This Privacy Policy (the “Policy”) is adopted by Limited Liability Company “ONIX-SYSTEMS” for the website health.onix-systems.com (the “Website”) as part of ONIX-SYSTEMS LLC’s internal privacy system, which includes policies and procedures to ensure the security of personal data, protect data privacy rights, and comply with applicable data protection laws. This Policy (together with our Cookie Policy below and Terms and Conditions) sets out how we process and protect personal data, and explains your rights and how you can exercise them.
The person who visits the website health.onix-systems.com or uses it in other way in the text of this Policy will be referred to as the “Website user”, “person”, or “you.”
Data Controller and Contact information
Limited Liability Company “ONIX-SYSTEMS”
Address: Tarasa Karpy, 76, office A, Kropyvnytskyi, 25006
Contact email: healthtech@onix-systems.com
In the text of this Policy, ONIX-SYSTEMS LLC will be referred to as ONIX, “we” or “us.”
General
This Policy has been prepared according to the requirements of multiple legislations. The Law of Ukraine "On Personal Data Protection", the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA) are considered applicable data protection laws.
This Policy relates solely to the website health.onix-systems.com, unless otherwise strictly stated in a specific section, paragraph, rule, or other part of this Policy.
We reserve the right to change or update this Policy at any time, at our discretion. We will notify website users about changes and updates on this page, providing the new text of the Policy (please consider the date of the latest revision above). Any modification or amendment to this Policy will be applied to you and your data as of that revision date. As far as it is technically and legally feasible, we may send a notice about the Policy’s update using any contact information available to us. We also strongly recommend checking this page often, referring to the date of the latest revision above.
We will also contact you if the changes in the Policy affect data processing activities performed on the basis of the website user’s consent. In that case, if required, we’ll have to collect new consent, and you can freely give it or decide not to.
Data collected
Through the website health.onix-systems.com or through third-party services, the following data are collected:
Browser information; city; device information; number of users; session statistics; email address; first name (or first name and last name or nickname, depending on the content of the messages); various types of data as specified in the privacy policy of the service used for consent management; cookies.
Complete details about personal data collection are provided in specific sections of this Policy below or in explanation texts shown before the data is collected.
Personal data is collected in two ways: 1. freely provided by you, or 2. collected automatically when using the website health.onix-systems.com (usage data).
You will always be notified when usage data is collected automatically, with a corresponding warning and explanation text.
If the data requested by the Website is not mandatory, you will be notified and are free to decline to provide this data without consequences to the Website’s availability.
If you are uncertain about which personal data is mandatory, please contact us using the contact information provided in section 1 above.
Third-party personal data
You are fully responsible for any third-party personal data shared through the Website. Please ensure you have proper permission to share that data and that your sharing does not violate third parties’ rights to it.
Data processing
We take necessary and appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the collected data.
We process data using computers and IT-enabled tools, strictly adhering to organizational procedures and protocols related to the specified purposes.
In some cases, access to the data may be provided to appointed persons, involved with the operation of the Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party infrastructure service providers) appointed, if necessary, as data processors by the Owner. The updated list of these parties may be requested from us at any time.
Place of data processing
The Data is processed at our operating offices and in any other places where the parties involved in the processing are located. Depending on your location, data transfers may involve international transfers of personal data. We do it transparently, and you can find out more information in the relevant sections below.
Time of data processing and retention
Unless otherwise specified in this Policy, collected personal data shall be processed and retained for as long as required by the purpose they have been collected for, and may be retained for longer due to applicable legal obligation or based on the users’ consent.
Therefore, the time of retention of the data depends on the basis of data processing:
- Personal data collected for purposes related to the performance of a contract or other agreement between the website user and us shall be retained until such contract (agreement) has been entirely performed.
- Personal data collected for our legitimate interests shall be retained for as long as necessary to fulfill those interests. You may find specific information regarding the legitimate interests in the relevant sections of this Policy or by contacting us.
- Retaining personal data may be permitted for an extended period if the website user has given consent to such processing, as long as this consent is not withdrawn. Furthermore, we may be obliged to retain personal data for a longer period to fulfill a legal obligation or upon order of an authority.
Once the retention period expires, personal data shall be deleted. Therefore, your right of access, to erasure, to rectification, and the right to data portability cannot be enforced after expiration of the retention period.
Data collected and processed. The purposes of processing and the services used for data processing
We collect the following data and use such services for collection and processing:
Google Analytics
Google LLC, USA
Purpose: Website analytics
Personal data: IP address (anonymized), pages visited, session duration, bounce rate, browser type, OS, device category, referral source, UTM parameters, geographic location (city level), events, and conversion goals.
Hotjar
Hotjar Ltd, Malta, EU
Purpose: Behavioral analytics — session recordings, heatmaps, and user interaction analysis.
Personal data: Session recordings (mouse movements, clicks, scrolls), heatmaps of page interactions, IP address (masked), device type, viewport size, pages visited, time on page.
Pipedrive
Pipedrive OÜ, Estonia, EU
Purpose: CRM and lead management — storing and processing contact data submitted via forms, tracking leads through the sales pipeline, and contacting you.
Personal data: Full name, email address, company name, job title, phone number (if provided), message content and inquiry details, lead source, submission date, and other personal data if your message contains it.
CookieYes
CookieYes Ltd, Cyprus, EU
Purpose: Consent management — handling cookie consent, storing user preferences, and maintaining a consent log for GDPR compliance.
Personal data: Consent preferences (accepted/rejected per category), consent timestamp, policy version, IP address (for consent log), user agent string.
Google Tag Manager
Google LLC, USA
Purpose: Tag management — controlling when and whether third-party scripts load on the site based on the user's consent state.
Personal data: No personal data collected directly, but processes consent data to block Google Analytics and Hotjar from loading if consent has not been granted.
We do not collect any sensitive personal information (e.g., social security numbers or biometric information) when you use our site.
In addition to any opt-out feature provided by any of the services listed above, you may learn more about how to generally opt out of interest-based advertising within the dedicated section of our Cookie Policy.
We also collect the data for the following purposes: to provide our service, comply with our legal obligations, respond to enforcement requests, protect our rights and interests, and detect any malicious or fraudulent activity.
For operation and maintenance purposes, the website and any third-party services may collect files that record interaction or use other personal data (such as the IP Address) for this purpose.
We never process your data for unexpected purposes or for purposes incompatible with the purposes originally disclosed, without your consent.
We never sell or share your data for commercial purposes to third parties.
Cookie Policy summary
The Website uses trackers — the technologies that enable the tracking of users, for example, by accessing or storing information on the user’s device. To learn more about the technologies we use, please consult the Cookie Policy section below.
Legal basis of processing of personal data
We may process your personal data if one of the following applies:
- You have given your consent for the processing of personal data for one or several specific purposes.
- processing of personal data is necessary for fulfillment of the obligation under the contract or other agreement between us and the user and/or for any pre-contractual obligations thereof;
- processing of personal data is necessary for compliance with a legal obligation we have.
- processing of personal data is related to a task that is carried out in the public interest or in the exercise of official authority vested in us;
- processing of personal data is necessary for the purposes of the legitimate interests pursued by a third party or by us.
In any case, you may ask us for clarification of the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into an agreement.
Your rights and their execution
Information for users from the EU — General Data Protection Regulation (GDPR)
- Right to be informed: You may obtain information about the processing of your personal data. Please use our contact information above.
- Right of access: You have the right to learn if personal data is being processed by us, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the personal data undergoing processing.
- Right to rectification: You can ask for the verification of the accuracy of your data. If the personal data is incorrect, inaccurate, or incomplete, you have the right to have this data corrected.
- Right to erasure: You can request that personal data be erased when it’s no longer needed or if processing it is unlawful.
- Right to restriction of processing: You can request the restriction of the processing of your personal data in specific cases. In this case, we will not process the data for any purpose other than storing it.
- Right to data portability: You may receive your personal data in a structured, commonly used, and machine-readable format and, if technically feasible, have it transmitted to another controller without any hindrance.
- Right to object: You can object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation. You have the right to withdraw previously given consent to the processing of your personal data.
- Rights in relation to automated decision-making and profiling: You can request that decisions based on your personal data and that significantly affect you are made by natural persons, not only by computers.
You can object to the processing of your personal data for direct marketing purposes at any time, free of charge, and without providing justification. Upon objection, personal data will no longer be processed for such purposes.
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in us, or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection.
Any user has the right to bring a claim before their national competent data protection authority. You can find more info at www.edpb.europa.eu.
You are also entitled to learn about the legal basis for data transfers abroad, including to any international organization governed by public international law or established by two or more countries, and about the security measures taken by us to safeguard your data.
How to exercise your rights
Any requests to exercise your rights can be directed to us through the contact details provided above. Such requests are free of charge and will be answered as early as possible and always within one month. We always provide website users with the information required by law in our answers. Any rectification or erasure of personal data or restriction of processing will be communicated to each recipient, if any, to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. At your request, we will inform you about those recipients.
Information for users from the UK
Please review the Policy above to learn what data we collect from you and the legal bases for our data collection, and to find out what we do with your data.
We will not:
- Sell or rent your data to third parties
- Share your data with third parties for marketing purposes
We will share your data if we are required to do so by law — for example, by court order, or to prevent fraud or other crime.
Please review the Policy above to find out how long we keep your data and where we process and store it.
How we protect your data and keep it secure
We are committed to doing everything possible to keep your data secure. To prevent unauthorized access or disclosure, we have implemented technical and organizational procedures to secure the data we collect about you. We also ensure that any third parties with whom we deal have an obligation to keep all personal data they process on our behalf secure. We evaluate their practices carefully before using their services.
Children’s privacy protection
We recognize the importance of protecting children’s online privacy. Our services are not designed for, nor are they intentionally targeted at, children under 13 years. It is not our policy to intentionally collect or maintain data about anyone under the age of 13.
What are your rights?
You have the right to request:
- Information about how your personal data is processed
- A copy of your personal data (in a structured, commonly used, and machine-readable format)
- To correct immediately any inaccuracies in your personal data.
You can also:
- Raise an objection about how your personal data is processed.
- Request that your personal data be erased if there is no longer a justification for it.
- Ask for the restriction of the processing of your personal data in certain circumstances.
Questions and complaints
Contact us with the contact details provided above if you have questions about this document or the information provided, or questions or requests about your personal data. If you have a complaint, you may contact the Information Commissioner’s Office (ICO) — an independent regulator set up to uphold information rights.
Information Commissioner’s Office
icocasework@ico.org.uk
0303 123 1113
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Information for users from California (CCPA / CPRA)
This section applies to website users in the state of California and supersedes any other possibly divergent or conflicting information contained in the Policy for such users.
You can find details regarding the categories of data processed, the purposes of processing, the categories of recipients of the personal data, if any, the retention period, and further information about personal data in the respective sections of this Policy.
The rights according to CCPA and CPRA
- The right to opt out of the sale or sharing of your personal information: You can opt out of the sale or sharing of your personal data to third parties by sending a request to healthtech@onix-systems.com.
- The right to access personal information: You can request a copy of the personal information we hold about you.
- The right to request the deletion of your personal information: You can request that we delete your personal information, subject to certain exceptions.
- The right to correct inaccurate personal information: If your information is inaccurate, you have the right to request correction.
- The right to non-discrimination: You will not face discrimination for exercising any of your rights.
How to exercise these rights
To exercise your rights under the CCPA, please submit a verifiable request to healthtech@onix-systems.com. Please include the following information to help us process your request:
- Your full name
- The specific request (e.g., to access or delete personal information)
Disclosure of Personal Data
We may disclose any information we have about you (including Personal Data) if we determine that such disclosure is necessary in connection with any investigation or complaint regarding your use of the Website, or to identify, contact, or take legal action against someone who may be causing injury to or interfering with (either intentionally or unintentionally) our rights or property, or the rights or property of visitors to or users of the Website. The information will also be disclosed to comply with any applicable law, regulation, legal process, or governmental request.
Information not contained in this Policy
More details concerning the collection or processing of Personal Data may be requested from us at any time. Please use the contact information above.
Cookie Policy
This document informs Website users about the technologies that help this Website to achieve the purposes described below. Such technologies allow ONIX to access and store information (for example, by using a Cookie) or use resources (for example, by running a script) on a Website user’s device as they interact with this Website.
In this Cookie Policy, we define all such technologies as "Trackers" — unless there is a reason to differentiate. For example, while Cookies can be used on both web and mobile browsers, it would be inaccurate to talk about Cookies in the context of mobile apps, as they are a browser-based Tracker. For this reason, the term Cookies is only used where it is specifically meant to indicate that particular type of Tracker.
Some of the purposes for which Trackers are used may also require the consent of the Website user. Whenever consent is given, it can be freely withdrawn at any time following the instructions provided below.
This Website uses Trackers managed directly by ONIX (so-called “first-party” Trackers) and Trackers that enable services provided by a third-party (so-called “third-party” Trackers). Unless otherwise specified in this document, third-party providers may access the Trackers they manage.
The validity and expiration periods of Cookies and other similar Trackers may vary depending on the set lifetime or the relevant provider. Some of them expire when the user’s browsing session is terminated.
In addition to what’s specified in the descriptions within each of the categories below, you may find more precise and updated information regarding lifetime specification as well as any other relevant information — such as the presence of other Trackers — in the linked privacy policies of the respective third-party providers or by contacting us.
How this Application uses Trackers
Necessary
This Website uses so-called “technical” Cookies and other similar Trackers to carry out activities that are strictly necessary for the operation.
How to manage preferences
Users can set or update their preferences via the relevant privacy choices panel available on Website.
With regard to any third-party Trackers, users can manage their preferences via the related opt-out link (where provided), by using the means indicated in the third party’s privacy policy, or by contacting the third party.
How to control or delete Cookies and similar technologies via your device settings
Users may use their own browser settings to:
- See what Cookies or other similar technologies have been set on the device;
- Block Cookies or similar technologies;
- Clear Cookies or similar technologies from the browser.
The browser settings, however, do not allow granular control of consent by category.
You can find information about how to manage Cookies in the most commonly used browsers (Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Edge, Opera) via each browser’s official documentation.
Users may also manage certain categories of Trackers used on mobile apps by opting out through relevant device settings, such as the device advertising settings for mobile devices, or tracking settings in general (relevant settings may be found in the device settings).
How to opt out of interest-based advertising
Notwithstanding the above, Website users may follow the instructions provided by YourOnlineChoices (EU and UK), the Network Advertising Initiative (USA), or other similar services. Such initiatives enable users to select their tracking preferences for most advertising tools to control interest-based advertising on mobile apps.
Consequences of denying the use of Trackers
Users are free to decide whether or not to allow the use of Trackers. However, please note that Trackers help this Website to provide a better experience and advanced functionalities to users (in line with the purposes outlined in this document). Therefore, if the user chooses to block the use of Trackers, some features will not be provided.
Given the complex nature of tracking technologies, you are encouraged to contact us if you require any additional information on the use of such technologies by this Website.