to the processing of personal data for the conclusion and execution of the contract is not required.
Processing of personal data based on consent
Separate consent is requested only in cases where personal data processing is carried out for other purposes not related to the performance of the contract, in particular:
• for sending marketing and promotional materials;
• for offering special promotions, discounts, and news from the Controller;
• for conducting surveys and obtaining feedback to improve the quality of services provided.
In such cases, you have the right to withdraw your consent at any time by sending the appropriate notice to the Controller.
By using the Website, products, and/or Services (the “Services”), you confirm that you have read this Privacy Policy, understand its provisions, and accept them in full.
In case of disagreement with the provisions of this Privacy Policy, you must refrain from using the Website and receiving the Services and, if necessary, contact the Service Provider for clarification.
This Privacy Policy reflects the Controller’s obligations to ensure the lawfulness, fairness, and transparency of personal data processing, as well as to comply with the rights of data subjects in accordance with applicable law.
The purpose of this Policy is to inform you about your rights, the legal bases, and the procedures for processing your personal data by the Controller for the purpose of concluding and performing a contract (Offer), as well as in the course of providing other Services specified on the Website or in the Controller’s social media accounts.
1.1. Key principles of personal data processing
When processing your personal data, the Controller adheres to the following principles in accordance with the provisions of Regulation (EU) 2016/679 (GDPR) and applicable law:
• Lawfulness, fairness, and transparency — data is processed on lawful grounds, fairly, and transparently for the data subject;
• Purpose limitation — data is collected and processed solely for specific, pre-defined, and lawful purposes about which you are informed;
• Data minimization — only data necessary to achieve the stated purposes is processed;
• Accuracy — reasonable measures are taken to ensure that the processed personal data is accurate and up to date;
• Storage limitation — personal data is retained no longer than necessary for the purposes of its processing or as required by law;
• Integrity and confidentiality — appropriate technical and organizational measures are taken to protect personal data against unauthorized or unlawful access, loss, destruction, or damage;
• Accountability — the Controller is responsible for compliance with the above principles and is prepared to demonstrate such compliance at any time.
1.2. Scope of the Policy
This Policy applies to all personal data that the Controller receives and processes when you use:
• the Website: https://evgeniianikulina.com;
• communications with the Controller and Partners (including email, telephone calls, chats);
• social networks and messengers;
• offline interactions (during offline events and/or the provision of offline services).
Personal data processing may also include information received from third parties on the basis of your consent or within the framework of performing the contract.
The processing and storage of personal data are carried out using certified platforms and technical solutions, as well as other systems that ensure a high level of information security and compliance with applicable legal requirements.
Personal data is processed and stored on servers located in the European Union, and, if necessary, in other jurisdictions, in compliance with the requirements of the GDPR and international security standards.
When services are provided by Partners registered in the territory of Ukraine, the processing of personal data is also carried out in compliance with the requirements of Ukrainian legislation on personal data protection.
2. Key Definitions
2.1. Website
A collection of graphic and informational materials, software, and databases hosted on the Internet at: https://evgeniianikulina.com. The Website is the primary tool for interaction between the Service Provider and you.
2.2. Personal Data Information System
A collection of personal data contained in databases, along with information technologies and technical means that ensure the processing of such data. It includes security systems designed to prevent unauthorized access.
2.3. Anonymization of personal data
Actions that make it impossible to determine which data subject certain personal data relates to without the use of additional information. Anonymization is used, among other things, during analytical data processing.
2.4. Personal data processing
Any operation or set of operations performed on personal data, with or without the use of automated means, including collection, recording, systematization, storage, alteration, use, transfer (dissemination, provision, access), anonymization, deletion, and destruction of personal data. All actions are performed in strict accordance with applicable law.
2.5. Personal Data Controller
A legal entity that determines the purposes and means of processing personal data and is responsible for compliance with this Policy. The Controller of personal data under this Policy is EVGENIIA NIKULINA SL (the “Controller”).
2.6. Personal data
Any information that directly or indirectly relates to an identified or identifiable natural person (you). Personal data may include, among other things, contact information (name, email address, telephone number), data on interaction with the Website, information about orders and receipt of Services, and other data necessary for the performance of the contract.
2.7. Cookies (cookie files)
Small text files stored on your device when you visit the Website.
Cookies allow your browser to be recognized, your preferences to be remembered, and are also used to ensure the correct operation of the Website and to analyze user behavior to improve the quality of the Services provided.
3. Personal Data We Collect
For the provision and improvement of the Services, as well as for the performance of obligations under the contract (Offer) concluded with you, the Service Provider collects and processes various categories of personal data. The collection of personal data is carried out in compliance with the principles of lawfulness, data minimization, and transparency, as established by the GDPR and applicable legislation.
3.1. Identification Information
The Service Provider processes the following personal data:
• full name;
• email address;
• telephone number;
• other contact information (as necessary for the provision of the Services).
If necessary, and solely for the purposes of performing the contract or complying with legal requirements, the following data may also be processed:
• identity document data (passport data, identification code, etc.) — for example, when booking hotels or arranging transportation for offline events;
• emergency contact information.
This data is used exclusively for the proper performance of contractual obligations and the provision of the Services.
3.2. Technical and Usage Data
During your interaction with the Website and/or other digital platforms, the Service Provider automatically collects the following technical data:
• device IP address;
• browser type and version;
• operating system information;
• date and time of visiting the Website;
• visited pages;
• traffic sources;
• session duration.
This data is used to ensure information security, stable operation of the Website, as well as to analyze and improve the quality of the Services provided.
3.3. Financial Information
For the proper processing of payments, the Service Provider processes:
• payment transaction information;
• payment document details;
• order and payment history.
The Service Provider does not store complete payment card data. Processing is carried out exclusively through certified payment operators that comply with the PCI DSS standard. The transaction history is stored in accordance with applicable legal requirements and accounting regulations.
3.4. Marketing and Communication Data
With your consent, the Service Provider processes data for the following purposes:
• sending marketing materials, news, and offers;
• conducting surveys, research, and obtaining feedback to improve the quality of the Services provided;
• personalizing interactions.
You may withdraw your consent to receive marketing materials at any time.
4. Purposes and Legal Bases for Personal Data Processing
Your personal data is processed strictly within the purposes established by law and on the legal bases provided for in Article 6 GDPR.
4.1. Provision of Services
Processing of personal data is necessary for the conclusion and performance of the contract (Offer) between the Service Provider and you (Article 6(1)(b) GDPR), including:
• creating and managing a personal account;
• processing orders and transactions;
• providing access to purchased Services;
• technical support and user assistance;
• personalization of the user experience.
4.2. Marketing Communications
Based on your consent (Article 6(1)(a) GDPR), personal data may be used to send marketing materials and offers.
You may withdraw your consent at any time.
4.3. Compliance with Legal Obligations
Personal data is also processed to comply with legal obligations established by EU or Ukrainian legislation, including:
• maintaining accounting and tax records;
• fulfilling the requirements of public authorities;
• executing court decisions and legal requests.
Legal basis: Article 6(1)(c) GDPR.
5. Transfer of Personal Data to Third Parties and Cross-Border Data Transfers
The transfer of personal data is carried out exclusively to the extent necessary to achieve the purposes of processing, in accordance with the provisions of the GDPR and applicable legislation.
5.1. Categories of Personal Data Recipients
Personal data may be transferred to the following categories of recipients:
• Partners of the Service Provider (including individual entrepreneurs and legal entities) acting under contractual relationships with the Service Provider for the purpose of organizing and fulfilling obligations under the contract (Offer);
• Payment systems and banks — for processing payments;
• Providers of platforms and services necessary for the provision of the Services (including but not limited to: online learning platforms, CRM systems, payment systems, hosting platforms);
• Organizations involved in the organization of offline events (including hotels, logistics companies, event management agencies, venue landlords, transportation operators, and other suppliers of related services);
• Providers of analytical systems (e.g., Google Analytics — subject to your consent);
• Providers of marketing services (based on your consent);
• Legal advisors, accountants, and other professional consultants acting under agreements with the Service Provider and processing data solely on behalf of the Service Provider;
• Competent public authorities (courts, tax authorities, law enforcement agencies), in cases provided for by law.
The transfer of personal data is carried out only to the extent necessary to achieve the relevant processing purposes and to fulfill the Service Provider’s obligations to you.
5.2. Guarantees for Personal Data Transfers
When transferring personal data to third parties, the Service Provider:
• concludes appropriate data processing and confidentiality agreements;
• verifies that recipients have adequate technical and organizational data protection measures in place;
• ensures that only the amount of data necessary for the stated purposes is transferred;
• monitors the proper use of the transferred data.
5.3. Cross-Border Transfer of Personal Data
In certain cases, related to the specifics of the Services provided, in particular:
• organization and conducting of offline events (including accommodation bookings, transportation arrangements, venue rentals, and provision of related services);
• use of cloud platforms and services necessary for the provision of the Services;
• interaction with Partners engaged in the fulfillment of obligations under the contract (Offer);
personal data may be transferred to countries outside the European Union, including countries that do not provide an adequate level of personal data protection within the meaning of Article 45 GDPR.
When carrying out such cross-border transfers, the Service Provider ensures compliance with all requirements of Articles 44–49 GDPR and applies appropriate legal mechanisms, including:
• Standard Contractual Clauses (SCCs) approved by the European Commission;
• other legal mechanisms provided for by applicable law.
The Service Provider takes all necessary technical and organizational measures to ensure the protection of your personal data when transferring it to third countries.
You acknowledge and agree that such transfer is necessary for the performance of the contract (Offer) concluded with you and/or for the provision of the relevant Services, and that without such transfer, certain types of Services (for example, participation in offline events) may not be possible.
5.4. Platforms and Services Used for Personal Data Processing
In the course of its activities and provision of Services, the Service Provider may process personal data using certified platforms.
Personal data is primarily processed and stored on servers located within the European Union. However, data may also be temporarily or permanently stored on servers located in other jurisdictions, depending on the platform used and the nature of the Services provided, subject to compliance with the requirements of the GDPR.
6. Personal Data Retention Period
Personal data is stored only for the period necessary to achieve the purposes of processing, as well as to fulfill the Service Provider’s obligations under the contract (Offer) concluded with you, or in accordance with the requirements of applicable law.
6.1. Retention Periods for Different Categories of Data
• Account data — stored until the account is deleted or a deletion request is received from you;
• Financial data and transaction history — stored for 7 years, in accordance with tax and accounting legal requirements;
• Data used for marketing purposes — stored until you withdraw your consent for its processing;
• Customer support inquiries — stored for 3 years from the date of the last inquiry;
• Technical logs — stored for 1 year;
• Cookies — retention period depends on their type: session cookies are deleted when the browser is closed, persistent cookies are stored for up to 2 years.
6.2. Personal Data Deletion Process
When deleting personal data, the Service Provider applies appropriate technical and organizational measures to ensure secure deletion of data and to prevent its recovery. If the data was transferred to third parties (to the extent permitted and necessary under the contract), the Service Provider notifies the relevant recipients of the need to delete such data.
7. Your Rights Regarding Personal Data
In accordance with the GDPR and applicable legislation, you have the following rights:
7.1. List of Rights
• The right to access your personal data (Art. 15 GDPR);
• The right to rectify inaccurate or incomplete personal data (Art. 16 GDPR);
• The right to erasure (“right to be forgotten”) where there are no legal grounds for further processing (Art. 17 GDPR);
• The right to restrict processing (Art. 18 GDPR);
• The right to data portability (Art. 20 GDPR);
• The right to object to processing (Art. 21 GDPR), including the right to object to data processing for the purposes of direct marketing;
• The right not to be subject to automated decision-making, including profiling (Art. 22 GDPR);
• The right to lodge a complaint with a supervisory authority for data protection: o In Spain — Agencia Española de Protección de Datos (AEPD) (https://www.aepd.es);
o In Ukraine — the Authorized Body for Personal Data Protection under the Verkhovna Rada of Ukraine.
7.2. Procedure for Exercising Rights
To exercise your rights, you may submit an appropriate request:
• to the following email address: moc.liamg%40ytinirt.anilukin;
• through the feedback form on the Website;
• by contacting the official accounts of the Service Provider on social media or messaging platforms.
The Service Provider undertakes to process the request and provide a response within a reasonable time, but no later than 1 month from the date of receipt (with the possibility of extending this period if necessary, in which case you will be notified).
7.3. Limitations on the Exercise of Rights
In certain cases provided for by law, the Service Provider may be limited in the ability to fulfill your request (for example, if fulfilling the request would contradict legal requirements or affect the rights and freedoms of third parties). In such cases, the Service Provider will provide a justified response.
8. Personal Data Protection
The Service Provider implements the necessary technical and organizational measures to protect your personal data from unauthorized or unlawful access, alteration, disclosure, loss, or destruction.
9. Use of Cookies
The Website uses cookies and similar technologies to ensure its proper functioning and improve the user experience.
• Cookies are small text files stored on the user’s device to:
• ensure the operation of the Website;
• remember user preferences;
• analyze interactions with the Website;
• provide personalized content and advertising (based on consent).
Categores of cookies:
• Necessary cookies — ensure the basic functionality of the Website;
• Performance cookies — help improve the performance of the Website;
• Functional cookies — remember user settings;
• Marketing (advertising) cookies — used for personalized advertising (based on consent).
You can manage the use of cookies through your browser settings or special cookie management tools on the Website.
10. Changes to the Privacy Policy
This Privacy Policy is the current version and may be updated due to changes in legislation or the Service Provider’s practices.
In the event of material changes, the Service Provider will publish a new version of the Privacy Policy on the Website.
11. Contact Information
For any questions related to this Privacy Policy or the processing of your personal data, you may contact the Service Provider using the following contact details:
• EVGENIIA NIKULINA SL
• Email: moc.liamg%40ytinirt.anilukin
• Website: https://evgeniianikulina.com
12. Applicable Law and Dispute Resolution
12.1. Applicable Law
This Privacy Policy is governed by and interpreted in accordance with the laws of the Kingdom of Spain (when the Services are provided by the Service Provider) or the laws of Ukraine (when the Services are provided by a Partner or when payment is made to a Partner’s account), depending on the case as specified in the Offer.
12.2. Dispute Resolution
Any disputes arising in connection with this Privacy Policy or the processing of personal data shall be resolved through negotiations. If it is not possible to resolve a dispute through negotiations, the dispute shall be submitted to the competent court at the location of the Service Provider or Partner, in accordance with the applicable law.