Privacy Policy
Last updated: June 14, 2026
1. General provisions
1.1. This Privacy Policy (the “Policy”) defines how personal data of the users of the website administered by St. Nicholas Monastery, EDRPOU code 26278106, registered address: 1 Kovelska Street, Zhydychyn Village, Lutsk District, Volyn Region, 45240, Ukraine (the “Website”), is collected, used, stored and protected.
1.2. St. Nicholas Monastery is the owner and controller of personal data within the meaning of the legislation of Ukraine.
1.3. Personal data is processed in accordance with the legislation of Ukraine, in particular the Law of Ukraine “On Personal Data Protection”, and, where data of persons located in the European Union is processed, taking into account the requirements of the GDPR.
1.4. By using the Website, the user confirms that they have read this Policy.
2. Information collection
2.1. St. Nicholas Monastery may process the following personal data voluntarily provided by the user:
1. first and last name;
2. email address;
3. phone number;
4. other data provided through feedback forms, ordering of services (for example, submitting prayer notes/commemorations) or making a donation.
2.2. The following technical and analytical data may be collected automatically:
1. IP address (used temporarily, not stored in analytics in an open form);
2. browser and device type, approximate location (country/city);
3. data on visited pages and interaction with them;
4. cookies and similar technologies (see Section 7);
5. aggregated analytical data obtained via analytics services (Google Analytics);
6. aggregated de-identified search data from Google Search Console (no personal data).
2.3. Analytics tools (Google Analytics) are loaded solely after the user grants consent via the consent banner (Section 7). Behavioural analytics is not collected before consent is given.
2.4. The Website does not provide for the creation of user accounts or registration.
3. Special categories of personal data (religious data)
3.1. Ordering prayer notes, commemorations and other spiritual services may contain data revealing a person’s religious beliefs. Such data belongs to special (sensitive) categories of personal data within the meaning of Article 7 of the Law of Ukraine “On Personal Data Protection” and Article 9 of the GDPR.
3.2. A prayer note/commemoration form can be submitted solely after the user ticks a mandatory checkbox consenting to the processing of the provided data, including data concerning religious beliefs. **Without ticking this checkbox the form cannot be submitted.** Ticking it constitutes the granting of voluntary explicit consent.
3.3. Such data is processed solely for the purpose of fulfilling the ordered spiritual service (commemoration, prayer).
3.4. If a note mentions data of other persons (those being prayed for), the user confirms that they have a lawful basis to disclose such data and that it is used only for the stated purpose.
3.5. The content of notes, names and other sensitive data is not used for analytics or advertising, is not transferred to analytical or automated (including AI) systems in an open form, and is stored with restricted access — only to authorised persons of the monastery.
4. Purposes of personal data processing
4.1. Personal data is processed for the following purposes:
1. responding to user inquiries;
2. processing voluntary donations;
3. fulfilling ordered spiritual or informational services;
4. sending informational messages — solely with the user’s consent;
5. improving the Website and analysing its use (on de-identified aggregated data);
6. complying with legal requirements.
5. Legal bases for processing
5.1. Processing is carried out on the basis of:
1. the data subject’s consent (for ordinary data — upon provision; for special categories — upon ticking the mandatory consent checkbox, Section 3);
2. the necessity to fulfil the user’s request (providing a service, processing a donation);
3. the legitimate interest of St. Nicholas Monastery, provided that such interests do not override the user’s rights;
4. compliance with the monastery’s legal obligations.
6. Payments and processing of financial data
6.1. Payments are processed via WayForPay.
6.2. A donation can be made only after the user ticks a mandatory checkbox consenting to the terms and to data processing. Without such consent a donation cannot be submitted.
6.3. St. Nicholas Monastery does not store or process the full details of users’ bank cards.
6.4. All payment operations are carried out in accordance with the rules and policies of WayForPay.
6.5. St. Nicholas Monastery is not liable for failures, errors or delays caused by WayForPay or banking institutions.
7. Analytics, cookies and consent
7.1. The Website uses two categories of cookies and similar technologies:
- **Necessary (essential)** — ensure basic operation of the Website, security and storing your choice regarding consent. They always work and do not require consent.
- **Analytics (Google Analytics)** — help understand how the Website is used in order to improve it. Loaded solely after your explicit consent.
Indicative list of cookies and similar technologies:
— Consent cookie (necessary): remembers your choice regarding cookies; duration — up to 12 months.
— Technical / session (necessary): security and basic operation of the Website; duration — session.
— Analytics identifier, Google Analytics (analytics): de-identified usage statistics, activated only after consent; duration — up to 12 months.
7.2. On the first visit a consent banner appears. Analytics technologies are activated only after clicking “Accept”. If you do not consent, the Website operates fully and behavioural analytics is not collected.
7.3. You may withdraw consent at any time — by clearing the Website’s cookies in your browser settings or by changing your choice again in the consent banner.
7.4. Analytics is collected in a de-identified aggregated form: identifiers are hashed, session recording is disabled, and personal data (names, email, content of inquiries) is not transferred to analytics.
7.5. De-identified aggregated data may be analysed by automated tools to understand the use of the Website and improve it. The content of prayer notes, inquiries, names and email is not transferred to such systems. The Website does not make decisions producing legal effects for the user solely on the basis of automated processing (within the meaning of Article 22 of the GDPR).
8. Hosting and technical infrastructure
8.1. The Website is hosted using the services of Hetzner. 8.2. St. Nicholas Monastery applies reasonable technical and organisational measures to protect personal data. 8.3. At the same time, no system of data transmission over the Internet can guarantee absolute security.
9. Transfer of personal data to third parties
9.1. Personal data may be transferred to third parties solely in the following cases:
1. where necessary to process payments;
2. where necessary for the operation of the Website (hosting, analytics services, technical support);
3. on the basis of legal requirements or a court decision.
9.2. List of the main recipients/processors of data:
— WayForPay — payment/donation processing (Ukraine).
— Hetzner — hosting of the Website and database (EU).
— Google Analytics — Website usage analytics, after consent (EU).
— Google (Search Console) — aggregated search statistics, no personal data (EU/US).
— Resend — sending service emails: receipts, replies (EU/US).
— YouTube / Google — playback of videos and live streams (EU/US).
— Telegram — bot and notifications.
Locations are stated as of the update date; transfer of data outside Ukraine/EU is governed by clause 9.3.
9.3. Where data is transferred outside Ukraine or the EU, appropriate legal safeguards are ensured in accordance with the requirements of applicable law.
10. Data retention periods
10.1. Data is stored no longer than necessary to achieve the purpose of processing:
- donation financial data — in accordance with tax and accounting law requirements (as a rule, not less than 1095 days / 3 years);
- prayer notes/commemorations — until the ordered commemoration period ends and up to 6 months thereafter;
- inquiries and questions — until a reply is provided and up to 12 months for quality control;
- analytics data — up to 12 months, after which it is de-identified or deleted;
- records of consent given — for the duration of the consent and up to 3 years after its withdrawal as proof of lawful processing.
10.2. After the purpose of processing is achieved, data is deleted or de-identified, unless otherwise required by law.
11. Rights of data subjects
11.1. The user has the right to:
1. obtain information about the processing of their data;
2. request access to their personal data;
3. request correction or updating of inaccurate data;
4. request deletion of data in cases provided by law;
5. withdraw consent to data processing;
6. lodge a complaint with the data protection supervisory authority.
11.2. To exercise their rights, the user may contact: [email protected].
11.3. A complaint may be lodged with a supervisory authority:
- in Ukraine — the Ukrainian Parliament Commissioner for Human Rights;
- where the GDPR applies — the relevant supervisory authority of the EU member state of residence.
11.4. Where the GDPR applies, the user also has the rights to data portability, to object to processing and to restriction of processing in the cases provided by the Regulation.
12. Changes to the Policy
12.1. St. Nicholas Monastery has the right to amend this Policy at any time.
12.2. A new version takes effect from the moment of its publication on the Website.
13. Contact information
For matters related to personal data protection, you may contact:
St. Nicholas Monastery
EDRPOU code: 26278106
Address: 1 Kovelska Street, Zhydychyn Village, Lutsk District, Volyn Region, 45240, Ukraine
Email: [email protected]

