Legal

GDPR & Data Protection

Last updated: 1 January 2026

Studio Myata LLC serves clients in Ukraine and, from time to time, individuals based in the European Union. Where we process personal data of individuals in the EU we do so in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). For clients and website visitors in Ukraine we comply with the Law of Ukraine "On Personal Data Protection" (No. 2297-VI). This page explains our lawful bases for processing, your individual rights and how to exercise them.

1. Data Controller

The data controller responsible for your personal data is:

  • Company name: Studio Myata LLC
  • Registered address: 14 Knyazya Romana St, Lviv 79000, Ukraine
  • Data protection contact: privacy@studiomyata.com

For any question or request relating to the processing of your personal data, please contact us at the email address above.

2. Lawful Bases for Processing

Under the GDPR, we process personal data only where we have a valid lawful basis. We rely on the following bases:

  • Consent (Article 6(1)(a) GDPR) — We rely on consent when you submit our contact form, accept analytics cookies via our cookie banner, or explicitly agree to a specific use of your data. Consent is freely given and may be withdrawn at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
  • Performance of a contract (Article 6(1)(b) GDPR) — Where you have entered into a service agreement with us, or are taking pre-contractual steps (such as a consultation), we process the data necessary to fulfil our obligations under that agreement.
  • Legitimate interests (Article 6(1)(f) GDPR) — We process data for the purpose of operating and securing our website, improving our services and communicating with enquirers, where we have assessed that our legitimate interests are not overridden by your fundamental rights and freedoms.
  • Legal obligation (Article 6(1)(c) GDPR) — We process data where required to comply with a legal obligation under Ukrainian or EU law (e.g. tax and accounting obligations).

3. Your Rights Under the GDPR

If you are located in the EU or if EU law otherwise applies, you have the following rights in respect of your personal data:

3.1 Right of Access (Article 15)

You have the right to obtain confirmation of whether we are processing your personal data and, if so, to receive a copy of the data together with information about how and why we are processing it.

3.2 Right to Rectification (Article 16)

You have the right to request that we correct any inaccurate personal data we hold about you and to have incomplete data completed.

3.3 Right to Erasure ("Right to be Forgotten") (Article 17)

You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, where you have objected to processing and there are no overriding legitimate grounds, or where the data has been processed unlawfully.

3.4 Right to Restriction of Processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, where you contest the accuracy of the data (while we verify it), or where you have objected to processing pending verification of whether our legitimate grounds override yours.

3.5 Right to Data Portability (Article 20)

Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format (such as CSV or JSON), and to have that data transmitted to another controller where technically feasible.

3.6 Right to Object (Article 21)

You have the right to object at any time to processing of your personal data where we rely on legitimate interests as the legal basis. Upon receipt of an objection we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, or where processing is necessary for the establishment, exercise or defence of legal claims.

3.7 Right to Withdraw Consent (Article 7(3))

Where we rely on your consent as the legal basis for processing, you may withdraw that consent at any time by contacting us at privacy@studiomyata.com or, for analytics cookies, by using your browser settings to clear cookies. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

3.8 Rights Related to Automated Decision-Making and Profiling (Article 22)

Studio Myata does not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

4. How to Exercise Your Rights

To exercise any of the rights listed above, please send a written request to privacy@studiomyata.com. Include your full name, contact details and a clear description of the right you wish to exercise and the data concerned. We will respond within one calendar month of receiving a verified request. In complex cases or where we receive a high volume of requests, we may extend this period by a further two months — in which case we will notify you within the first month.

We may need to verify your identity before acting on your request to protect your data from unauthorised disclosure or amendment.

5. International Transfers of Personal Data

Our website hosting and certain operational tools involve the storage or processing of data outside Ukraine. Where personal data is transferred to countries outside the EU or European Economic Area that have not been granted an adequacy decision by the European Commission, we ensure appropriate safeguards are in place, such as standard contractual clauses (SCCs) approved by the European Commission or binding corporate rules, in accordance with Chapter V of the GDPR.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. For full details of our retention periods please refer to Section 7 of our Privacy Policy. Upon expiry of the applicable retention period, personal data is securely deleted or anonymised.

7. Security Measures

We apply technical and organisational measures proportionate to the risks posed by processing your personal data. These include encrypted data transmission (HTTPS), access controls limiting who within Studio Myata can access personal data, and regular security assessments. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay as required by Article 34 of the GDPR.

8. Lodging a Complaint with a Supervisory Authority

If you are located in the EU and believe your data protection rights have been infringed, you have the right to lodge a complaint with the data protection supervisory authority in your EU member state. A list of national supervisory authorities is available on the European Data Protection Board website at edpb.europa.eu.

If you are located in Ukraine, oversight of personal data protection is provided by the Ukrainian Parliament Commissioner for Human Rights (Ombudsperson), located at 21/8 Instytutska St, Kyiv 01008, Ukraine.

We encourage you to contact us directly before lodging a formal complaint — we will do our best to resolve your concern promptly.

9. Updates to This Page

We may update this GDPR & Data Protection page from time to time to reflect changes in law or our practices. The current version, with the effective date shown at the top of this page, is always available here.

10. Contact

For all data protection matters, including exercising your rights or raising a concern, please contact us at privacy@studiomyata.com or write to Studio Myata LLC, 14 Knyazya Romana St, Lviv 79000, Ukraine.