Privacy Policy

1. GENERAL PROVISIONS

This Privacy Policy (hereinafter — the "Policy") describes how "Latwo" (hereinafter — "Latwo", "we", "us", or "our") collects, uses, stores, discloses, and protects the personal data of users of the website latwo.eu (hereinafter — the "Site"), as well as individuals who contact us for consultations and services.

Latwo is an AI consulting agency providing businesses with services in strategic AI transformation, implementation of AI solutions, data analytics, and process automation. In the process of providing services and the functioning of the Site, we process personal data in accordance with the requirements of:

Regulation (EU) 2016/679 (GDPR) — General Data Protection Regulation;
The Law of Ukraine "On Protection of Personal Data" dated 01.06.2010 № 2297-VI;
The Law of Ukraine "On Information" dated 02.10.1992 № 2657-XII;
The Law of Ukraine "On Electronic Commerce" dated 03.09.2015 № 675-VIII;
EU Directive 2002/58/EC (ePrivacy Directive).

By using the Site or contacting us, you confirm that you have read this Policy and agree to its terms. If you do not agree with the Policy — please refrain from using the Site.

2. PERSONAL DATA CONTROLLER

In accordance with the GDPR and the legislation of Ukraine, the controller of personal data is:

Company: Latwo
Website: latwo.eu
Email: hello@latwo.eu
Jurisdiction: Ukraine / European Union

For all questions related to the protection of personal data, you may contact us at the email address: hello@latwo.eu

3. PERSONAL DATA WE COLLECT

We collect only those personal data that are necessary for the provision of services, improving the functioning of the Site, and communicating with you. Data collection is carried out from various sources:

3.1. Data provided directly by you

Through the contact form on the Site, you may provide:

First and last name — for personalization of communication;
Email address (e-mail) — for contact and sending responses;
Company name — to understand the context of your business;
Service variant (Starter / Growth / Partner) — to determine the service package;
Description of your business and needs — for the preparation of a personalized proposal;
Data provided during the Discovery Call and consulting sessions — business metrics, processes, strategic goals, etc.;
Any other data that you voluntarily provide to us in correspondence or during the provision of services.

3.2. Data collected automatically

When visiting the Site, technical data may be collected automatically:

IP address and approximate geographic location;
Browser type and version, operating system, device type;
Date and time of visit, pages viewed, session duration;
Referral URL (where you came to our site from);
Data on interaction with content (clicks, scrolling, file downloads);
Cookie files and similar tracking technologies (detailed in Section 8).

3.3. Third-party data

We may receive information about you from third parties in the following cases:

From social media platforms (LinkedIn, Instagram/X) when following links;
From partners and clients who recommend our services;
From publicly available sources (open business registries, LinkedIn profiles) for preparation for consultations.

4. PURPOSES AND LEGAL GROUNDS FOR THE PROCESSING OF PERSONAL DATA

We process personal data exclusively in the presence of a legitimate legal basis in accordance with Article 6 of the GDPR and the Law of Ukraine "On Protection of Personal Data."

4.1. Execution of a contract (Art. 6(1)(b) GDPR)

Processing is necessary for the provision of ordered services:

Conducting an initial consultation (Discovery Call) and assessing client needs;
Execution of the AI Transformation Office-as-a-Service (ATOaaS) service: comprehensive AI transformation, compliance, risk management, integration;
Providing AI-Agentic Consulting (AAC): strategic consulting using AI agents, data collection and analysis, preparation of reports;
Implementation of Data & Decision Intelligence (DDI): development of Data Mesh/Fabric architectures, MLOps, analytical decision-making systems;
Implementation of AI Automation for SMB (AASMB): chatbots, CRM agents, marketing AI services for small and medium-sized businesses;
Formation and sending of reports, roadmaps, audit results;
Invoicing and payment management.

4.2. Legitimate interests (Art. 6(1)(f) GDPR)

Processing is carried out in our legitimate interests, which do not override your rights:

Improving the quality of the Site, analyzing user behavior, troubleshooting technical problems;
Protection against fraud, unauthorized access, and cyberattacks;
Maintaining internal statistics and reporting;
Development of new services and improvement of existing ones based on client feedback.

4.3. Consent (Art. 6(1)(a) GDPR)

On the basis of your voluntary and unambiguous consent:

Sending marketing materials, news, case studies, and offers;
Use of non-essential cookie files (analytical, marketing);
Transfer of data to third parties for marketing purposes (if applicable).

You may withdraw your consent at any time by sending a request to hello@latwo.eu. Withdrawal of consent does not affect the lawfulness of processing up to the moment of withdrawal.

4.4. Fulfillment of legal obligations (Art. 6(1)(c) GDPR)

Compliance with the requirements of accounting and tax legislation;
Fulfillment of requirements of regulatory bodies and law enforcement structures on the basis of relevant decisions.

5. DISCLOSURE AND TRANSFER OF DATA TO THIRD PARTIES

Latwo does not sell or transfer your personal data to third parties for their own marketing purposes. Data transfer is possible only in the following cases:

5.1. Service providers (data processors)

We involve reliable service providers who process data exclusively according to our instructions and in accordance with concluded Data Processing Agreements (DPA):

Framer Inc. — hosting and technical maintenance of the Site (USA, compliance with Privacy Shield / SCCs);
Cloud solution providers (Google Workspace, Notion, etc.) — document storage and communication;
Payment systems — processing of transactions (card data is not transferred to us);
Email marketing platforms — for sending communications (only with your consent);
Analytical services — for collecting Site usage statistics.

5.2. Transfer to third countries

Some of our providers may be located outside the EU/EEA or Ukraine. In such cases, we ensure an appropriate level of data protection by:

Applying Standard Contractual Clauses (SCCs) in accordance with European Commission decisions;
Transferring only to countries with an adequate level of data protection (adequacy decision of the European Commission);
Ensuring the fulfillment of other guarantees provided by the GDPR.

5.3. Legal requirements

We may disclose your data at the request of competent state authorities, a court, or law enforcement structures in accordance with the applicable legislation of Ukraine or the EU. We will notify you of such requests unless prohibited by law.

5.4. Reorganization or sale of business

In the event of a merger, acquisition, reorganization, or sale of Latwo, your personal data may be transferred to a successor. We will notify you in advance of such changes and the new Privacy Policy.

6. RETENTION PERIODS FOR PERSONAL DATA

We store personal data no longer than is necessary to achieve the purposes stated in this Policy, or in accordance with legal requirements:

Data from contact forms and requests — 3 years from the date of the last contact;
Client data within the framework of contractual relations — 5 years from the date of completion of the contract (in accordance with statutes of limitations and accounting requirements);
Financial and accounting documents — 7 years in accordance with the legislation of Ukraine;
Data from cookie files and analytics — from 30 days to 2 years (depending on the type of cookie);
Records of consent for data processing — up to 3 years after the withdrawal of consent;
Data necessary for the protection of our legitimate interests (for example, in disputes) — until the resolution of the dispute.

After the retention periods expire, data are securely deleted or anonymized in accordance with established procedures.

7. YOUR RIGHTS AS A DATA SUBJECT

In accordance with the GDPR (Chapter III) and the Law of Ukraine "On Protection of Personal Data," you have the following rights regarding your personal data:

7.1. Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not we are processing your data, and to obtain a copy of them along with information about the purposes, categories of data, recipients, and retention periods.
7.2. Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate or completion of incomplete personal data without undue delay.
7.3. Right to erasure — "the right to be forgotten" (Art. 17 GDPR): You have the right to request the deletion of your personal data if: they are no longer necessary for the original purposes; you have withdrawn consent; you object to the processing; the data were processed unlawfully; or deletion is required by law.
7.4. Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing your data in certain circumstances — for example, while we verify the accuracy of the data or consider your objection.
7.5. Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., JSON or CSV) and to transfer them to another controller if the processing is based on consent or a contract.
7.6. Right to object (Art. 21 GDPR): You have the right to object to the processing of your data which is based on legitimate interests or is carried out for the purpose of direct marketing. In the event of an objection to direct marketing, we are obliged to immediately stop such processing.
7.7. Right not to be subject to an automated decision (Art. 22 GDPR): You have the right not to be subject to a decision based solely on automated processing (including profiling), if such decisions have legal or similarly significant consequences for you.

7.8. How to exercise your rights

To exercise any of the aforementioned rights, send a request to the email address: hello@latwo.eu with the subject "Personal Data Request". We will respond within 30 calendar days (in exceptional cases — up to 60 days with notification).

If you believe that your rights have been violated, you have the right to file a complaint with:

The Commissioner of the Verkhovna Rada of Ukraine for Human Rights (Ombudsman) — for residents of Ukraine: www.ombudsman.gov.ua;
The relevant supervisory authority in the EU country of your place of residence or work (in accordance with Art. 77 GDPR).

8. COOKIE FILES AND TRACKING TECHNOLOGIES

Our Site uses cookie files — small text files stored on your device. They help us ensure the correct operation of the Site, analyze its use, and improve your experience.

8.1. Types of cookie files

Mandatory (technical) cookies — necessary for the basic functioning of the Site (sessions, security). Do not require consent.
Analytical cookies — collect anonymous visit statistics (for example, Google Analytics, Plausible). Require your consent.
Functional cookies — remember your settings (language, region). Require consent.
Marketing cookies — track behavior for personalized advertising. Require explicit consent.

8.2. Cookie management

Upon your first visit to the Site, you will receive a request to provide consent for the use of non-essential cookies. You can change your settings at any time through the cookie banner on the Site or your browser settings. Refusal of cookies may limit the functionality of the Site.

9. PERSONAL DATA SECURITY

Latwo implements appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction in accordance with Article 32 of the GDPR:

Data encryption during transmission (SSL/TLS protocols, HTTPS);
Data encryption at rest;
Access control based on the principle of least privilege;
Regular software updates and security patches;
Staff training on personal data protection;
Regular audit of security systems and data processing procedures;
Procedures for responding to security incidents.

In the event of a personal data breach that may pose a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours, and you — without undue delay, in accordance with Articles 33–34 of the GDPR.

10. DATA PROCESSING IN THE CONTEXT OF AI SERVICES

Since Latwo provides AI consulting services, we want to further clarify the features of data processing in this context:

We may process business data provided by you for the analysis and development of an AI strategy, exclusively within the framework of contractual relations and in accordance with the client's instructions;
Data provided for the demonstration or testing of AI solutions are processed in a secure environment and deleted after the work is completed, unless otherwise agreed;
We do not use client data to train our own AI models without the explicit separate consent of the client;
All third-party AI tools (for example, GPT solutions, analytical platforms) involved in the provision of services comply with GDPR requirements and have signed DPAs;
If necessary, we conduct a Data Protection Impact Assessment (DPIA) in accordance with Article 35 of the GDPR for high-risk processing operations.

11. DATA OF MINORS

Our Site and services are intended exclusively for persons aged 18 and over. We do not knowingly collect personal data of minors. If we become aware that we have unintentionally collected a child's data, we will delete it immediately. If you suspect that a child's data has been provided to us, please notify us at hello@latwo.eu.

12. LINKS TO EXTERNAL RESOURCES

Our Site may contain links to external websites (LinkedIn, Instagram/X, etc.). This Policy applies exclusively to the Latwo Site. We are not responsible for the privacy practices of third parties. We recommend that you familiarize yourself with the privacy policies of the respective resources.

13. AMENDMENTS TO THE PRIVACY POLICY

We reserve the right to update this Policy in accordance with changes in legislation, new services, or data processing practices. In the event of significant changes, we will:

Publish the updated Policy on the Site with a new effective date;
Notify you by email (if you have provided an address and subscribed to communications);
Where appropriate, request re-consent.

We recommend regularly reviewing this Policy. Continued use of the Site after changes take effect constitutes acceptance of the updated Policy.

14. APPLICABLE LAW AND DISPUTE RESOLUTION

This Policy is governed by the laws of Ukraine. For clients and users from the EU, the provisions of the GDPR also apply. Any disputes related to the processing of personal data are resolved through negotiations, and if impossible — in the relevant courts of jurisdiction or supervisory authorities according to the place of residence of the data subject.

15. CONTACT INFORMATION

For questions related to this Privacy Policy, the processing of personal data, or the exercise of your rights, please contact:

Latwo — AI Consulting Agency
Email: hello@latwo.eu
Website: latwo.eu
Contact form: latwo.eu/contact

We aim to respond to all inquiries within 5 business days and commit to providing a full response within 30 calendar days.