POLICY OF CONFIDENTIALITY AND PERSONAL DATA PROCESSING IN THE "EARNIE" APP

Revised on the 4th of March, 2023

This Policy of Confidentiality and Personal Data Processing (hereinafter also referred to as the "Regulation") developed on the basis of the European Union "On the protection of Individuals in the processing of personal data and on the free circulation of such data (General data Protection Regulation)" and other international legal acts.

This regulation establishes the common goals, principles and rules for the processing of personal data of users of the Earnie Application (hereinafter referred to as the "Application"). and defines the main measures implemented by the Administrator to protect the personal data of users of the Application.

Administrator is acting in the capacity of operator who organizes and performs the processing of personal data, provides the protection of rights and freedoms of its clients when processing their personal data and takes measures to ensure the fulfillment of the obligations provided for by the Federal Law "On the Protection of Personal Data" and EU Regulation No. 2016/679.

This regulation is accessible to general use and is subject to be added to the Application and comes into force from the moment of its publication.

1. GENERAL DEFINITIONS

1.1. Administrator is a person who processes personal data of Users of the Application.

1.2. Personal data protection is the operator's activity aimed at prevention of the leakage of personal data that is being protected, and at the prevention of the unauthorized and unintentional impacts on the personal data that is being protected.

1.3. Personal data system is the collection of personal data contained in databases, information technologies and technical means that provide the processing of such data.

1.4. Confidentiality of personal data is a requirement (mandatory for the operator) for the nondisclosure and nondissemination of the User's personal data (without their consent or other legal grounds) to third parties.

1.5. Mobile device means a tablet, mobile phone, communicator, smartphone or other device that allows to use the Application for its functional purpose.

1.6. Personal data processi

1.7. Personal data means any information related dng refers to any action (operation) or a set of actions (operations) performed with or without the use of automation means and involving personal data - including the collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer, including cross-border transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data. irectly or indirectly to a specifically or indirectly defined individual (the subject of personal data).

1.8. User means the subject of personal data to whom the personal data processed by the Administrator belongs.

1.9. The "Earnie" application is a computer program (the exclusive right to which belongs to the Administrator by virtue of the fact of its creation), intended for its installation and use on a Mobile device.

1.10. Website is a web page (a collection of web pages) in the Internet, located at the following address: https://earnie.finance through which the User can obtain various information about the Application, perform other actions provided for by the functional purpose of the web-site.

1.11. Personal data leakage is a security breach that leads to the accidental or illegal destruction, loss, alteration, unauthorized disclosure or access to the transmitted, stored or otherwise processed personal data.

1.12. Cookies is a piece of data sent by the web server and stored on the User's computer, which the web client or web browser sends to the web server each time by the HTTP request when trying to open a webpage of the corresponding site.

1.13. IP-address means a unique network address of a node in a computer network built according to the IP protocol.

2. PURPOSES OF PERSONAL DATA PROCESSING

2.1. The Administrator processes the personal data of Users for the following purposes:

2.1.1. Providing the User with information about the Application via telephone communication, SMS messages, and email;

2.1.2. Providing the User with advisory services of Administrator on the use of App.

2.1.3. Other purposes provided for by the legislation of the EU Regulation No. 2016/679.

3. POLICIES OF THE PERSONAL DATA PROCESSING

3.1. The processing of personal data by the Administrator is based on the policies established by the Federal Law "On the Protection of Personal Data", EU Regulation No. 2016/679 and it involves the necessity of protecting rights and freedoms of subjects of personal data, including the protection of the right to personal and family privacy, namely:

3.1.1. The processing of personal data is carried out on a legal and fair basis.

3.1.2. The processing of personal data is carried out only with the consent of the User.

3.1.3. The processing of personal data is limited to the achievement of specific, predetermined and legitimate goals. Processing of personal data that is incompatible with the purposes of collecting personal data is not allowed..

3.1.4. It is not allowed to integrate databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other.

3.1.5. Only personal data that meets the purposes of their processing is subject to processing.

3.1.6. The content and scope of the processed personal data must correspond to the stated purposes of processing. The personal data processed must not be redundant in relation to the stated purposes of their processing.

3.1.7. When processing personal data, the accuracy of personal data, its sufficiency, and, if necessary, its relevance to the purposes of personal data processing are ensured. The Operator takes the necessary measures to delete or clarify incomplete or inaccurate data.

3.1.8. The storage of personal data must be carried out in a form that allows to identify the User, no longer than required according to the purposes of processing personal data, unless the period of storage of personal data is established by federal law or an agreement. The processed personal data is subject to destruction or depersonalization upon achievement of the processing purposes or in case of no further need to achieve these purposes, unless otherwise is provided by law.

4. PERSONAL DATA PROCESSED

4.1. Within the framework of use of the Application, the Administrator processes the following User data:

4.1.1. Email address;

4.1.2. data about the User's account in the social network (when registering/logging in through the corresponding social network or by independently specifying such data in the Application);

4.1.3. data about the Mobile device (including the resolution, release No., and other attributes that define the device);

4.1.4. user clicks, views of App content;

4.1.5. session details;

4.1.6. information about the time of the visit;

4.1.7. User's ID;

4.1.8. User's IP address.

4.2. The Administrator may also process other personal data of Users necessary for the purposes of processing personal data specified in Section 2 of this Regulation.

4.3. The User has all the rights provided for by EU Regulation No. 2016/679.

4.4. User confirms that he/she has become familiar with this Policy of Confidentiality and gives his informed and voluntary consent to the processing of personal data from the moment of entering into this User Agreement.

5. PERSONAL DATA PROCESSING

5.1. The processing of personal data is carried out voluntarily on the basis of the User Agreement concluded with the User, unless otherwise was provided by the current legislation.

5.2. The Administrator has the right to perform automated, non-automated and mixed-type processing of personal data. During the processing of personal data, a User profile can be created which is necessary for the most efficient use of the Application.

5.3. The processing of personal data is carried out by the means of:

- Receiving information containing personal data, either verbal or in written form, directly from the User;

- Obtaining personal data from publicly accessible sources.

5.4. The administrator performs the following types of personal data processing: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

5.5. User's requests to provide information about the personal data processed by the Administrator, as well as requests to block, change, clarify or delete personal data, are to be sent by User by e-mail, postal communication, or courier. Requests are sent from the email address previously provided by the User to the Administrator.

5.6. Administrator handles the requests of subjects of personal data and sends out the responses to Users within 30 (thirty) days.

5.7. Requests to change incomplete, inaccurate or irrelevant personal data, as well as requests to delete data that was illegally obtained by the Administrator or does not correspond to the stated purposes of processing, are subject to consideration within 7 (seven) business days.

5.8. The Administrator's response to the User's request is sent to the address specified by the User in the corresponding request and in the same form.

5.9. The User has the right to withdraw his consent to the processing of personal data at any time. Withdrawal of consent to the processing of personal data is carried out by sending a corresponding application in accordance with the procedure provided for in clause 5.5. of this Regulation.

5.10. All disputes that arise between the Administrator and the User, the parties try to settle through negotiations. In the case of impossibility for amicable dispute resolution, the User has the right to file a complaint to the relevant authorized body for the protection of the rights of personal data subjects or with a statement of claim to the court.

5.11. According to the provisions of EU Regulation No 2016/679, Users who are citizens of the European Union have the right to transfer their stored personal data and to obtain a copy of the stored personal data.

The processing of the User's personal data is carried out during the entire period of validity of the contractual obligations between the Administrator and the User or until the User withdraws consent to the processing of his personal data in accordance with the procedure specified in clause 5.9. of this Regulation.

6. PERSONAL DATA SECURITY PROTECTION

6.1. In accordance with the authorized state authority for the protection of the rights of personal data subjects, the Administrator takes the necessary organizational, legal and technical measures to protect personal data from accidental or unauthorized access, destruction, modification, blocking of access and other unauthorized actions.

6.2. The security measures implemented by the Administrator when processing personal data may include, but are not limited to the following:

6.2.1. Identification of personal data security threats during its processing in personal data information systems.

6.2.2. The application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems, essential for meeting the requirements for the protection of personal data, the implementation of which ensures the levels of personal data protection.

6.2.3. The use of information security tools that were taken through the compliance assessment procedure in accordance with the established procedure.

6.2.4. Assessment of the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the personal data information system.

6.2.5. Taking into account machine-based personal data carriers.

6.2.6. Detection of unauthorized access to personal data and taking measures in connection with such situations.

6.2.7. Recovery of personal data modified or destroyed as a result of unauthorized access.

6.2.8. Establishing the rules for the access to personal data processed in the personal data information system, as well as ensuring the registration and accounting of all actions performed with personal data in the personal data information system.

6.2.9. Obtaining control over the measures taken to ensure the security of personal data and the level of security of personal data information systems.

6.3. Liability for violation of the requirements of the European Union with regard to the processing and protection of personal data is determined in accordance with the legislation of the relevant state (country).

7. ADMINISTRATOR. CONTACT DETAILS

Konev Nikita
Citizen of the State of Israel (passport 9316941, date of issue: 9th of January, 2022)
+972534211394
capitalistapps.owner@gmail.com
2222735 Israel, Nahariya, Levi Ashkol street 39 flat 3

Back