+38 (050) 62-42-951

Privacy Policy

Last updated: January 12, 2026

This Privacy Policy explains how INDIVIDUAL ENTREPRENEUR SUKHODOLOV YURII SVIATOSLAVOVYCH (“imfree“, “we“, “us“, “our“) collects, uses, shares, and protects personal data when you interact with:

  • https://imfree.school (the “Website”);
  • our lead forms (including, without limitation, Meta Lead Ads);
  • our offline/in-person lessons and events;
  • our online lessons delivered through the Pinokee platform;
  • the mobile app branded as “imfree – student” (the “App”);
  • and related communications (email/SMS/push) and support (collectively, the “Services”).

If you do not agree with this Privacy Policy, do not use the Services.

1) Who we are (Data Controller)

Data Controller:

INDIVIDUAL ENTREPRENEUR
SUKHODOLOV YURII SVIATOSLAVOVYCH
Tax ID: 2979909896
Address: Kapitana Kuznetsova Street, Building 114, Apartment 15, Odesa, Odesa Region, 65069, Ukraine
Registration: February 6, 2008, 2 471 000 0000 064553
Phone: +380506242951

How to contact us for privacy matters: use the contact options on the Website (including the contact form) or call +380506242951.

2) Important note about Pinokee and payment processors

2.1 Pinokee platform (scheduling + video lessons + payments handling)

We use the third‑party Pinokee platform to plan and deliver online lessons (including video connectivity) and to handle lesson/payment workflows (including payment status callbacks, crediting lessons/packages, and related operational records).

Pinokee may process personal data on our behalf and/or as an independent controller depending on the specific activity. Pinokee’s privacy practices are governed by its own documents, including:

We are not responsible for Pinokee’s independent practices, outages, or security incidents.

2.2 Payment processors

Payments are processed by third‑party payment processors (for example: Revolut, Stripe, PayPal, Wise, Paddle, WayForPay, and others we may enable). Payment processing is performed by those processors under their own terms and privacy policies.

Your payment flow may start on imfree.school (a payment link), and then proceed via redirect, embedded iframe, or a similar mechanism to Pinokee and/or the payment processor.

We do not store full payment card details. We may receive limited payment metadata (e.g., payment status, amount, currency, date/time, transaction/order reference).

3) What personal data we process

We apply data minimization. The exact data depends on how you use the Services.

3.1 Data you provide to us

We may process:

  • Identification data: first and last name.
  • Contact data: email address, phone number, country and/or time zone.
  • Application / lead form data: whether the signup is for a child or adult; child’s age (if provided); experience level; preferred lesson duration (e.g., 30/45 minutes); preferred days/times; lesson language; instrument availability; comments.
  • Communications: messages you send us (e.g., via contact forms, email, messenger, or support).

3.2 Data related to Students (children)

We primarily collect data from parents/guardians. Student data may be limited to:

  • Student’s first name (or another identifier you provide);
  • child age (if provided);
  • lesson-related information (attendance and scheduling).

3.3 Lesson, scheduling, and service delivery data

We (and/or Pinokee on our behalf) may process:

  • lesson schedules, attendance, rescheduling/cancellation history;
  • teacher assignment and lesson subject/instrument;
  • lesson duration and operational records;
  • lesson notes/summaries and, where available, homework/assignments (features may be introduced or changed over time).

3.4 Photos, video, audio, and events

Depending on participation, we may process:

  • photos/video/audio created in our premises or during lessons, rehearsals, events, and concerts;
  • recordings or streams of online concerts and hybrid events.

Where required by law (especially for minors), we rely on parental consent or another lawful basis.

3.5 App and device data (Website and App)

We may collect technical data such as:

  • IP address and approximate location (derived from IP);
  • device identifiers (or comparable mobile identifiers), device type, operating system;
  • browser type/version, pages visited, time spent, interactions (clicks/scrolling), log data;
  • cookies and similar technologies on the Website;
  • push notification tokens (Apple APNs / Google FCM) for the App;
  • App configuration settings, basic diagnostic data, and crash logs (if enabled).

3.6 Authentication via SMS

The App (and/or related systems) may use SMS-based authentication, including one-time codes. We process phone numbers and related authentication events to secure access.

3.7 Data from third parties

We may receive data from:

  • Pinokee (lesson schedules, operational events, and payment status metadata);
  • payment processors (transaction metadata);
  • advertising and lead-form platforms (e.g., Meta Lead Ads) if you submit a form there;
  • analytics providers (e.g., Google Analytics 4) when you use the Website.

4) Why we process data (purposes)

We process personal data for the following purposes:

  1. Provide and administer lessons and Services (including scheduling, confirmations, changes, and support).
  2. Pre-contract communication (responding to inquiries, trial lesson arrangements, onboarding).
  3. Security and fraud prevention, including account authentication and protecting our systems.
  4. Transactional communications (non-promotional): confirmations, scheduling notices, cancellations, login codes, and essential service announcements via email/SMS/push.
  5. Operations and quality improvement, including troubleshooting and analytics.
  6. Legal and accounting compliance, including recordkeeping and responding to lawful requests.
  7. Events and concerts management, including organizing online/hybrid concerts and managing participation.
  8. Marketing communications (limited): We do not send promotional push notifications or promotional SMS. If we send marketing emails, it is only where you have opted in or where permitted by law, and you can opt out at any time.

5) Legal bases (EEA/UK/Norway)

Where GDPR/UK GDPR applies, we rely on one or more legal bases, depending on context:

  • Contract / pre-contract steps (Art. 6(1)(b)): to deliver lessons and manage scheduling, and to respond to your requests before purchase.
  • Legitimate interests (Art. 6(1)(f)): service improvement, security, fraud prevention, essential communications, and business administration.
  • Consent (Art. 6(1)(a)): where required (for example, certain marketing communications or use of a minor’s image/voice where local law requires explicit consent).
  • Legal obligation (Art. 6(1)(c)): tax, accounting, and compliance obligations.

Where consent is used, you may withdraw it at any time; withdrawal does not affect processing before withdrawal.

6) Cookies and analytics

6.1 Website cookies

We use cookies and similar technologies for Website functionality, security, and preferences. We may also use analytics cookies.

6.2 Google Analytics 4 and similar tools

We use Google Analytics 4 to understand how visitors use the Website and to improve the Services. If advertising features (e.g., Google signals, remarketing) are enabled, we will disclose that through notices or cookie controls where required.

You can manage cookies via the Website cookie banner (where available) and/or your browser settings. Disabling cookies may affect Website functionality.

7) How we share data

We may share personal data with the following categories of recipients, only as needed:

  1. Pinokee for scheduling, online lesson delivery, operational workflows, and payment-related handling.
  2. Payment processors (Revolut, Stripe, PayPal, Wise, Paddle, WayForPay, etc.) to process payments and prevent fraud.
  3. Communications providers (email/SMS and push notification services) to deliver transactional messages and login codes.
  4. IT and cloud providers (hosting, infrastructure, storage, CRM/helpdesk, and security tools).
  5. Analytics and advertising partners (e.g., Google and Meta) where you use lead forms or where cookie consent/other legal basis exists.
  6. Teachers and staff as necessary to deliver lessons and support.
  7. Legal and regulatory authorities if required by law, legal process, or to protect rights, safety, and prevent abuse.

We may also share aggregated or de-identified data that cannot reasonably identify you.

8) International transfers

We operate in Ukraine and serve clients in the EU/EEA, UK, Norway, Germany, and other countries. Your data may be processed in multiple jurisdictions.

When data is transferred outside the EEA/UK (for example, to the USA by certain technology providers), we use appropriate safeguards where required, such as Standard Contractual Clauses (SCCs) and supplementary measures.

Because Pinokee and payment processors may use their own infrastructure, international transfers may also occur under their respective policies.

9) Retention

We keep personal data only for as long as necessary for the purposes described, including:

  • Application/client data: typically up to 3 years after the last interaction, unless a longer period is required by law or needed for dispute resolution.
  • Marketing contacts (if any): until you unsubscribe or withdraw consent.
  • Financial/transaction records: as required by applicable accounting/tax laws.

Even after deletion requests, some data may persist in backups, logs, or archives for limited periods (or longer where legally required).

10) Security

We apply reasonable administrative, technical, and organizational safeguards, including TLS encryption in transit, access controls, and data minimization.

No method of transmission or storage is completely secure. To the maximum extent permitted by law, we cannot guarantee absolute security and are not responsible for unauthorized access by third parties beyond reasonable control.

11) Children

Our Services may be used by minors (Students) under the responsibility of parents/guardians.

  • We generally collect children’s data through parents/guardians.
  • The age of digital consent varies by jurisdiction (commonly 13–16 in the EEA/UK).

If you believe we have processed a child’s data without appropriate authorization, contact us and we will take reasonable steps to address the issue, subject to legal obligations.

12) Your rights

Depending on your jurisdiction, you may have rights to:

  • access your personal data;
  • correct inaccurate data;
  • request deletion (subject to legal and legitimate-interest limitations);
  • restrict or object to processing;
  • data portability;
  • withdraw consent (where processing is based on consent);
  • opt out of marketing (where applicable).

To exercise rights, contact us via the Website contact options or by phone at +380506242951. We may request identity verification.

You may also have the right to lodge a complaint with your local supervisory authority.

13) Applicable law and supervisory authority

  • Ukraine: Law of Ukraine “On Personal Data Protection”. Supervisory authority: Ukrainian Parliament Commissioner for Human Rights (Ombudsman).
  • EEA/UK/Norway: GDPR / UK GDPR applies where relevant.

14) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be published on the Website with a revised “Last updated” date. Continued use of the Services after publication constitutes acceptance of the updated policy, to the maximum extent permitted by law.

Контакти
Комфорт-Таун, пр. Соборності 17, окремий вхід біля 12 парадного
(050) 62-42-951
Понеділок - Субота з 8:00 по 21:00
Меню