GDPR & Data Protection

Last updated: 1 January 2026

Dnipro Logistics LLC respects your privacy and is committed to protecting your personal data. This page supplements our Privacy Policy by providing detailed information about our data processing activities under the EU General Data Protection Regulation (GDPR) and the Law of Ukraine on Personal Data Protection. We serve clients in Ukraine and across the European Union, and we apply GDPR-equivalent protections to all personal data we process regardless of where you are located.

1. Data Controller Identity

The data controller responsible for your personal data is:

• Legal name: Dnipro Logistics LLC
• Address: 8 Naberezhna Peremohy St, Dnipro 49000, Ukraine
• Email: privacy@dniprologistics.com
• Phone: +380 56 232 18 47

We have designated a data protection contact who handles all privacy-related enquiries and requests. Please address any data-related correspondence to the above email address marked "Data Protection".

2. Lawful Bases for Processing

Under the GDPR, personal data may only be processed where a lawful basis exists. We rely on the following bases:

2.1 Consent (Article 6(1)(a) GDPR)

We process your personal data on the basis of consent where you have freely, specifically and unambiguously provided it — for example, by submitting our contact form (where you tick the consent checkbox) or by accepting analytics cookies via the cookie banner. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

2.2 Performance of a Contract (Article 6(1)(b) GDPR)

When you engage our freight services, we process data that is necessary to perform the contract — for example, your name, contact details and cargo information required to book and execute a shipment, manage customs declarations or issue invoices.

2.3 Compliance with a Legal Obligation (Article 6(1)(c) GDPR)

Certain processing is necessary to comply with legal obligations applicable to Dnipro Logistics LLC, including customs and transport law requirements to maintain shipment records, tax and accounting obligations, and compliance with court orders or regulatory demands.

2.4 Legitimate Interests (Article 6(1)(f) GDPR)

We process some data based on our legitimate interests in operating a secure and effective logistics business — such as maintaining IT security, improving our website and services, and managing our commercial relationships. We always conduct a balancing test to ensure our interests do not override your data protection rights and freedoms.

3. Your Data Subject Rights

Under the GDPR (Articles 15–22), you have the following rights in relation to the personal data we hold about you:

3.1 Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data, and if so to receive a copy of that data and supplementary information about how it is used (the purposes of processing, categories of data, recipients, retention periods and your rights).

3.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected without undue delay. You also have the right to have incomplete personal data completed, including by providing a supplementary statement.

3.3 Right to Erasure — "Right to be Forgotten" (Article 17)

You have the right to request the erasure of your personal data where:

• the data is no longer necessary for the purposes for which it was collected;
• you withdraw consent and there is no other lawful basis for processing;
• you object to processing and there are no overriding legitimate grounds;
• the data has been unlawfully processed; or
• erasure is required to comply with a legal obligation.

We may decline erasure requests where processing is necessary to comply with a legal obligation (e.g. customs or tax record retention) or for the establishment, exercise or defence of legal claims.

3.4 Right to Restriction of Processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, where you contest the accuracy of the data (pending verification), where processing is unlawful and you prefer restriction over erasure, or where we no longer need the data but you need it for a legal claim.

3.5 Right to Data Portability (Article 20)

Where processing is based on consent or on a contract, and is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format (such as CSV or JSON), and to have that data transmitted directly to another controller where technically feasible.

3.6 Right to Object (Article 21)

You have the right to object at any time to the processing of your personal data on the basis of our legitimate interests (Article 6(1)(f)). We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or where the processing is for the establishment, exercise or defence of legal claims. You also have the absolute right to object to processing for direct marketing purposes at any time.

3.7 Right to Withdraw Consent (Article 7(3))

Where processing is based solely on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. To withdraw consent for analytics cookies, simply clear your browser cookies and decline on the next visit. To withdraw consent for other processing, contact us at privacy@dniprologistics.com.

3.8 Rights in Relation to Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects. Dnipro Logistics does not currently use automated decision-making processes that produce such effects.

4. How to Exercise Your Rights

To exercise any of the rights listed above, please submit a written request to:

• Email: privacy@dniprologistics.com
• Post: 8 Naberezhna Peremohy St, Dnipro 49000, Ukraine (Attn: Data Protection Request)

Please provide your full name, contact details and a clear description of your request. We may ask you to verify your identity before processing your request. We will respond within 30 calendar days of receipt. Where requests are complex or numerous, we may extend this period by a further two months; we will inform you if this is the case.

Exercising your rights is free of charge. However, if a request is manifestly unfounded or excessive (in particular because of its repetitive character), we may charge a reasonable administrative fee or refuse to act.

5. International Data Transfers

Our primary processing activities take place within Ukraine. Where we engage service providers located in the European Economic Area (EEA) or other third countries, we ensure an adequate level of protection by relying on:

• An adequacy decision by the European Commission (where applicable);
• Standard Contractual Clauses (SCCs) approved by the European Commission; or
• Other appropriate safeguards as permitted by GDPR Article 46.

You may request a copy of the safeguards we rely on for any specific transfer by contacting us at the address above.

6. Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including encrypted data transmission over HTTPS, access controls and role-based permissions, regular security assessments, and staff training on data protection. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, inform affected individuals without undue delay.

7. Retention Periods

We retain personal data for the periods described in our Privacy Policy. In summary:

• Website enquiries that do not lead to a contract: up to 24 months;
• Freight service contracts and related records: duration of contract plus 5 years;
• Analytics data: up to 26 months in identifiable form, then deleted or anonymised.

After the applicable retention period, personal data is securely deleted or anonymised.

8. Supervisory Authority

If you believe that our processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with:

• Ukraine: The Ombudsman for Human Rights of Ukraine (Verkhovna Rada Commissioner for Human Rights), who serves as the supervisory authority for personal data protection in Ukraine. Website: ombudsman.gov.ua
• EU/EEA residents: The data protection supervisory authority in the EU member state of your habitual residence, place of work or place of the alleged infringement.

We would appreciate the opportunity to address your concerns directly before you contact a supervisory authority, so please contact us first at privacy@dniprologistics.com.

9. Changes to This Page

We may update this GDPR & Data Protection page to reflect changes in law or our processing practices. The current version will always be available here with its effective date. For significant changes, we will provide a more prominent notice where required by law.