The Data Security Policy sets forth the purposes, grounds and methods of processing of personal data as well as the rights of Users directly related to the processing of personal data of Avatly Portal Users (here in after referred to as: the Portal) by its operator – Avatly L.L.C-FZ registered in the UAE, License number: 2201643.01, Business Center 1, M Floor, Nad Al Sheba, Dubai, U.A.E. The Controller of Users’ personal data is Avatly L.L.C-FZ registered in the UAE, License number: 2201643.01, Business Center 1, M Floor, Nad Al Sheba, Dubai, U.A.E. , e-mail address: [email protected] Avatly processes personal data under the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as: the GDPR) The processing of personal data shall mean all activities performed on personal data, in particular their collection, recording, storage, downloading, retrieval, use, transmission, erasure or destruction thereof.
2. SCOPE, PURPOSE AND LEGAL GROUNDS FOR PERSONAL DATA PROCESSING
3. USERS’ RIGHTS CONNECTED WITH PERSONAL DATA PROCESSING
In particular, the User has the right to: access data, rectify personal data, erase, limit processing, object to processing, personal data portability with the proviso that the right to data portability shall only apply to data which have been processed by automated means. Where processing of the User’s personal data is based on the User’s consent, the User may revoke the consent at any time, without prejudice to the processing of personal data prior to the revocation of consent. Avatly may refuse to comply with a request for data erasure in cases provided for by law, in particular if further processing is necessary for compliance with a legal obligation requiring processing under EU or national law, or for the establishment, redressing or defence of claims. Data erasure is not possible, in particular, if a person remains a registered user of the Portal and still wants to use the functionalities of the Portal. The User can delete their account at any time, but deleting the account is not equivalent to data erasure. In the event of account deletion, Avatly processes personal data for further 6 years counted from the date of such deletion, in order to comply with legal obligations and possible redressing or defence of claims, which applies to users who have made tokens exchanges, among others. Promptly upon the received request to delete data, Avatly deletes the data of users who registered an account but did not use any of its features, as well as individuals who were not users of the service but contacted Avatly. In case of infringement of the User’s personal data, the User has the right to lodge a complaint with the relevant supervisory authority. The request to exercise the rights referred to in items 1-2 hereinabove shall be sent by the User to the following e-mail address: [email protected]
4. PERSONAL DATA PROCESSING RULES
The processing of Users’ data is carried out in accordance with the principles of adequacy, expediency and minimalism, to the extent necessary for the proper functioning of the Portal and the Application, including the enhancement of their functionality, the proper performance of the mutual agreement concluded between the User and Avatly in connection with the downloading of the Application, the proper execution of the transaction of exchange of the token, withdrawal or conversion, and in order to properly safeguard the rights and interests of Avatly and the Users. Avatly takes the utmost care to ensure that the data processed are factually correct and up-to-date. The factual correctness and validity of the data depends largely on the Users. The Users shall immediately inform Avatly of any changes to their data. The processing of Users’ data is carried out with the utmost care for their security, with the use of appropriate organisational and technical measures. Due to the development of modern technologies and the possibility of third parties taking unlawful actions and violating the interests of the Users, it is not possible to ensure complete security, inviolability and integrity of data. The Users are aware of these risks and accept them. Personal data are processed by automated means using Avatly software. Automated processing is performed to optimize the results of the token acquisition by the Device on which the Application is installed.
5. COOKIES FILES
The appropriate contact for all matters related to the Users’ data, including the provisions of the Data Security Policy, is the e-mail address: [email protected]
7. AMENDMENTS OF THE DATA SECURITY POLICY