Privacy Policy

Last Updated: May 2, 2025

Ramose LLC (“we,” “us,” or “our”), a company registered in Ukraine, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use eRisk-Control (the “Service”), a web application that provides AI-generated risk assessments for workplaces, work types, and professions. By using the Service, you consent to the practices described in this Policy. If you are an EU resident, this Policy ensures compliance with the General Data Protection Regulation (GDPR).

1. Information We Collect

We collect the following information:

• Personal Information: When you create an account (via email or Google OAuth), we collect your full name, email address, profile picture, and, optionally, phone number.
• User Content: Textual information you provide about professions, work types, workplaces (e.g., names and descriptions), and messages sent in the AI chat feature for generating risk assessments.

We do not use cookies or similar tracking technologies. However, if you sign in using Google OAuth, Google may use cookies or other tracking mechanisms, which are governed by Google’s Privacy Policy.

2. How We Use Your Information

We use your information for the following purposes, with the legal bases as required by GDPR:

• To provide and operate the Service, including creating and delivering AI-generated risk assessments (Legal basis: Performance of a contract).
• To authenticate your account and manage your profile (Legal basis: Performance of a contract).
• To respond to your inquiries and provide customer support (Legal basis: Legitimate interest).
• To comply with legal obligations, including Ukrainian and EU data protection laws (Legal basis: Legal obligation).

We do not use your information for marketing or analytics purposes.

3. Sharing Your Information

We may share your information with:

• Third-Party AI Service Provider: We share your User Content (e.g., profession descriptions, AI chat messages) with a third-party AI service to generate risk assessments. This provider is located outside the EU and uses Standard Contractual Clauses to ensure GDPR compliance.
• Legal Authorities: When required by law or to protect our rights, safety, or property (Legal basis: Legal obligation or legitimate interest).
• Business Transfers: In connection with a merger, acquisition, or sale of assets (Legal basis: Legitimate interest).

4. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. After account deletion, we may retain certain information for legal purposes (e.g., compliance with Ukrainian or EU law), but only for the minimum period required. For example, GDPR requires us to delete unnecessary personal data promptly.

5. Your GDPR Rights

If you are an EU resident, you have the following rights under GDPR:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data, subject to legal retention requirements.
• Restriction: Request restricted processing in certain cases.
• Data Portability: Receive your data in a structured, machine-readable format.
• Object: Object to processing based on legitimate interests.
• Withdraw Consent: Withdraw consent at any time, without affecting prior processing.

To exercise these rights, contact us at ramose.group@gmail.com. We will respond within one month, extendable to three months for complex requests. You may also lodge a complaint with an EU data protection authority (e.g., the Office of the Commissioner for Personal Data Protection in Ukraine or your local EU authority).

6. Data Security

We implement reasonable security measures, such as encryption and access controls, to protect your information in accordance with GDPR standards. However, no method of transmission over the Internet is completely secure, and we cannot guarantee absolute security.

7. International Data Transfers

Your information is primarily processed in Ukraine. When shared with our third-party AI service provider (likely in the United States), it is transferred outside the EU. We ensure compliance with GDPR through Standard Contractual Clauses, which provide appropriate safeguards for your data.

8. Children’s Privacy

The Service is intended for users 18 and older and is not directed at children. We do not knowingly collect personal information from individuals under 18. If you believe we have collected such information, please contact us at ramose.group@gmail.com.

9. Data Protection Officer

As our data processing is not large-scale, we are not required to appoint a Data Protection Officer (DPO) under GDPR. However, you may contact our privacy team at ramose.group@gmail.com for any data protection inquiries.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email to the address associated with your account at least 30 days before they take effect, as required by GDPR. Your continued use of the Service after such changes constitutes your acceptance of the new Policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your GDPR rights, please contact us at:
Ramose LLC
Kyiv, 02081, a/b 23
Email: ramose.group@gmail.com

For EU residents, you may also contact your local data protection authority or use the EU’s Online Dispute Resolution platform.