USAID Cybersecurity for Critical Infrastructure in Ukraine
SMB Mentor-Protégé Program

About the SMB Mentor-Protégé Program

The Small & Medium Business (SMB) Mentor-Protégé Program is a business development component of the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity designed to improve the performance and sustainability of small & medium sized Ukrainian cybersecurity service providers (Proteges) through structured association with larger multinational businesses with more mature cybersecurity capabilities (Mentors).One of the objectives of the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity is to develop and support small and medium businesses (SMBs) working in the cybersecurity sector in Ukraine, this objective includes SMB Acceleration Program and an SMB Mentor-Protégé Program.

Switch to SMB Acceleration Program

Goals of the SMB Mentor-Protégé Program

Augment the cybersecurity preparedness and resilience of Ukraine.

Promote the rapid maturation of existing cybersecurity capabilities of Ukrainian small & medium cybersecurity providers:

◦ Small Business
◦ Woman owned
◦ Veteran owned

Stimulate increased interaction between Ukrainian small & medium business and multinational companies.

Increase Government of Ukraine (GOU) public-private interaction with Ukrainian small & medium cybersecurity providers.

SMB Mentor-Protégé Program Benefits

PUBLIC / PRIVATE SECTOR BENEFITS

◦ Improved cybersecurity preparedness and resilience of Ukraine

◦ Augmented economic opportunities for Ukrainian cybersecurity providers

◦ Exposure to increased base of Ukrainian cybersecurity providers with assessed capabilities

◦ Stimulated marketplace growth through increased competition

MENTOR BENEFITS

◦ Develop business relationships with small & medium businesses

◦ Exposure to innovative approaches and technology

◦ Enhance the cybersecurity capabilities of the enterprise

◦ Introduction to new market prospects

◦ Foster goodwill and corporate responsibility

◦ Opportunity for involvement with USAID Cybersecurity for Critical Infrastructure activities

PROTÉGÉ BENEFITS

◦ Increased technical and administrative assistance

◦ Connection to multi-national cybersecurity marketplace

◦ Develop business relationships with large business

◦ Exposure to potential subcontracting opportunities

◦ Improved competitive advantage

◦ Opportunity for involvement with USAID Cybersecurity for Critical Infrastructure activities

◦ Investment opportunity

Timeline

Who can participate

MENTOR ELIGIBILITY

Mentor Applicants that meet the following requirement criteria are considered eligible for the program:

◦ Originate from a non-Ukrainian home of record

◦ Currently registered to conduct business in Ukraine

◦ Have conducted business within the borders of Ukraine within the last 3 years

◦ Are classified as a medium or large business according to EU or USA business classification standards

◦ Possess a dedicated cybersecurity business capability or similarly related Information Technology capability

◦ Willing to submit a Cybersecurity Maturity Self-Assessment Questionnaire

PROTÉGÉ ELIGIBILITY

Protégé Applicants that meet the following requirement criteria are considered eligible for the program:

◦ Originate from a Ukrainian home of record

◦ Currently registered to conduct business in Ukraine

◦ Have conducted business within the borders of Ukraine within the last 3 years

◦ Are classified as a small or medium business according to Ukrainian business classification standards

◦ Possess a dedicated cybersecurity business capability or similarly related Information Technology capability

◦ Willing to submit a Cybersecurity Maturity Self-Assessment Questionnaire

How to apply for the SMB Mentor-Protégé Program

Each Mentor and Protégé will apply for separately through the USAID Cybersecurity for Critical Infrastructure Mentor-Protégé Program web-portal for review and approval. Applicants should be prepared to provide the following information: points of contact, the legal name of the company, legal form of company, economic activity classifiers, address, and be willing to submit a cybersecurity self-assessment questionnaire.

SMB Mentor-Protégé Application Form

Privacy Policy

DAI Privacy Policy

DAI Global LLC ("DAI", "we", "us", or "our") recognizes the importance of protecting personal information and data. This policy outlines how and why we collect, process, and handle personal data. This policy also informs individuals ("you", "your", or "their") about their rights as data subjects regarding their data. This policy applies to personal data provided to us, both by individuals themselves or by third parties. Our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please go to the relevant sections of this policy.

Relevant Regulations

As a global development firm, DAI maintains a legal presence in many different countries and we adhere to the regulations and requirements to each jurisdiction as applicable. For the purposes of personal information and data, DAI's policy is designed to meet the requirements and uphold the principles of the Ukrainian data protection laws (DP Laws), which include the following:

  • Law of Ukraine No. 2297-VI "On Personal Data Protection" dated 1 June 2010 as amended;
  • Procedures for notifying the Ukrainian Parliamentary Commissioner for Human Rights of processing personal data constituting particular risk for rights and freedoms of data subjects, of a structural unit or authorized person organizing work related to personal data protection during processing, and making this information publicly available, and respective clarifications of this procedure (approved by the Order of the Ukrainian Parliamentary Commissioner for Human Rights (the Ombudsman) No. 1/02-14 dated 8 January 2014) (the Procedure); and
  • Clarification of certain issues of the Procedure (approved by the Ombudsman on 8 January 2014).

Given that DAI follows best practices in the area of data privacy, some provisions outlined by the European Union's (EU) General Data Protection Regulations (GDPR) may also apply to certain processing actions.

Definitions

For the purposes of this policy, DAI uses the terms as defined by the DP Laws and GDPR. For the matter of convenience, some of these definitions are outlined below:

"Personal data" means any information relating to an identified or identifiable natural person ("data subject").

"Cookie" means a small text file that a website stores on your computer or mobile device when you visit the website.

"Consent" means any freely given, informed indication of the data subject's approval for the processing of their personal data for the specified purposes, made in writing or any other form allowing to confirm such approval.

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Data controller" means a natural or legal person who (either alone or in common with the other persons) determines the purpose for which and the manner in which your personal data is or can be processed.

"Data processor" means any natural or legal person who processes the data on behalf of the data controller.

"SMB" means small and medium business.

Collection of Personal Data

We will only collect your personal data where it is necessary for a genuine business-related purpose. This data is typically collected directly from you for the agreed purposes, which include but are not limited to:

  • participation of the company you have established relations within the SMB Acceleration Program and/or in the SMB Mentorship Program;
  • providing you with the relevant information, news and updates upon your subscription to our mailout;
  • providing you with notifications about your subscription, including updates on the terms of use of your data;
  • for the performance of our obligations and enforcement of our rights arising from any relationship entered into between you and DAI; and
  • any other purposes upon receiving your consent for this.

If we need to use your personal data for purposes other than outlined above, we will notify you of the same and obtain your consent prior to such processing.

The types of personal data we may collect include but may be not limited to:

  • full name;
  • phone number;
  • email address;
  • city and country of residence.

We do not collect your sensitive personal data (e.g., racial or ethnic origin, health data, etc.). However, if this takes place, we will ask for your explicit consent for such processing, unless there are other legal bases for such processing, e.g., you explicitly make your sensitive personal data publicly available.

DAI collects personal data in a lawful and fair manner. We collect your personal data in a variety of ways, including but not limited to:

  • when filling in the form for the participation in the SMB Acceleration Program and/or SMB Mentorship Program;
  • when your company participates in the SMB Acceleration Program and/or SMB Mentorship Program;
  • inquiries made by you through our website and comments you make through our websites;
  • when you subscribe to our mailing list; and
  • when you use our website.

In the majority of cases, DAI collects personal data directly from you (e.g., when you subscribe to our mailout or submit a form for the participation in SMB Acceleration and/or Mentorship Program), and usually acts as the data controller and therefore has respective obligations towards you with regard to the processing of your personal data.

If we receive your personal data for processing from a third party, it is likely that we act as the data processor on behalf of such a third party acting as the data controller.

The key legal basis for collecting and further processing of your data by DAI is your consent. When DAI acts as the data controller, we collect your consent directly from you. If DAI acts as the data processor by receiving your data from a data controller, it is the obligation of such data controller to obtain your consent for your personal data being transferred and processed by DAI.

You can withdraw your consent at any time. This, however, can result in the practical impossibility of DAI to further provide you with some of our services. Please note that the withdrawal will impact only the future processing of your personal data.

There may be cases when your personal data may be processed under other legal bases as defined by the applicable laws.

Use of Personal Data

We use your personal data for the following processing activities: recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Sharing of Personal Data

DAI may share your personal data with third parties only when we are legally permitted or required to do so.

Personal data processed by DAI may be transferred to the following third parties:

  • companies of the DAI group;
  • experts of the SMB Acceleration and/or Mentorship Program;
  • third parties (contractors, service providers, etc.) we use to support DAI activity for processing of your data for the purposes and within the scope outlined by DAI. Such transfer may be required, e.g., for the purposes of storing your personal data and is supported by respective contractual obligations; and/or
  • law enforcement, government, or other regulatory agencies as provided for by law.

Where your data is transferred to processors (if DAI acts as the data controller) or sub-processors (if DAI acts as the data processor), DAI requires the receivers of your personal data to implement measures for ensuring the security of your personal data by way of imposing respective contractual obligations.

If we transfer your data to third parties other than outlined in this policy, we will notify you of the same within 10 business days unless we are prohibited from doing so by applicable laws.

Your personal data may and will be transferred to and further processed outside of Ukraine to the jurisdiction in which data protection laws may be different from the DP Laws and may not provide adequate protection to your personal data. DAI takes the necessary steps to ensure that your personal data is secured and is not transferred outside of Ukraine unless the receiving party has adequate controls in place.

Your consent to this policy followed by your submission of your personal data represents your familiarization with the outlined potential transfers.

If your personal data is to be transferred outside of Ukraine, it can be done under one of the following legal bases:

  • transfer is made to the members states of the European Economic Area or the signatories of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data;
  • you provide your explicit consent for the transfer;
  • we are required to transfer your personal data for the performance of a contract between you and DAI for your benefit;
  • transfer is performed to protect your vital interests; or
  • transfer is required to protect the public interest or fulfil legal requirements (e.g., in case of a legitimate request from foreign law enforcement authorities).

Retention of Personal Data

DAI aims at not keeping your personal data for longer than reasonably required for the purposes for which personal data was collected. The retention period of your personal data may be subject to legal or regulatory requirements of the location of the data processing.

When your personal data is processed for reasons other than a legal requirement or contractual engagement (e.g., for the newsletters), we will maintain that data until your request for its erasure.

We may also keep your personal data for resolving potential disputes within the statute of limitation established by applicable laws.

Upon the expiration of the retention period, we erase your personal data.

Security of Your Personal Data

DAI ensures the implementation of proper technical and organizational measures to secure the processing of your personal data. Processing of personal data by our employees or other authorized persons is subject to their confidentiality obligations.

Please remember that despite all the implemented measures, any processing of your personal data by electronic means cannot guarantee 100 percent security of your personal data.

Your Rights Regarding Your Personal Data

DAI respects and supports your rights as the data subject and applies them to personal data held by us. These rights include:

  • Right to know about the sources of collection and location of your personal data, the purpose of their processing, location of the data controller/processor or empower other persons to get this information;
  • Right to obtain information about conditions for providing access to your personal data, in particular, information about third parties, which your data is transferred to;
  • Right to access your personal data held by us. Subject to certain conditions, you are entitled to have access to and receive a copy of your personal data processed by DAI free of charge;
  • Right to obtain information on whether your personal data is being processed and the content of such data within 30 calendar days;
  • Right to object to processing. Subject to certain conditions, you have the right to object to the processing of your personal data;
  • Right to correction and right to erasure. It is our obligation to correct your data upon your written request. However, we encourage you to notify us about any changes in your personal data as soon as you become aware of such changes – this will help us to properly hold your personal data. Subject to certain conditions, you are entitled to have your personal data erased (e.g., where your personal data is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful);
  • Right to protect your personal data from illegal processing and accidental loss, destruction, damage, as well as from provision of information that is inaccurate or discrediting honor, dignity and business reputation;
  • Right to apply to the Ombudsman or a court with claims regarding the processing of your data;
  • Right to use remedies in case of violation of data protection regulations;
  • Right to restrict processing when providing your consent;
  • Right to withdraw consent. As stated above, if our processing of your personal data is based on your consent, you are entitled to withdraw it at any time. This will impact only the future processing activities of DAI. The withdrawal of your consent can be subject to certain conditions based on legal obligations imposed on DAI;
  • Right to know the logic of automatic processing if applicable;
  • Right to protect yourself from automated decision-making (if applicable) that has legal consequences for you; and
  • Right to data portability. Subject to certain conditions, you are entitled to receive the personal data which you have provided to us and which is processed by us by automated means, in a structured, commonly-used machine-readable format to be further transferred to another data processing party.

For ensuring the execution of your data subject rights, DAI may need to request additional information regarding the specifics of the request, as well as confirm your identity. We will respond to these requests in accordance within one month once we confirm the validity of the request by either satisfying your request or providing a justified refusal to the same.

You can submit a request for the execution of your data subject rights through the channels outlined in the "Contact for Requests and Complaints" section below.

Breaches of Personal Data

DAI applies best business practices and security systems to protect personal data. If a  personal data breach occurs, DAI would respond to the breach as required by the relevant regulations. If you are aware of a breach of personal data that involves DAI, please contact Info_USAIDCybersecurity@dai.com immediately.

Information Collected by DAI's Website

DAI aims at improving performance of our website and making your use of our website more comfortable. For this, we use cookies. Their usage allows DAI to understand how you interact with the content of our website, e.g., cookies may keep information about your language preference so that you do not need to select your language when visiting our website next time.

By using cookies, DAI does not collect or process identifiable data of our website visitors – all collected data is anonymized.

We use several types of cookies – necessary and optional ones. You can opt in the optional cookies. You can also opt-out of necessary cookies. However, we cannot guarantee the correct work of our website in this case.

Our website may also use cookies of third parties. Third party cookies are operated by such third parties and DAI is not responsible for the data collected through such cookies.

Images Utilized by DAI

DAI may use photos with your image therein to demonstrate the nature and impact of our work. DAI notifies you of taking your pictures by way of, e.g., placing clear, informative signs. In other cases, to the extent possible, DAI seeks your consent to publish the photos with your image, where we have the necessary information to identify you. If you object to your image being placed by DAI, please contact Info_USAIDCybersecurity@dai.com to raise your concern in this regard.

Contact for Requests and Complaints

If you have questions with regard to the DAI's Privacy Policy or how your personal data is being processed by us, you can submit your request and/or complaint to Info_USAIDCybersecurity@dai.com.

Email communication to the above address is the quickest way to receive a response from DAI. However, you may also submit requests and/or complaints in writing to the contacts below: