+38 (093) 197-63-13+38 (050) 722-27-66info@liglex.comWhatsAPPTelegram
UA RU
UA RU
+38 (093) 197-63-13+38 (050) 722-27-66info@liglex.com
WhatsAPPTelegram

PRIVACY POLICY

Effective Date: 14 December 2025
Version: 1.0

1. INTRODUCTION

1.1. About This Policy

This Privacy Policy (hereinafter — the “Policy”) describes how LigLex collects, processes, stores, and protects personal data of users of the website https://liglex.consulting/en/home/ (hereinafter — the “Website”), as well as clients and prospective clients of the company.

1.2. Who We Are

LigLex is a Ukrainian financial and legal consulting firm specializing in:

  • Mergers & Acquisitions (M&A) advisory
  • KYC/AML compliance
  • Due Diligence
  • Corporate finance and management accounting
  • Private Wealth management

1.3. Applicable Legislation

We process your personal data in accordance with:

  • Law of Ukraine “On Personal Data Protection” dated 01.06.2010 No. 2297-VI
  • General Data Protection Regulation (GDPR) — for users from the European Union and European Economic Area
  • Law of Ukraine “On Prevention and Counteraction to Legalization (Laundering) of Proceeds of Crime” — for KYC/AML procedures

1.4. Your Consent

By continuing to use the Website or providing us with your personal data, you confirm that you have read this Policy and agree to its provisions.

2. DATA CONTROLLER

2.1. Controller Identification

The controller of your personal data is:

LigLex LLC
Registration Number (EDRPOU): [●]
Registered Address: Ukraine, 65012, Odessa, Frantsuzskyi Boulevard, 2.

Data Protection Contact:
Email: info@liglex.com
Phone: +380507222766

2.2. EU Representative

In accordance with Article 27 of the General Data Protection Regulation (GDPR), we have appointed a representative in the EU:

[Representative Name]
Address: [●]
Email: [●]

3. CATEGORIES OF PERSONAL DATA

3.1. Data You Provide Directly

Through the contact form:

  • Contact details: first name, last name, email address, phone number
  • Content of your inquiry

3.2. Data Collected Automatically

Technical data:

  • IP address (anonymized)
  • Browser type and operating system
  • Device type
  • Date and time of visit
  • Pages viewed
  • Referral source

Cookie identifiers:

  • Google Analytics Client ID
  • Meta Pixel cookies (with your consent)

3.3. Client Data (KYC/AML, Due Diligence)

For clients entering into a service agreement, we additionally collect:

  • Identity documents (passport, ID card)
  • Proof of address
  • Information on ultimate beneficial owners (for legal entities)
  • Source of funds and wealth information (where required)
  • Results of screening against sanctions lists and Politically Exposed Persons (PEP) databases

3.4. Special Categories of Data

LigLex does not collect or process special categories of personal data (racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation) without your explicit consent and a necessity directly provided by law.

4. PURPOSES AND LEGAL BASES FOR PROCESSING

4.1. Responding to Your Inquiries
Purpose Processing inquiries via the contact form, preparing commercial proposals
Data Contact details, inquiry text
Legal Basis Taking steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR)
Retention 24 months after last contact

4.2. Providing Consulting Services
Purpose Legal and financial consulting, M&A advisory, Due Diligence
Data Contact, identification, financial data
Legal Basis Performance of a contract (Art. 6(1)(b) GDPR)
Retention Duration of contract + 3 years (statute of limitations)

4.3. KYC/AML Compliance
Purpose Client identification and verification, anti-money laundering
Data KYC documents, beneficial owner data, screening results
Legal Basis Compliance with a legal obligation (Art. 6(1)(c) GDPR)
Retention 5 years after termination of business relationship

4.4. Website Analytics
Purpose Traffic analysis, improving user experience
Data Technical data, cookie identifiers
Legal Basis Your consent (Art. 6(1)(a) GDPR) — for EU users
Retention 14 months

4.5. Marketing and Advertising
Purpose Measuring advertising effectiveness, retargeting
Data Meta Pixel cookie identifiers
Legal Basis Your explicit consent (Art. 6(1)(a) GDPR)
Retention Until withdrawal of consent

4.6. Accounting and Tax Compliance
Purpose Compliance with tax legislation requirements
Data Financial documentation
Legal Basis Compliance with a legal obligation
Retention 7 years

5. COOKIES AND TRACKING TECHNOLOGIES

5.1. What Are Cookies

Cookies are small text files stored on your device when you visit websites. They help ensure website functionality and collect information about its use.

5.2. Cookie Categories

Necessary Cookies
Ensure basic Website functionality (security, navigation). Do not require your consent.

Analytics Cookies
Help us understand how visitors interact with the Website. Set only after your consent.

Marketing Cookies
Used to display relevant advertising. Set only after your explicit consent.

5.3. Google Analytics 4

We use Google Analytics 4 (GA4), a web analytics service provided by Google LLC.

Data Collected:

  • Browser and device type
  • Approximate geolocation (city/country)
  • Pages and actions on the Website
  • Referral source

IP Anonymization: Enabled by default. GA4 does not store complete IP addresses.

Retention Period: 14 months.

Data Transfer: USA. Google LLC is a participant in the EU-US Data Privacy Framework.

How to Opt Out:

5.4. Meta Pixel

We use Meta Pixel, a technology from Meta Platforms Ireland Ltd for measuring advertising effectiveness on Facebook and Instagram.

Important: In accordance with European Court practice (Fashion ID case, C-40/17), LigLex and Meta Platforms may be considered joint controllers with respect to the collection and transmission of data through the Pixel.

Data Collected:

  • Actions on the Website (pages visited, button clicks)
  • Device and browser information
  • IP address

Data Transfer: USA and Ireland — based on Data Privacy Framework and Standard Contractual Clauses (SCCs).

How to Opt Out:

Note for Apple Users: Due to iOS 14+ restrictions, Meta Pixel functionality may be limited.

5.5. Google Tag Manager

Google Tag Manager (GTM) is a tag management system that does not itself collect personal data or set cookies. GTM is used to manage other technologies in accordance with your consent settings.

5.6. Managing Cookies

You can manage your cookie settings:

  • Cookie banner — upon first visit to the Website
  • “Cookie Settings” link — in the footer of every page
  • Browser settings — blocking or deleting cookies

Declining analytics and marketing cookies does not affect core Website functionality.

6. DISCLOSURE TO THIRD PARTIES

6.1. Categories of Recipients

Technology Partners:

  • Google LLC (USA) — analytics (GA4, GTM)
  • Meta Platforms (Ireland/USA) — advertising (Meta Pixel)
  • [Hosting provider] — data storage

Professional Partners (where necessary and with your consent):

  • Audit and law firms — for joint projects
  • Banks and financial institutions — for KYC verification
  • Notaries and registrars — for transaction processing

Government Authorities:

  • State Financial Monitoring Service of Ukraine — upon lawful request
  • Courts — pursuant to court order
  • EU regulators — for AML compliance

6.2. Conditions for Disclosure

We disclose your data to third parties only where:

  • You have given explicit consent; or
  • We have a legal obligation; or
  • It is necessary for contract performance; or
  • We have legitimate interests (provided they do not override your rights)

7. INTERNATIONAL DATA TRANSFERS

7.1. General Provisions

Your data may be transferred outside Ukraine, including to European Union countries and the United States.

7.2. Transfers to the EU

The European Union ensures an adequate level of personal data protection. Transfers are made freely in accordance with Ukrainian law.

7.3. Transfers to the USA

For data transfers to the USA, we apply the following safeguards:

EU-US Data Privacy Framework:
Google LLC and Meta Platforms, Inc. are participants in the Data Privacy Framework, which ensures an adequate level of protection.

Standard Contractual Clauses (SCCs):
For transfers not covered by DPF, we use Standard Contractual Clauses approved by the European Commission (Decision 2021/914).

7.4. Additional Safeguards

  • Conducting Transfer Impact Assessments
  • Encryption of data in transit and at rest
  • Contractual obligations to notify in case of government access requests

8. DATA RETENTION PERIODS

Data Category Retention Period
Contact form data (no contract) 24 months after last contact
Client data Duration of contract + 3 years
KYC/AML documentation 5 years after relationship ends
Accounting documentation 7 years
Google Analytics data 14 months
Cookie consent records 5 years
Marketing data Until withdrawal of consent

After retention periods expire, data is destroyed or anonymized.

9. YOUR RIGHTS

9.1. List of Rights

Under Ukrainian law and GDPR, you have the following rights:

Right of Access
You can obtain confirmation whether your data is being processed and receive a copy of it.

Right to Rectification
You can request correction of inaccurate or incomplete data.

Right to Erasure (“Right to Be Forgotten”)
You can request deletion of your data under certain circumstances.

Right to Restriction of Processing
You can request temporary cessation of processing of your data.

Right to Data Portability
You can receive your data in a structured, machine-readable format (JSON, CSV).

Right to Object
You can object to processing based on legitimate interests.

Right to Withdraw Consent
You can withdraw previously given consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

9.2. Limitations on Rights

For KYC/AML data:
The right to erasure does not apply during the mandatory retention period (5 years after relationship ends).

Tipping-off prohibition:
We may be restricted from providing information about data processing in connection with suspicious transaction reports to the State Financial Monitoring Service.

9.3. How to Exercise Your Rights

Send a written request to info@liglex.com, including:

  • Your full name and contact details
  • The right you wish to exercise
  • Sufficient information to identify you and your data

We will respond to your request within 30 calendar days. In complex cases, the period may be extended by another 30 days with notification of the reasons.

9.4. Right to Complain

If you believe your rights have been violated, you can:

  1. Contact us directly: privacy@liglex.ua
  2. File a complaint with the Ukrainian Parliament Commissioner for Human Rights: ombudsman.gov.ua
  3. Contact the EU supervisory authority in your country of residence

10. SECURITY MEASURES

10.1. Technical Measures

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Multi-factor authentication for system access
  • Regular software updates
  • Data backup
  • Security monitoring and intrusion detection

10.2. Organizational Measures

  • Internal personal data processing procedures
  • Appointment of a data protection officer
  • Regular staff training
  • Non-disclosure agreements with all employees
  • Security incident response procedures

10.3. Consulting Project Measures

  • Segregated storage of different clients’ data
  • Access on a “need-to-know” basis
  • Use of secure communication channels
  • Virtual data rooms for Due Diligence

11. CONSULTING SERVICES SPECIFICS

11.1. KYC/AML Procedures

As a primary financial monitoring entity, LigLex is required to identify and verify clients in accordance with the Law of Ukraine “On Prevention and Counteraction to Legalization (Laundering) of Proceeds of Crime.”

We collect and verify:

  • Identity documents
  • Information on ultimate beneficial owners
  • Source of wealth information (where required)

This data:

  • Is processed in strict confidence
  • Is disclosed only to authorized government authorities upon lawful request
  • Is retained for a minimum of 5 years after termination of business relationship
  • Cannot be deleted at your request during the mandatory retention period

11.2. Due Diligence

When conducting Due Diligence reviews as part of M&A transactions:

  • Data processing is carried out on behalf of the client (LigLex acts as processor)
  • Only authorized personnel have access to confidential information
  • Secure virtual data rooms are used
  • After project completion, data is destroyed or returned to the client

11.3. Professional Secrecy

LigLex adheres to the principle of professional confidentiality. Client information is not disclosed to third parties without written consent, except as required by law.

Guarantee:
We do not use KYC/DD materials and confidential client information for marketing purposes.

12. CHANGES TO THIS POLICY

We may update this Policy due to changes in legislation, technology developments, or changes in our business processes.

Notification Procedure:

  • Changes take effect from the date of publication of the new version on the Website
  • We notify of material changes 30 days before they take effect
  • The current version is always available on this page

Continued use of the Website after changes take effect constitutes your acceptance of the updated Policy.

13. CONTACT INFORMATION

Primary Contacts:

Email: info@liglex.com
Phone: +380507222766
Postal Address: Ukraine, 65012, Odessa, Frantsuzskyi Boulevard, 2.

EU Representative:

[Name]
Address: [●]
Email: [●]

14. LANGUAGE VERSIONS

This Privacy Policy is available in Ukrainian, Russian, and English.

In case of discrepancies:

  • For users from Ukraine, the Ukrainian version shall prevail
  • For users from other countries, the English version shall prevail

Data Controller: LigLex LLC
Last Updated: 14 December 2025
Contact for Inquiries: info@liglex.com