With Ukraine
#StandWithUkraine
Find out and spread only the truth about the war in Ukraine.
×

Security Policy

Publication date: 19.04.2026

This Security Policy establishes the general rules and principles applied by Limited Liability Company “SMEDIA GROUP” for the protection of information, Personal Data, confidential information, technical materials, access credentials, project documentation, and other data received, created, stored, used, or otherwise processed by the Company in connection with the Website, business communications, contractual relations, and provision of information technology services.


This Security Policy applies to the Company’s internal processes, employees, contractors, subcontractors, consultants, developers, technical specialists, and other persons engaged by the Company who may have access to information or systems in connection with software development, application development, web development, integrations, technical support, maintenance, consulting, testing, or other related services provided by the Company.


The purpose of this Security Policy is to define the basic organizational and technical approach to information security, including access control, confidentiality, secure handling of information, prevention of unauthorized access, response to security incidents, and actions to be taken in the event of an actual or suspected security breach of data.


  1. DEFINITIONS 


  1. Personal Data means any information relating to a natural person who is identified or can be identified, directly or indirectly, including by reference to an identifier or to one or more factors specific to that person. For example, first name, last name, phone number, and IP address.


  1. Services means the services provided by the Company in the field of information technology, including, among other things, software development, mobile application development, web development, implementation of technical solutions, maintenance, support, integration, customization, testing, consulting, and other related services offered by the Company to the User.


  1. Company's website (hereinafter referred to as the "Website") means a web page or a group of web pages on the Internet located at: https://smediaweb.com/en/ 


  1. Company (hereinafter referred to as the "Company" or "SMEDIA" ) means, as applicable, Limited Liability Company “SMEDIA GROUP”, a legal entity incorporated and existing under the laws of Ukraine, EDRPOU Code: 42341212, registered address: 112D Naberezhna Peremohy Street, Building 3, Office 3, Dnipro, Dnipropetrovsk Region, Ukraine, 49100, and/or SMEDIAWEB LTD, a company incorporated and existing under the laws of England and Wales, company registration number: 15127386, registered address: 128 City Road, London, United Kingdom, EC1V 2NX, which may provide the Services to Users in accordance with the applicable agreements, terms, policies, and other contractual documents.


  1. Contract means an agreement concluded between the Company and the User for the provision of the Services, including any written agreement, statement of work, order, invoice, proposal, specification, annex, addendum, or other document agreed by the Company and the User that defines the scope, price, terms, conditions, deliverables, and other requirements for the provision of the Services.


  1. User means any natural person or legal entity that accesses the Website, requests, receives, uses, or otherwise interacts with the Services, as well as, where applicable, any representative acting on behalf of such natural person or legal entity.


  1. Third Party means any natural person, legal entity, public authority, agency, institution, contractor, service provider, or other body other than the User, the Company.


  1. GENERAL PROVISIONS


  1. This Security Policy defines the general internal rules applied by the Company for the protection of Personal Data, confidential information, technical materials, project documentation, access credentials, and other information processed in connection with the Website, the Services, the Contract, and the Company’s business activities.


  1. This Security Policy applies to the Company, its employees, contractors, subcontractors, consultants, developers, technical specialists, and other persons engaged by the Company who may have access to Personal Data, confidential information, technical systems, communication channels, project materials, or other information related to the provision of the Services.


  1. The purpose of this Security Policy is to establish a reasonable and practical framework for information security, including secure handling of information, access control, confidentiality, prevention of unauthorized access, response to security incidents, and actions in the event of an actual or suspected security breach of data.


  1. The Company applies this Security Policy taking into account the nature of the Services, the scope of information processed by the Company, the risks related to such processing, and the requirements of applicable data protection and information security laws, where such requirements apply to the Company.


  1. This Security Policy shall apply to Limited Liability Company “SMEDIA GROUP” and to SMEDIAWEB LTD to the extent that either of these companies, within the scope of its participation in the provision of the Services, administration of the Website, communication with the User, performance of the Contract, or support of the relevant project, receives, accesses, stores, uses, transfers, discloses, or otherwise handles Personal Data, confidential information, project documentation, access credentials, technical materials, or other protected information. Where both companies participate in the same project or cooperation with the User, each company shall comply with this Security Policy within the scope of its own access to information, performed actions, technical involvement, and contractual or operational role.


  1. DATA SECURITY MEASURES


  1. The Company applies reasonable technical and organizational measures intended to protect Personal Data, confidential information, project documentation, access credentials, technical materials, and other information processed in connection with the Website, the Services, and the Contract.


  1. The Company limits access to Personal Data and other protected information only to those employees, contractors, subcontractors, consultants, developers, technical specialists, and other engaged persons who need such access for the performance of their duties or for the provision of the Services. Such access shall be provided only to the extent necessary for the relevant task or project.


  1. The Company requires persons engaged in the provision of the Services to maintain confidentiality, use information only for authorized purposes, avoid unauthorized disclosure, and comply with the Company’s internal security requirements, the applicable Contract, and applicable data protection obligations.


  1. The Company may apply security measures relating to access control, password protection, secure storage of information, restriction of unauthorized access, controlled transfer of information, backup and recovery procedures, monitoring of suspicious activity, and review or termination of access where such access is no longer required.


  1. The Company shall take reasonable measures to prevent unauthorized access to, accidental loss of, unlawful use of, unauthorized disclosure of, alteration of, deletion of, or destruction of Personal Data and other protected information processed in connection with the Services.


  1. The User shall be responsible for providing accurate information, using secure communication channels where required, safeguarding access credentials provided by or to the User, and promptly notifying the Company of any actual or suspected unauthorized access, disclosure, loss, or misuse of information connected with the Services.


  1. Where Personal Data, confidential information, project documentation, access credentials, technical materials, or other protected information is made available by Limited Liability Company “SMEDIA GROUP” to SMEDIAWEB LTD, or by SMEDIAWEB LTD to Limited Liability Company “SMEDIA GROUP”, the company receiving such information shall ensure that access to it is granted only to authorized persons involved in the provision of the relevant Services. Such information shall be used only for the purposes for which it was made available, shall not be disclosed to unauthorized persons, and shall be protected by appropriate organizational and technical measures aimed at preventing unauthorized access, loss, disclosure, alteration, misuse, or destruction.


  1. DATA SECURITY BREACH


  1. For the purposes of this Security Policy, Data Security Breach means any actual or suspected breach of security that results in unauthorized access to, unauthorized disclosure of, accidental or unlawful loss, alteration, destruction, misuse, unavailability, or other improper processing of Personal Data, confidential information, project documentation, access credentials, technical materials, or other protected information processed by the Company in connection with the Website, the Services, or the Contract.


  1. The Company shall take reasonable measures to identify, assess, contain, and eliminate the consequences of an actual or suspected Data Security Breach. Such measures may include restricting access, changing or revoking credentials, suspending affected processes, reviewing relevant logs or communications, identifying the affected information, assessing potential risks, and taking other actions necessary to prevent further unauthorized access, disclosure, loss, alteration, or misuse of information.


  1. Where the Company processes Personal Data under the Contract and a Data Processing Agreement, the handling of a Data Security Breach shall be carried out in accordance with this Security Policy, the relevant Contract, the applicable Data Processing Agreement, and applicable data protection requirements. The Data Processing Agreement may determine the roles of the parties, the procedure for notification, cooperation, provision of information, assistance with assessment of the breach, and other actions required in connection with the Data Security Breach.


  1. The Company shall ensure that employees, contractors, subcontractors, consultants, developers, technical specialists, and other engaged persons who may have access to Personal Data or other protected information are bound by a Data Processing Agreement, confidentiality undertaking, or other written data protection obligations, as applicable to their role and access. Such persons shall process Personal Data and other protected information only for authorized purposes, only within the scope necessary for the performance of the Services, and only in accordance with the Company’s instructions, the relevant Contract, and applicable security requirements.


  1. Any employee, contractor, subcontractor, consultant, developer, technical specialist, or other engaged person who becomes aware of an actual or suspected Data Security Breach shall promptly notify the Company, provide all available information regarding the incident, take reasonable measures to prevent further unauthorized access or disclosure, and cooperate with the Company in the investigation, containment, remediation, and documentation of the Data Security Breach.


  1. PROCEDURE IN THE EVENT OF A SECURITY BREACH OF DATA


  1. In the event of an actual or suspected Data Security Breach, the Company shall take reasonable and timely measures to identify the nature of the incident, determine the affected systems, information, Personal Data, access credentials, project materials, communication channels, or other protected information, and prevent further unauthorized access, disclosure, loss, alteration, destruction, or misuse.


  1. The Company shall, where applicable, perform the following actions:

    1. identify and register the actual or suspected Data Security Breach;

    2. restrict, suspend, or revoke affected access rights, credentials, accounts, tools, systems, or communication channels;

    3. take measures to contain the incident and prevent its further development;

    4. determine the categories of affected information and, where applicable, the categories of affected Personal Data;

    5. assess the possible consequences of the Data Security Breach for the User, the Company, the relevant project, and affected persons;

    6. involve the relevant employees, contractors, developers, technical specialists, or other engaged persons necessary for investigation, containment, remediation, and technical recovery;

    7. document the circumstances of the Data Security Breach, the measures taken, and the results of the internal assessment;

    8. restore access, systems, information, or project materials where reasonably possible and necessary for the continuation of the Services;

    9. take measures intended to prevent similar incidents in the future.


  1. If the Data Security Breach relates to Personal Data processed by the Company under the Contract or a Data Processing Agreement, the Company shall handle such Data Security Breach in accordance with the relevant Contract, the applicable Data Processing Agreement, this Security Policy, and applicable data protection requirements.


  1. The Company shall provide the User with information regarding the Data Security Breach to the extent such information is reasonably necessary for the User to assess the incident, comply with its own legal or contractual obligations, and take appropriate protective measures, unless such disclosure is restricted by applicable law, security reasons, confidentiality obligations, or the need to preserve the integrity of the investigation.


  1. Employees, contractors, subcontractors, consultants, developers, technical specialists, and other engaged persons who become aware of an actual or suspected Data Security Breach shall immediately notify the Company and shall not conceal, delay, independently resolve, disclose, or discuss the incident with any Third Party without the Company’s authorization, unless otherwise required by applicable law.


  1. NOTIFICATION OF A DATA BREACH TO THE SUPERVISORY AUTHORITY


  1. Where a Data Security Breach involves Personal Data and the Company acts as a Controller, the Company shall assess whether such Data Security Breach is likely to result in a risk to the rights and freedoms of natural persons. If notification is required under applicable data protection law, the Company shall notify the competent data protection supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of the Data Security Breach. If the notification is not made within 72 hours, the Company shall provide the reasons for the delay.


  1. Where the Company acts as a Processor under the Contract or a Data Processing Agreement, the Company shall notify the relevant User or other Controller without undue delay after becoming aware of the Data Security Breach, and in any case within the time limit specified in the Contract or Data Processing Agreement. Such notification shall be sent to the contact details specified in the Contract, Data Processing Agreement, or other written instructions of the User or Controller.


  1. The notification to the supervisory authority, where required, shall be submitted through the official notification channel, online form, email address, portal, or other communication method made available by the competent supervisory authority. The notification to the User or Controller shall be sent by email or through another written communication channel agreed in the Contract or Data Processing Agreement.


  1. The notification may include, to the extent known at the time of notification, the nature of the Data Security Breach, the categories of affected Personal Data, the approximate number of affected persons and records, the likely consequences of the Data Security Breach, the measures taken or proposed by the Company to address the Data Security Breach, and the measures intended to reduce possible adverse effects.


  1. If not all information is available at the time of the initial notification, the Company may provide the available information first and supplement it later without undue delay. The Company shall document the Data Security Breach, the assessment performed, the decision on notification, the notifications made, the reasons for any delay, and the remedial measures taken.


  1. LIABILITY


  1. The Company is responsible for applying reasonable technical and organizational measures intended to protect Personal Data, confidential information, project documentation, access credentials, technical materials, and other protected information processed in connection with the Website, the Services, and the Contract.


  1. The Company does not guarantee absolute security of information, systems, networks, communication channels, or electronic data transmission, as no technical or organizational measure can fully exclude all security risks, unauthorized actions, technical failures, cyberattacks, or unlawful actions of Third Parties.


  1. The Company shall not be liable for a Data Security Breach, loss, unauthorized disclosure, alteration, destruction, misuse, or other improper processing of information caused by actions or omissions of the User, Third Parties, independent service providers, unauthorized persons, or by the User’s failure to protect access credentials, provide accurate information, follow agreed security requirements, or promptly notify the Company of an actual or suspected security incident.


  1. Employees, contractors, subcontractors, consultants, developers, technical specialists, and other persons engaged by the Company who may have access to Personal Data or other protected information shall be liable to the Company in accordance with the applicable Data Processing Agreement, confidentiality undertaking, contract, or other written obligations concluded with such persons.


  1. Nothing in this Security Policy shall exclude or limit any liability that cannot be excluded or limited under applicable law, the Contract, or the applicable Data Processing Agreement.


  1. CHANGING THE SECURITY POLICY


  1. The Company may amend, update, or replace this Security Policy where such changes are necessary due to changes in the Company’s internal security processes, the Website, the Services, technical tools, contractual requirements, applicable law, or other circumstances affecting the protection of Personal Data, confidential information, project documentation, access credentials, technical materials, or other protected information.


  1. The updated version of this Security Policy shall become effective from the date of its publication or from another date specified in the updated Security Policy.


  1. The Company may notify Users of material changes to this Security Policy through the Website, by email, through the Contract, or by another appropriate communication method, where such notification is reasonably necessary or required by applicable law, the Contract, or the applicable Data Processing Agreement.


  1. CONTACTS


The User may contact the Company at contact@smediaweb.com to exercise the User’s rights, report an actual or suspected violation of security requirements, request information related to this Security Policy, submit feedback, or ask any question concerning the protection of Personal Data or other information processed by the Company.

This site uses cookies and services to collect technical data of visitors (data about IP address, location, etc.) to ensure performance and improve the quality of service. By continuing to use our site, you automatically agree to the privacy policy.
×
Title
Content