EU PRIVACY POLICY for Cloud Mail.Ru

1. Who we are

1.1. We are LLC Mail.Ru  located at 39 bldg 79, Leningradskiy prospect, Moscow, Russia, 125167 (hereinafter "Mail.Ru").

1.2. This Privacy Policy sets out how we collect and use your personal information when you use Mail.Ru’s cloud mobile applications and Cloud Mail.Ru services (hereinafter the "Services") offered by Mail.Ru and the choices available to you in connection with our use of your personal information (hereinafter "Privacy Policy").

This Privacy Policy posted at https://help.mail.ru/legal/terms/cloud/eu-cloud/euprivacypolicy should be read alongside, and in addition to, end-user license agreement posted at https://help.mail.ru/editor/legal/terms/cloud/eu-cloud/eula (hereinafter the "EULA").

In case of any contradictions between this Privacy Policy and the EULA, this Privacy Policy will prevail.

2. This Privacy Policy

2.1. By making available the Services we, acting reasonably and in good faith, believe that you:

(a) have all necessary rights to register on and use the Services;

(b) provide true information about yourself to the extent necessary for use of the Services;

(c) understand that by the posting your personal information where it is accessible by other users of the Services you have manifestly made this information public, and this information may become available to other Service users, be copied and disseminated by them;

(d) understand that some types of information transferred by you to other Service users cannot be deleted by you or us;

(e) are aware of and accept this Privacy Policy.

2.2. We do not check the user information received from you, except where such check is necessary in order for us to fulfill our obligations to you.

2.3. This Privacy Policy applies only to the European Union-based users. If you are not a European Union-based user, please refer to the Privacy Policy applicable in the relevant jurisdiction.

3. Information we collect about you

3.1. In order to implement the agreement between you and us, and provide you with access to the use of the Services, we will improve, develop and implement new features to our Services, and enhance the available Services functionality. To achieve these objectives, and in compliance with applicable laws, we will collect, store, aggregate, organise, extract, compare, use, and supplement your data (hereinafter “processing”). We will also receive and pass this data, and our automatically processed analyses of this data to our affiliates and partners as set out in the table below and section 4 of this Privacy Policy.

3.2. We set out in more detail the information we collect when you use our Services, why we collect and process it and the legal bases below.

 

Information Collected

Purpose

Legal Basis

1

Data you provide for registering in the Services such as you first and last name, gender, date of birth, account name and mobile phone number

 

We use this information in order to manage and administer the Services provided to you.

 

We use this data to enable us to fulfill our obligations to you as part of the Services (e.g. in cases where you request restoration of your account).

Legitimate interests

 

 

Performance of our contract with you

2

Data you provide when you edit application settings, such as changing your first, last names and avatar picture for the account, changing mobile phone number, uploaded and downloaded files by your using the application.

We use this information in order to provide our Services to you, to manage and administer Services.

Legitimate interests

 

Performance of our contract with you

3

 Additional data received when you use the application and Services or send as part of your problem reports and support requests, including information regarding technical devices, technical interaction with the Services (device type, device model, your device name, OS name, OS version, app version, timezone, preferred language, network connection type, Wi-Fi network name, Wi-Fi hotspot MAC, mobile network operator, mobile network code (MNC), IP-address, IDFA, GAID, Open UDID, User ID, Apps Flyer UID,information about in-app purchases (date, time, amount),  application logs, anonymous crash logs, information about application usage and performance (total cloud size, number of files, amount of transferred data, response time, error codes).

We may access your location when you use the following features of applications: “Access Control” and “World Map”.

We may use your location in the feature “Access Control” if you give the app permission to access geo location.

We use your data for internal review in order to constantly improve the content of our Services, optimizing your user experience, to understand any errors you may encounter when using the Services, to notify you of changes to the Services and to personalise the use of our Services.

 

We may also use this data in order to tailor and improve the adverts that are presented to you to and measure the effectiveness of these advertisements.

Legitimate Interests

4

Information that is created by you while placing requests to our Services support.

We use this information in order to verify your identity and to fullfil your support request.

We may also use this data in order to investigate any complaints on your behalf and to provide you with a more efficient service.

Legitimate interests

 

Performance of our contract with you

5

Data obtained via third parties when you register in our Services via your social account and/or connect your social account to our Services (e.g. Facebook).

 

We import this information into the application.

We use this information in order to manage and administer the Services provided to you.

Legitimate interests

Performance of our contract with you

3.3. Our legitimate interests include (1) maintaining and administrating the Services; (2) providing the Services to you; (3) improving the Services; (4) processing of the data that was manifestly made public by you where it is accessible by other users of the Services; (5) ensuring your account is adequately protected; and (6) compliance with any contractual, legal or regulatory obligations under any applicable law.

3.4. Your personal information may also be processed if it is required by a law enforcement or regulatory authority, body or agency or in the defence or exercise of legal claims.

We will not delete personal information if it is relevant to an investigation or a dispute.

It will continue to be stored until those issues are fully resolved and/or during the term that is required and/or permissible under applicable/relevant law.

3.5. Please note, if you do not want us to process sensitive and special categories of data about you (including data relating to your health, racial or ethnic origin, political opinion, religious or philosophical beliefs, sex life, and your sexual orientation) you should take care not to post this information or share this data when using the Services.

Once you have provided this data, it will be accessible by other Services users or internet users and it becomes difficult for us to remove this data.

3.6. Please note, if you withdraw your consent to processing or you do not provide the data that we require in order to maintain and administer the Services, you may not be able to access the Services.

3.7. If we intend to further process your data for any other purpose to those set out in this Privacy Policy, we shall provide you with details of this further purpose before we commence processing.

4. Data sharing

4.1. We may share your data with MGL MY.COM (CYPRUS) LIMITED and other our affiliates. Sometimes we may also need to share your data with a third party in order to provide our Services to you or to administer the Services.

4.2. Our ad management is designed so that your information will not be shared directly with our third party advertisers. An advertiser can only choose to target advertisements to groups of users falling within criteria such as age group, gender or broad location (country, city). If you fall within one of the target groups you will receive an advert.

5. Privacy Settings

5.1. You may provide and withdraw you consent to receiving latest news about our products that we think you may be interested in via push notification, email and SMS by changing respective option in the "Privacy settings" section of the application settings.

5.2. The Services may contain links to sites operated by third parties. We are not responsible for your data privacy when you access these links or engage with third party services and you should ensure you review the relevant third party's privacy statement which will govern your data privacy rights.

5.3. We bear no liability for the actions of third parties which, as the result of your use of the internet or the Services, obtain access to your information in accordance with the confidentiality level selected by you.

5.4. We bear no liability for the consequences of use of the information which, due to the Services nature, is available to any internet user. We ask you to take a responsible approach to the scope of their information you upload and store using our Services

6. International Transfers

6.1. We may transfer and maintain on our servers or databases some of your personal information outside the European Economic Area (EEA) including in Russia.

6.2. The countries to which we transfer your data may not have the same data protection laws as your jurisdiction. We take reasonable cyber security measures and/or put in place the Standard Contractual Clauses (e.g. Model Clauses, Data Processing Agreement/Addendum) to ensure your data is adequately protected.

7. Retention Periods

7.1. We will retain your personal information for as long as required to perform the purposes for which the data was collected depending on the legal basis for which that data was obtained and/or whether additional legal/regulatory obligations mandate that we retain your personal information during the term that is required and/or permissible under applicable/relevant law.

7.2. You may permanently delete your account with all content by sending a support request via "Delete account" option of the application settings. The account will be deleted after processing your request by the support service providing that a positive decision.

7.3. If you stop using your account we will send you an email after 395 days from last session. Your account will be blocked after 30 days from the date of sending the email and you will  not uploaded and downloaded files by using your account. All you need to unblock is to sign in to the account. Otherwise after another extra 90 days of inactivity the account with all content  will be permanently deleted.

7.4. For the security reasons we will still retain the account name and the mobile phone number provided upon its registration.

7.4. We may block or remove your account for violations of the terms of service or statements of end-user agreement as provided by the Terms.

8. Your Rights

8.1. You have the following rights, in certain circumstances, in relation to your personal information:

(a) Right to access your personal information.

(b) Right to rectify your personal information:  you can request that we update, block or delete your personal data, if the data is incomplete, outdated, incorrect, unlawfully received or no longer relevant for the purpose of processing.

(c) Right to restrict the use of your personal information.

(d) Right to request that your personal information is erased.

(e) Right to object to processing of your personal information.

(f) Right to data portability (in certain specific circumstances).

(g) Right not to be subject to an automated decision.

(h) Right to lodge a complaint with a supervisory authority.

8.2. You also have a right to independently remove personal information on your account and make changes and corrections to your information, provided that such changes and corrections contain up-to-date and true information. You can also view an overview of the information we hold about you.

8.3. If you would like to exercise these rights, please contact Support Service via "Support" section of the application or send your request to us, in writing to 39 bldg 79, Leningradskiy prospect, Moscow, Russia, 125167. We will aim to respond to you within 30 days from receipt of request. We will need to verify your identity before we are able to disclose any personal data to you.

9. Security Measures

9.1. We take technical, organizational and legal measures, including, where suitable, encryption, to ensure that your personal data is protected from unauthorized or accidental access, deletion, modification, blocking, copying and dissemination.

9.2. Access to the Service can be authorized using your mobile phone number. Each time you login into the Service using your phone number, one-time code is sent to the mobile phone number you have provided upon registering in the Service.

Access to the Service can be authorized using unique credentials (a login and a password), which are confidential. The risk of fraud and other illegal actions performed by way of the user’s account due to the loss of the credentials shall rest with the User. We are advised to choose a sufficiently strong password to exclude the possibility of password guessing by third parties.

Access to the Service can be authorized using data from other websites or apps through oauth.

10. Changes to this Policy

10.1. From time to time, we may change and/or update this Privacy Policy. If this Privacy Policy changes in any way, we will post an updated version on this page. We will store the previous versions of this Privacy Policy in our documentation achieve.  We recommend you regularly review this page to ensure that you are always aware of our information practices and any changes to them.

11. Contact Us

11.1. If you have any questions, please send your inquiries to Service support via "Support" section of the application or in writing to 39 bldg 79, Leningradskiy prospect, Moscow, Russia, 125167. So we can deal with your enquiry effectively, please quote this Privacy Policy. We will aim to respond to you within 30 days from receipt of request.

11.2. All correspondence received by us from you (written or electronic inquiries) is classified as restricted-access information and may not be disclosed without your written consent. The personal data and other information about you may not be used without your consent for any purpose other than for response to the inquiry, except as expressly provided by law.

11.3. The e-mail address of our DPO is dpo@corp.my.com. 

Only the English version of this document has legal effect. Any translations of this document to other languages are provided for your convenience only.

Version 1.0 as of November 25, 2020.