Data Controller and Contact Information

Rockwood Group LLC is the “data controller” of your personal data. This means we determine the purposes and means of the processing of personal data. Our contact details are as follows:
‍Company Name: Rockwood Group LLC
‍Registered Address: 04071, Ukraine, Kyiv city, Vvedenska street, building 29/58, office 31
‍Data Protection Officer (DPO): Nevinska Lesya
‍Telephone: +971 50 926 3527
‍Email: privacy@meetfuture.eu
If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights regarding your personal data, you can contact our DPO using the details above.

Personal Data We Collect

We collect personal data (information relating to an identified or identifiable individual) that you provide to us and data generated by your use of our services. The types of personal data we may collect include:

• Identity and Contact Data: For example, your name, email address, telephone number, postal address, or other contact details you provide when filling in forms on our site or contacting us.

• Account and Profile Data: If you register an account or profile with us, we may collect login credentials (such as username) and any profile information you choose to provide.

• Communication Data: Records of correspondence or inquiries you send to us, including emails, phone calls, or messages, and our responses.

• Usage Data: Information about how you interact with our website or services. This includes IP address, browser type and version, device identifiers, operating system, referral URLs, pages viewed, dates/times of access, and other technical data. We may use cookies and similar tracking technologies to collect some of this data (see our Cookies Policy).

• ‍Cookies and Online Identifiers: Cookie identifiers or similar online tracking tags that may identify your device or browsergdpr.eu. These help us recognize you and remember your preferences (for details, refer to our Cookies Policy below).

• Transactional Data: If our website offers purchases or financial transactions, we would collect data related to those transactions (e.g. payment information and purchase history). (Note: If financial transactions are not applicable, this data category may not apply.)

• Special Category Data: We do not actively collect any sensitive personal data (such as data about health, race, religion, political opinions, or biometric data) and ask that you do not provide this to us. In the event you do provide such data (for example, in a free-text field), we will handle it with extra care and only process it with your explicit consent or as strictly required by law.

We collect most personal data directly from you (for example, when you complete forms, contact us, or use our website). In some cases, we may receive personal data from third parties or public sources – for instance, if you use a social media login to connect to our service, or if our affiliates or business partners lawfully share your information with us. If we obtain your data from a third party, we will inform you as required by law.

How We Use Your Personal Data (Purposes and Legal Bases)

We only use your personal data for specific and legitimate purposes, and where we have a lawful basis to do so. Under GDPR Article 6(1), we must have at least one of the following legal bases for processing your personal datagdpr-info.eu: (a) your consent, (b) performance of a contract, (c) compliance with a legal obligation, (d) protection of vital interests, (e) public interest or official authority, or (f) our legitimate interests (except where overridden by your interests or rights). Similarly, the UAE PDPL generally requires consent for processing unless an exception applies (for example, where processing is necessary to protect public interests or legal claims)u.ae. We align our practices with these principles across all jurisdictions.

Our purposes for processing personal data include:

• Providing and Improving Services: We process your data to provide our website and services to you, to enable account creation and login, to display content, and to fulfill any contracts with you (e.g. terms of service). This processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract (GDPR Art. 6(1)(b)) and is similarly allowed under UAE and Ukrainian law as necessary for providing the requested service. It is also in our legitimate interest to ensure our services function correctly.

• Communications and Support: To respond to your inquiries, requests, and provide customer support. If you contact us, we will use your contact information and message to address your questions or issues. This is in our legitimate interests to effectively communicate with users and necessary for contract performance when the communication relates to our services.

• Personalization and Preferences: We may use data about your preferences (such as language or region) and past interactions to personalize your experience, such as remembering your preferences on the site. This could involve functional cookies or settings on our website. The legal basis for this is consent when required (for example, using cookies that are not strictly necessary) or otherwise our legitimate interest in improving user experience.

• Marketing and Newsletters: If you subscribe to our newsletter or expressly consent to receive marketing communications, we will use your contact details to send you promotional content about our products or services. We will only send you marketing emails or texts with your consent (GDPR Art. 6(1)(a)), and you have the right to withdraw consent at any time. For existing customers, we may send relevant product updates under legitimate interest in some jurisdictions, but will always provide an easy opt-out. We do not share your personal data with third parties for their own marketing without your consent.

• Analytics and Service Improvement: We analyze how users interact with our website (through logs and analytics cookies) to understand usage patterns, improve our content and features, and enhance user experience. For example, we may process data on pages visited, time spent, and actions taken to optimize navigation. For EU/UK users, we rely on your consent for analytics cookies (in accordance with the ePrivacy Directive and GDPR)gdpr.eu. In other cases, we may rely on our legitimate interest in analyzing and improving our services, but will do so in a privacy-conscious manner (e.g., using aggregated data).

• Legal Compliance: We process personal data as necessary to comply with our legal obligations. This includes keeping records for financial reporting, complying with lawful requests by public authorities, responding to legal process (such as court orders or subpoenas), or fulfilling obligations under applicable laws (GDPR Art. 6(1)(c)). For instance, data may be processed and retained to meet tax, accounting, or data protection law requirements.

• Protection of Rights and Security: We may process personal data when necessary to protect your vital interests or those of others (GDPR Art. 6(1)(d)), or for our legitimate interests in ensuring the security of our systems, preventing fraud, enforcing our terms of use, and defending our legal rights (GDPR Art. 6(1)(f)). For example, we might use your data to investigate and address unauthorized access or misuse of our website, or to establish or exercise legal claims if needed. In extraordinary cases concerning health or safety, we might process data under vital interest grounds or analogous provisions in UAE/Ukraine law to protect individuals.

We will clearly inform you of any additional purposes if we intend to use your data for purposes other than those listed above, and if required, we will obtain your consent. We do not engage in automated decision-making, including profiling, that produces legal or similarly significant effects on you, without human intervention. If this changes in the future, we will update this policy and, if required by law (e.g., GDPR Article 22), obtain your consent or provide an opt-out.

Cookies and Tracking Technologies

Our websites use cookies and similar tracking technologies to provide and improve our services. Cookies are small text files that are placed on your device to store information. We use cookies for several purposes, such as keeping you logged in, remembering your preferences, and gathering analytics about site usage. Some cookies are strictly necessary for the site to function, while others (like analytics or functional cookies) are used only with your consent. For detailed information, please see our Cookies Policy (below), which is an integral part of our privacy practices. That policy explains the categories of cookies we use (Strictly Necessary, Functional, Analytics) and how you can manage your cookie preferences. Any personal data collected via cookies or similar technologies is processed in accordance with this Privacy Policy and applicable laws.

Disclosure of Personal Data to Third Parties

We treat your personal data with care and confidentiality. We do not sell your personal information. However, we may share your personal data with selected third parties for the following purposes, in accordance with applicable data protection laws:
‍Service Providers: We share data with third-party companies that provide services on our behalf, such as IT hosting and maintenance, cloud storage, email delivery, analytics services, customer support, or other operational services. These providers process personal data only under our instructions and for the purposes outlined in this policy. We ensure they are bound by contracts that require them to protect your data and use it only as permitted (for example, through Data Processing Agreements as required by GDPR).
‍Affiliates and Business Partners: We may disclose data to our affiliated companies, subsidiaries, or business partners if necessary for providing our services or if you have interactions with them via our platform. For example, if our service is offered in collaboration with a partner, we might need to share certain details. Any such sharing will be based on a need-to-know basis and under appropriate confidentiality and data protection terms.
‍Legal and Compliance: We will disclose personal data to government authorities, regulators, law enforcement, courts, or other third parties when we believe disclosure is required by law or legal process, or to establish, exercise, or defend our legal rights. This includes responding to lawful requests to meet national security or law enforcement requirements, and disclosing data as necessary to comply with applicable laws and regulations.
‍Professional Advisors: We may share information with our auditors, legal counsel, insurers, or other professional advisors in the course of obtaining their services, under a duty of confidentiality.
‍Corporate Transactions: If we undergo a business transaction such as a merger, acquisition, reorganization, or sale of assets, your personal data may be disclosed to the prospective or actual purchasers or new affiliates as part of the transaction. In such cases, we will ensure the recipient agrees to handle your personal data in accordance with this Privacy Policy and applicable law.
‍Consent: We will share your information with other third parties only if you have given consent for us to do so. For instance, if you consent to have us share your details with a partner for their own marketing, we will honor that consent (note: this is just an example; by default we do not share data for others’ marketing without consent).
Whenever we share personal data with a third party, we only share the minimum necessary information for the relevant purpose and we ensure that appropriate safeguards are in place. Our service providers and partners are all required to handle data in compliance with applicable data protection laws and to use it only for the purposes we specify.

International Data Transfers

Rockwood operates in multiple jurisdictions, and the personal data we collect may be transferred to or accessed in countries outside of your own. In particular, if you are in the EU or UK, please note that your personal data may be transferred to and stored on servers in Ukraine (where Rockwood Group LLC is headquartered) or UAE (where we have operations), as well as other countries where our service providers or affiliates are located. These countries may not have data protection laws as strict as those in your jurisdiction. For example, the European Commission has not currently recognized Ukraine or the UAE as providing an adequate level of data protection comparable to the EU.When we transfer personal data internationally, we take legally required steps to ensure adequate protection of your information. These measures include:

• EU/UK Data Transfers: For transfers of personal data from the European Economic Area (EEA) or the UK to countries not deemed “adequate” under EU/UK law, we rely on appropriate safeguards as permitted by GDPR and UK law. Most commonly, we implement Standard Contractual Clauses (SCCs) approved by the European Commissionlinklaters.com (and the UK International Data Transfer Addendum, where applicable) with the data importer, which legally commit the recipient to protect your data to EU GDPR standards. We also assess on a case-by-case basis whether any additional technical or contractual measures are needed to ensure your data’s security and confidentiality. In certain cases, we may rely on another valid transfer mechanism under GDPR (such as an approved certification or code of conduct, if available) or a specific statutory derogation (e.g., your explicit consent or necessity for contract performance) linklaters.com.

• Ukraine Data Transfers: Under Ukrainian law, personal data can only be transferred out of Ukraine if the receiving country ensures an adequate level of data protection, or certain exceptions applylinklaters.com. Recognized adequate countries currently include those in the EEA, signatories of Convention 108+, and others approved by Ukraine’s Cabinet of Ministers. For transfers to any other country, we will obtain your unambiguous consent or rely on another allowed condition such as necessity for a contract or important public interestslinklaters.com. We will ensure compliance with Ukrainian data protection requirements for any cross-border transfer involving personal data from Ukraine.

• UAE Data Transfers: The UAE PDPL sets out requirements for transferring personal data outside the UAE, which will be further detailed in executive regulations. Until such regulations take effect, we will treat transfers from the UAE with a high level of caution. This means we will generally seek to transfer personal data out of the UAE only if (a) the destination country has laws ensuring sufficient protection of personal data, or (b) we have put in place agreements and measures similar to the EU SCCs to safeguard the data, or (c) another PDPL exception or regulatory approval applies. In all cases, we will obtain consent from UAE data subjects for international transfers when required by law and ensure the transfer is necessary and secure.

• Other Regions: For any other international transfers (for example, if you are in a country outside those mentioned and your data is moved to our servers in another country), we will comply with the transfer restrictions and requirements of the laws applicable to your data. We aim to apply uniform standards of data protection globally.

You can contact us if you would like more information about international data transfers or to request a copy of the safeguards in place (e.g., the relevant contractual agreements). Please note that while such agreements protect your data, certain foreign laws might allow governments or courts to access personal data in rare circumstances. We will, however, only transfer the minimum data necessary and will vigorously protect your information in line with this Policy.

Data Security

We take the security of your personal data very seriously. Rockwood has implemented appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, for example, encryption of data in transit, firewalls and intrusion detection systems, access controls limiting who in our organization can access your information, and regular security training for our staff. We also periodically review our security procedures to consider new technologies and methods.Despite our best efforts, no security measures are 100% infallible. We therefore cannot guarantee absolute security of your data. However, we adhere to industry best practices and continuously improve our safeguards to minimize risks. If we become aware of a personal data breach that affects your personal data, we will act promptly to contain and investigate it. Where the breach is likely to result in a high risk to your rights and freedoms, we will inform you without undue delay and also notify relevant authorities as required by law (for example, the GDPR requires notification to the supervisory authority within 72 hours in certain breaches, and the UAE PDPL similarly mandates notifying the new data protection regulator and, in some cases, affected individuals of data breaches) dlapiperdataprotection.com. We will provide timely updates and guidance to you in such events, in accordance with our legal obligations for breach notification.You also play a role in keeping your data secure. We encourage you to use strong passwords for any accounts on our site, keep your login credentials confidential, and immediately inform us if you suspect any unauthorized access to your account or personal data.

Your Rights as a Data Subject

You have various rights regarding your personal data under applicable privacy laws. We are committed to honoring these rights and have processes in place to enable you to exercise them easily. Your rights include:
‍Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to receive a copy of that data along with information about how we use it. This is known as a Subject Access Request.
‍Right to Rectification: If any of your personal data we hold is inaccurate or incomplete, you have the right to have it corrected or updated without undue delay.
‍Right to Erasure: You can ask us to delete or remove your personal data in certain circumstances – for example, if the data is no longer necessary for the purposes it was collected, if you have withdrawn consent and no other legal basis exists, or if you object to processing and we have no overriding legitimate grounds. This is sometimes called the “right to be forgotten.” We will honor valid erasure requests and also notify any third parties processing your data on our behalf to do the same, unless an exemption applies (such as if retention is required by law).
‍Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain situations. For instance, if you contest the accuracy of the data, you can request restriction while we verify it; or if we no longer need the data but you need us to keep it for a legal claim. When processing is restricted, we will continue to store your data but not use it further until the restriction is lifted.
‍Right to Data Portability: For data you have provided to us and which we process by automated means based on your consent or a contract with you, you have the right to obtain that data in a structured, commonly used, machine-readable format and to request that we transmit it to another data controller where technically feasible. This right facilitates moving your data between services.
‍Right to Object: You have the right to object to our processing of your personal data when such processing is based on our legitimate interests (Art. 6(1)(f) GDPR) or on the performance of a task in the public interest (Art. 6(1)(e)). If you raise an objection, we will review whether our legitimate grounds for processing override your privacy rights and freedoms.
You also have an absolute right to object to the processing of your personal data for direct marketing purposes at any time. If you opt out of marketing, we will stop using your data for that purpose immediately.
‍Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. Once you withdraw consent, we will stop the processing that was based on it. Withdrawal of consent will not affect the lawfulness of processing we conducted prior to your withdrawalgdpr-info.eu. We will make it as easy to withdraw consent as it was to give it in the first placegdpr-info.eu. For example, if you consented to cookies or marketing, you can change your preferences through our website or contact us to opt out.
‍Rights related to Automated Decisions: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects for you, unless it is necessary for entering or performing a contract, authorized by law, or based on your explicit consent. In practice, Rockwood does not currently make such automated decisions about users. If that changes, we will inform you and ensure appropriate safeguards, including the right to obtain human intervention and to contest the decision.
‍Right to Complaint: If you believe your data protection rights have been violated or you are not satisfied with our handling of your personal data, you have the right to lodge a complaint with a supervisory authority. EU and UK individuals can contact their national Data Protection Authority or the UK Information Commissioner’s Office (ICO), respectively. In Ukraine, you may contact the Authorized Human Rights Representative (Ombudsman) of the Verkhovna Rada of Ukraine (which supervises personal data protection). In the UAE, oversight is handled by the UAE Data Office (the federal data protection regulator) – you can raise concerns or complaints to the UAE Data Office once the official complaint mechanisms are established. We would, however, appreciate the chance to address your concerns directly before you approach a regulator, so please feel free to contact us first.
These rights may be subject to certain conditions or exemptions under applicable law. For example, we might not be able to delete data that we are legally required to keep, or we might decline a request if it adversely affects the rights and freedoms of others. We will inform you if any such limitations apply when responding to your request.
‍Exercising Your Rights: You can exercise your rights at any time by contacting us at privacy@meetfuture.eu or calling us at +971 50 926 3527. For security, we may need to verify your identity before fulfilling certain requests (we may ask for information to confirm you are the correct person). We will respond to your request as soon as possible and within the timeframe required by law (generally within one month under GDPR, extendable if necessary). There is no fee for making a request unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on it (but we will provide our reasons in that case).

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please do not hesitate to contact us:

‍Email: privacy@meetfuture.eu
‍Telephone: +971 50 926 3527
‍Postal Mail: Rockwood Group LLC, 04071, Kyiv, Vvedenska 29/58, Office 31, Ukraine

Our Data Protection Officer, Nevinska Lesya, monitors our compliance with data protection laws and this Privacy Policy. You may address any correspondence to the DPO at the contact details above. We value your privacy and will do our best to address any issue to your satisfaction.