Uvio Visitor Data Policy

1. General Provisions

1.1. This Uvio Visitor Data Policy describes how Uvio processes personal data and related information received when a person uses the Uvio website available at https://uvio.chat, including the home page, documentation and legal pages, sign-in and profile pages, public company and event pages, shared calendar link pages, and other public web interfaces of the Uvio website.

1.2. This Policy is intended to reflect applicable data protection law, including the GDPR where it applies, as well as other mandatory rules on transparency, lawful basis, security, and data subject rights.

1.3. This Policy applies specifically to the Uvio website. If a visitor uses the Uvio mobile app or the company dashboard, the relevant Uvio consumer or business documents also apply to those scenarios.

2. Controller Information and Contacts

The personal data controller and the person providing services under the name "Uvio" is an individual entrepreneur Sultanbekov Artur Timerhanovich.

INN (Tax ID): 021101196690.

OGRNIP (Registration No.): 318028000111955.

Privacy inquiries: privacy@uvio.chat.

Legal inquiries: legal@uvio.chat.

3. Data Sources and Categories

3.1. Uvio may receive website visitor data from the following sources:

• directly from the visitor when the visitor enters an email address or another sign-in identifier, a one-time verification code, or initiates another web-based flow;
• automatically from the browser, device, and web server when pages are opened, requests are made, or protected sections are used;
• from Uvio internal systems when, at the visitor's request, the website displays public company pages, event pages, user profile data, shared calendar link data, or related service information.

3.2. Within the Uvio website, the following categories of data may be processed:

• email address or another sign-in identifier, one-time verification code data, and technical details of the sign-in attempt;
• web-session and authorization data, including information about a created session, its duration, a remember-device flag, browser device identifier, and technical access tokens;
• data needed to display an authorized browser state, including user identifier, email address, first name, last name, user name, and account activity status;
• technical request and device data, including IP address, date and time of access, browser details, operating system, device type, language settings, requested page address, request parameters, and information about failures or security events;
• data about visits to public company, event, documentation, and legal pages, as well as related actions such as saving an event or exporting an event to a calendar;
• shared calendar link data, including a user name, access token for such link, and information returned when checking whether the link is valid;
• public company or event information displayed on the website at the visitor's request.

3.3. Uvio does not ask website visitors to submit special categories of personal data or biometric data through the website unless this is expressly required by law or by a separate document for a particular scenario.

4. Purposes of Processing and Legal Bases

4.1. To provide access to the website, its public pages, documentation, and legal pages, Uvio processes technical request data, device data, page address, request parameters, and the relevant public company or event information. The legal bases may include responding to a visitor-initiated request, taking steps at the visitor's request, and Uvio's legitimate interests in operating the website.

4.2. To organize one-time-code web sign-in and to create and maintain an authorized web session, Uvio processes the email address or another identifier, one-time code data, browser device identifier, session duration data, strictly necessary cookies, and information needed to display the account in the browser. The legal bases may include performance of a contract or steps requested by the visitor, and consent where required by applicable law.

4.3. To display a user profile, check a shared calendar link, save an event, or perform other actions within an authorized web flow, Uvio processes active web-session data, user identifier, account details, event identifier, user name, and shared-link token. The legal bases may include performing a visitor-initiated service function and performance of a contract where applicable.

4.4. To ensure information security, prevent abuse, investigate failures, keep event logs, and protect the rights of Uvio, visitors, and third parties, Uvio processes IP address, browser and device details, request date and time, error data, sign-in events, and other technical log records. The legal bases may include compliance with legal obligations and Uvio's legitimate interests in protecting the service.

4.5. To review requests, complaints, and data subject inquiries, Uvio processes the data contained in the request, information needed to verify the requester's identity, and data needed to respond on the merits. The legal bases may include compliance with legal obligations and legitimate interests in handling rights requests and disputes properly.

4.6. If a visitor does not provide data without which a particular web flow cannot objectively be performed, Uvio may be unable to provide that flow in full or in part. In particular, protected sections of the website cannot be used without sign-in data and technically necessary web-session data.

4.7. If a particular website scenario requires separate consent, that consent is requested separately from acceptance of other documents and separately from technically necessary processing.

5. Cookies, Browser Storage, and Web Sessions

5.1. The Uvio website uses primarily strictly necessary and functional cookies, as well as other browser-side storage mechanisms, needed for account sign-in, maintaining a web session, protecting requests, and displaying authorized visitor data correctly.

5.2. The visitor's browser may store information about active session duration, a remember-device flag, access-refresh data, and information needed to display core account details in the web interface.

5.3. For some website pages, short-lived technical markers may be used in browser session storage, for example to manage the state of an open-app banner or other auxiliary interface elements within the current browser session.

5.4. If a visitor selects a remember-device option, some web-session data may be retained longer than a short session. If that option is not selected, retention of the relevant data is shorter.

5.5. More detailed information about cookie categories, purposes of use, and available controls is provided in the separate Uvio Cookie Notice.

6. Retention, Deletion, and Localization

6.1. Uvio keeps website visitor data no longer than necessary for the stated purposes of processing, applicable legal requirements, security needs, confirmation of actions taken, and resolution of disputes.

6.2. Short web-session and access data are usually retained for the lifetime of the relevant session. For web sign-in, short-lived access data usually remain valid for up to 15 minutes, and a supporting session usually lasts up to 1 day or up to 30 days where a remember-device mode is selected.

6.3. Data related to shared calendar link checks, requests to public pages, and security-event logging are retained for the period needed for the relevant function, abuse prevention, request handling, and confirmation of lawful actions, after which they are deleted, anonymized, or blocked unless further retention is required by law.

6.4. Once the purposes of processing are achieved, or another lawful basis for ending the processing applies, Uvio stops processing the relevant data and arranges deletion, anonymization, or other lawful handling in accordance with applicable law and Uvio internal rules.

6.5. Uvio does not promise storage in any particular country or region unless that is stated separately or required by applicable law.

6.6. Where applicable law requires local storage, restricted hosting regions, or specific transfer safeguards, Uvio applies those requirements to the relevant processing operations.

7. Sharing and Third-Party Access

7.1. Uvio does not sell website visitor personal data and does not disclose it to an unlimited group of persons without a lawful basis.

7.2. Access to data may be provided to contractors and technical service providers who support website hosting, technical maintenance, protection, support, and continuity of operation where that access is genuinely necessary for the stated processing purposes and is based on an appropriate legal arrangement.

7.3. Transfers of data between the website and other Uvio information systems used to display public pages, check shared links, create a web session, or perform service functions are not a sale of data to third parties because they take place within Uvio infrastructure to fulfill the visitor's request.

7.4. Data may be disclosed to public authorities, courts, and other authorized parties only where and to the extent required by applicable law.

7.5. If a visitor independently opens a third-party service, for example an external calendar service or an app store page, further processing on that service's side takes place under that service's own rules and outside Uvio's control.

7.6. Cross-border transfers take place only where permitted by applicable law and where the required safeguards or procedures are in place for the relevant transfer.

8. Security Measures

8.1. Uvio applies appropriate legal, organizational, and technical measures to protect website visitor data against unauthorized or accidental access, destruction, alteration, blocking, copying, disclosure, distribution, or other unlawful acts.

8.2. Those measures may include access controls, secure communication channels, security logging and monitoring, web-session lifetime controls, abuse protection, backup measures, and other safeguards provided for by Uvio's internal documents and technical architecture.

8.3. Even with such measures, internet transmission and information-system storage cannot be considered absolutely secure. For that reason, Uvio cannot eliminate all risks that are objectively outside its reasonable control.

9. Data Subject Rights

9.1. A website visitor may request information about the processing of personal data, request correction of inaccurate data, request deletion or blocking of data where it is incomplete, outdated, unlawfully processed, or no longer needed for the stated purpose, and exercise other rights granted by applicable law.

9.2. Where the GDPR applies, the visitor may also have rights of access, rectification, erasure, restriction of processing, data portability, objection, and complaint to a supervisory authority.

9.3. Where processing is based on consent, the data subject may withdraw that consent in whole or in part. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal was received.

9.4. To exercise rights, a visitor may send a request to privacy@uvio.chat. Uvio may request information needed to verify the requester's identity and authority.

9.5. Uvio handles requests within the time limits set by applicable law. Where the GDPR applies, the visitor may also lodge a complaint with a supervisory authority or seek other remedies available under applicable law.

10. Related Documents and Changes to This Policy

10.1. This Policy applies together with the Uvio Cookie Notice and, depending on the specific scenario, the applicable Uvio consumer or business documents.

10.2. Uvio may update this Policy when required by changes in law, website functions, data processing methods, or the organizational model of processing. The current version of the Policy is published in Uvio's legal documents section together with its version date.

10.3. Continued use of the website after publication of a new version means that the visitor has been made aware of that version to the extent relevant for the applicable web scenario. If the law requires a separate action or separate consent, Uvio requests it separately.