Privacy Policy

Privacy Policy for Dnipro Institute of Medicine and Public Health
1. Introduction
Dnipro Institute of Medicine and Public Health (the “Institute”, “DIMH”, “we”, “us”, or “our”) is committed to protecting the privacy and personal data of all individuals who interact with our institution. This Privacy Policy outlines how we collect, use, process, store, and protect personal information in accordance with Ukrainian data protection legislation, particularly the Law of Ukraine “On Personal Data Protection” (2010).

The Institute is a medical education institution located in Dnipro, Ukraine, specializing in medicine and public health education. We provide undergraduate and postgraduate medical programs and training to both Ukrainian and international students.

2. Legal Basis and Compliance
This Privacy Policy is developed in compliance with:

The Law of Ukraine “On Personal Data Protection” No. 2297-VI dated June 1, 2010

Ukrainian Constitution provisions regarding privacy rights

International data protection standards and best practices

The Institute serves as the data controller for all personal information processed within our educational and administrative activities.

3. Types of Personal Information We Collect
We collect and process the following categories of personal information:

3.1 Student Information
Basic Personal Data: Full name, date of birth, nationality, gender, contact information (address, phone numbers, email addresses)

Educational Records: Academic transcripts, examination results, attendance records, assessment scores

Application Data: Admission documents, entrance examination results, language proficiency certificates

Financial Information: Tuition payment records, scholarship information, financial aid applications

Identity Documents: Passport information, visa status for international students, identification numbers

3.2 Health and Medical Information
Health Records: Medical certificates, vaccination records, health insurance information

Special Medical Data: Information required for medical program participation and clinical training

Emergency Contact Information: Details of family members or guardians for emergency situations

3.3 Staff and Faculty Information
Employment Data: Job applications, qualifications, employment history, performance evaluations

Professional Information: Academic credentials, research activities, publication records

Administrative Data: Payroll information, benefits records, training certificates

3.4 Visitor and Website User Information
Website Usage Data: IP addresses, browser information, cookies, website interaction data

Communication Records: Correspondence, inquiries, feedback, and support requests

4. Purposes of Data Processing
We process personal information for the following legitimate purposes:

4.1 Educational Services
Student admission and enrollment processes

Academic program delivery and assessment

Student support services and academic counseling

Graduation and certification procedures

Alumni relations and career services

4.2 Administrative Functions
Staff recruitment and human resource management

Financial management and accounting

Facility management and security

Compliance with legal and regulatory requirements

4.3 Research and Quality Improvement
Educational research and program development

Statistical analysis for institutional improvement

Academic quality assurance and accreditation

4.4 Communication and Marketing
Official communications with students and staff

Marketing our educational programs to prospective students

Alumni engagement and fundraising activities

5. Legal Basis for Processing
Our processing of personal data is based on the following legal grounds as defined by Ukrainian data protection law:

Consent: Where individuals have provided explicit consent for specific processing activities

Contractual Necessity: For fulfilling educational contracts and employment agreements

Legal Obligation: To comply with Ukrainian education laws and regulations

> G V: Legitimate Interests: For institutional operations, security, and educational quality assurance

Public Interest: For educational and research activities serving public health objectives

6. Data Sharing and Disclosure
We may share personal information in the following circumstances:

6.1 Internal Sharing
With authorized Institute staff and faculty on a need-to-know basis

Between departments for legitimate educational and administrative purposes

With IT support staff for system maintenance and technical support

6.2 External Sharing
Government Authorities: When required by Ukrainian law or regulation

Educational Partners: With partner institutions for joint programs or student exchanges

Medical Facilities: With clinical training sites for practical education

Professional Bodies: For accreditation, licensing, and quality assurance purposes

Service Providers: With third-party contractors providing services to the Institute

6.3 International Transfers
For international students and academic partnerships, we may transfer data outside Ukraine in compliance with Ukrainian data protection requirements. Such transfers will include appropriate safeguards to protect personal information.

7. Data Security Measures
We implement comprehensive security measures to protect personal information:

7.1 Technical Safeguards
Secure IT infrastructure with access controls and encryption

Regular system updates and security patches

Secure data backup and recovery procedures

Network security monitoring and intrusion detection

7.2 Administrative Safeguards
Staff training on data protection and privacy requirements

Access controls limiting data access to authorized personnel

Regular review and update of security policies and procedures

Incident response procedures for security breaches

7.3 Physical Safeguards
Secure facilities with controlled access to data storage areas

Locked filing cabinets for paper records

Surveillance systems and security personnel as mentioned in our facilities

8. Data Retention
We retain personal information only as long as necessary for the purposes for which it was collected or as required by Ukrainian law:

Student Records: Academic records are retained according to Ukrainian educational record-keeping requirements

Employment Records: Staff information is retained for the duration of employment plus required retention periods

Financial Records: Financial information is kept according to accounting and tax law requirements

Research Data: Research-related personal data is retained according to research ethics guidelines and legal requirements

9. Individual Rights
Under Ukrainian data protection law, individuals have the following rights regarding their personal information:

9.1 Right of Access
Right to request information about what personal data we process

Right to receive a copy of personal data we hold

9.2 Right to Rectification
Right to request correction of inaccurate or incomplete personal data

Right to update personal information when circumstances change

9.3 Right to Erasure
Right to request deletion of personal data in certain circumstances

Subject to legal requirements for record retention

9.4 Right to Object
Right to object to certain types of data processing

Right to withdraw consent where processing is based on consent

9.5 Right to Data Portability
Right to receive personal data in a structured, commonly used format

Right to transmit data to another organization where technically feasible

10. Data Protection Officer
The Institute has designated a Data Protection Officer responsible for:

Overseeing compliance with data protection requirements

Serving as the primary contact for data protection inquiries

Conducting privacy impact assessments when required

Providing data protection training to staff

Contact Information:
Data Protection Officer
Dnipro Institute of Medicine and Public Health
Email: admin@dimh.edu.ua
Phone: +38 (093) 299-07-07

11. Breach Notification > G V: In the event of a data security breach that poses risks to individuals’ rights and freedoms, we will:

Notify the Ukrainian Parliament Commissioner for Human Rights within the timeframe required by law

Inform affected individuals when required by Ukrainian data protection legislation

Take immediate steps to mitigate the breach and prevent future occurrences

12. Cookies and Website Technologies
Our website uses cookies and similar technologies to:

Ensure proper website functionality

Analyze website usage and improve user experience

Provide personalized content and services

Users can control cookie settings through their browser preferences.

13. Contact Information
For questions, concerns, or requests related to this Privacy Policy or our data protection practices, please contact:

Dnipro Institute of Medicine and Public Health
Address: 21001, Ukraine, Vinnytsia, 4 Akademika Yanhelya Street
Phone: +38 (093) 299-07-07
Email: admin@dimh.edu.ua
Website: https://dimh.edu.ua/en/

Ukrainian Parliament Commissioner for Human Rights (Data Protection Authority)
For complaints about our data protection practices:
Website: https://www.ombudsman.gov.ua/en/page/zpd/

14. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable laws. We will:

Post the updated policy on our website with the effective date

Notify affected individuals of significant changes when required by law

Ensure continued compliance with Ukrainian data protection requirements

15. Language and Interpretation
This Privacy Policy is provided in English for international accessibility. In case of any discrepancy between language versions, the Ukrainian version shall prevail for legal purposes, in accordance with Ukrainian law requirements.

This Privacy Policy demonstrates our commitment to protecting personal information and complying with Ukrainian data protection legislation while supporting our educational mission in Dnipro Institute of Medicine and Public Health.