Approved by the Resolution of the General Meeting of Members of the Public Organization “ASSOCIATION OF COMBATANTS ‘UKRAINIAN VETERANS CORPS’” dated 23 May 2026 No. 23/05-26

NOTICE ON PERSONAL DATA PROCESSING

Pursuant to paragraphs 1 and 2 of part two of Article 8 and part two of Article 12 of the Law of Ukraine “On Personal Data Protection”, the Public Organization “Association of Combatants ‘Ukrainian Veterans Corps’” hereby provides notice regarding the owner, processor, location, scope, and purpose of collection of personal data processed through the software tools of the “VETERAN CORP” mobile application (hereinafter referred to as “VETERAN CORP”), third parties to whom such personal data may be transferred, and the rights of personal data subjects.

1. The “VETERAN CORP” mobile application was created and implemented by the Public Organization “Association of Combatants ‘Ukrainian Veterans Corps’”.

2. The owner and processor of personal data processed through the software tools of VETERAN CORP is the Public Organization “Association of Combatants ‘Ukrainian Veterans Corps’” (Office 8, Building 9, Holosiivska Street, Kyiv, 03039, Ukraine, EDRPOU identification code: 45763791).

Processing is carried out pursuant to paragraph 5 of part one of Article 11 of the Law of Ukraine “On Personal Data Protection” (performance of obligations of the data controller established by law) for the purpose of providing services and ensuring communication with users.

3. Scope, Content, and Sources of Personal Data

The personal data processed through the software tools of VETERAN CORP include:

General Information and Contact Details:

  • surname, first name, and patronymic;
  • date of birth;
  • taxpayer registration number (RNTRC);
  • mobile phone number;
  • email address.

Document Data (Passport / ID Card):

  • type of identity document;
  • series and number of the passport of a citizen of Ukraine or another identity document confirming citizenship of Ukraine or a special status;
  • information regarding military experience and rank;
  • information regarding combatant status, war veteran status, and details of supporting documents;
  • information regarding education and work experience, as well as details of supporting documents.

Certain data are automatically collected for operation, maintenance, and improvement of VETERAN CORP, including:

  • Device Browser Information: We collect information regarding the device you use, including type, model, online identifiers such as IP address, MAC address, etc. We also collect information regarding your browser, including type, version, language, and similar data.
  • Usage Information: We collect information related to use of web pages or actions performed on web pages (where applicable).
  • Cookies and Similar Technologies: We use cookies for analytical purposes and to enable functionality of our web portal. You may disable cookies in your browser settings at any time.

Collection of surname, first name, patronymic, date of birth, military experience and rank, and contact data is carried out during authorization (electronic identification) or by obtaining such information from the Unified State Web Portal of Electronic Services “Diia” with the User’s prior consent.

For provision of services, VETERAN CORP implements a “privacy by design” approach, under which automated collection of personal data directly by artificial intelligence systems is not performed.

By applying de-identification and masking methods, artificial intelligence operates exclusively on anonymized data, which excludes processing of identifying information (such as names or passport details) directly by AI models.

The User independently determines the scope of information provided during interaction with VETERAN CORP.

If the User voluntarily submits personal data in chats, including data related to health status, racial or ethnic origin, political, religious, or philosophical beliefs, etc., the User provides explicit consent for processing of such data for the purpose of responding to the request.

4. The purpose and retention period of personal data are defined in the End User License Agreement for the “VETERAN CORP” mobile application, accepted by the User.

5. Third Parties to Whom Personal Data May Be Transferred

Data may be transferred to third parties exclusively for the purpose of enabling the User to access offers provided through VETERAN CORP (discounts, educational programs, services, etc.). Each access and transfer event is recorded in audit logs. Relevant third parties must ensure compliance with applicable personal data protection laws.

All data are transferred exclusively through secure communication channels. Information transmitted between your device, our servers, and users is encrypted using secure protocols.

Your data may be transferred to government authorities only for the purpose of providing services to you and/or complying with requirements of Ukrainian legislation.

Users’ personal data are not transferred to technological partners (including Google). Cross-border transfer of personal data is not performed.

6. Rights of the Personal Data Subject

Pursuant to part two of Article 8 of the Law of Ukraine “On Personal Data Protection”, the personal data subject has the right:

  1. to know the sources of collection, location of personal data, purpose of processing, and location or place of residence of the owner or processor, or authorize representatives to obtain such information, except where otherwise provided by law;
  2. to receive information regarding conditions of access to personal data, including information regarding third parties to whom personal data are transferred;
  3. to access personal data;
  4. to receive, within thirty calendar days from submission of a request, except where otherwise provided by law, information as to whether personal data are processed, and the content of such personal data;
  5. to submit a reasoned objection to processing of personal data;
  6. to submit a reasoned request for amendment or deletion of personal data if such data are processed unlawfully or are inaccurate;
  7. to protection of personal data against unlawful processing, accidental loss, destruction, damage, concealment, failure to provide, untimely provision, and dissemination of inaccurate information that damages honor, dignity, or business reputation;
  8. to file complaints regarding processing of personal data with the Ukrainian Parliament Commissioner for Human Rights or with a court;
  9. to apply legal remedies in the event of violations of personal data protection laws;
  10. to know the mechanism of automated processing of personal data;
  11. to protection against automated decisions having legal consequences for the individual.

7. Location of Personal Data

Personal data are stored within the cloud infrastructure of Amazon Web Services, Inc. located in the European Union region (EU Ireland — eu-west-1).