Appendix No. 1
to Crypto News User Agreement
Date of publication and entry into force: “13” June 2023.
1. KEY DEFINITIONS
1.1. The terms and definitions specified in the Agreement shall apply to the relations between the parties under the Policy.
1.2. The following definitions apply to the relationship between the parties related to the processing of personal data.
1.2.1. Personal Data — any information relating directly or indirectly to a specific individual (subject of Personal Data) — Project User. Personal information (in addition to Personal Data) means personal information downloaded by the User on the Website and (or) in the Application or transmitted through electronic channels to the Operator, as well as personal information obtained during the Project use, which allows identifying the User as an individual — a subject of legal relations.
1.2.2. Personal Data Operator (Operator) means a person, independently or jointly with other persons (employees or third parties on the basis of special agreements/provisions in agreements) organizing and (or) performing Personal Data processing, as well as determining the purposes of Personal Data processing, the composition of Personal Data to be processed, actions (operations) performed with Personal Data. Under the Policy, the Operator is the Administrator. Hereinafter, the terms Operator and Administrator are equivalent.
1.2.3. Personal Data processing — any action (operation) or a set of actions (operations) with Personal Data performed with the use of automation means or without their use. Personal Data Processing includes, but is not limited to:
- clarification (updating, modification);
- transmission (distribution, provision, access);
1.2.4. Automated Personal Data processing — processing of personal data using computer technology.
1.2.5. Distribution of Personal Data — actions aimed at disclosing personal data to an unlimited number of persons.
1.2.6. Provision of Personal Data — actions aimed at disclosure of Personal Data to a certain person or a certain group of persons.
1.2.7. Blocking of Personal Data — temporary termination of processing of Personal Data (except the cases when processing is necessary to clarify Personal Data).
1.2.8. Destruction of Personal Data — actions that make it impossible to restore the content of Personal Data in the information system of Personal Data and (or) as a result of which material carriers of Personal Data are destroyed.
1.2.9. Depersonalization of Personal Data — actions that make it impossible without the use of additional information to determine whether the Personal Data belongs to a specific subject of the Personal Data.
1.2.10. Personal Data Information System — a set of Personal Data contained in databases and information technologies and technical means ensuring their processing.
1.2.11. Cross-border transfer of Personal Data — transfer of Personal Data to the territory of a foreign state to an authority of a foreign state, a foreign natural person or a foreign legal entity.
1.3. Other terms used in the Policy and (or) in the relations arising thereunder shall be construed in accordance with the laws of Dubai and, as applicable, the federal laws of the United Arab Emirates, and in the absence of their interpretation in the legislation, in accordance with codes of business conducts and scientific doctrine.
2. GENERAL PROVISIONS
2.1. By making the Acceptance of the Agreement, the User shall give his unconditional consent to the processing of his Personal Data in accordance with the Policy and consent to the processing of Personal Data expressed in the form of Appendix No. 1 to the Policy, which constitutes an integral part of it. If the User does not agree with the provisions of the Policy in whole or in part, he shall immediately cease using the Project on all his devices.
2.2. The collection of Personal Data is carried out, first of all, in order to provide the User with personalized access to the Website and (or) the Application, as well as the functioning of all services presented on the Project.
2.3. By transmitting his data to the Operator within the framework of the Project, the User gives the Operator his unconditional consent to process his personal information, both downloaded by the User himself and received by the Operator in an automated mode, as a result of the User’s actions.
2.4. For any addresses to the Operator, the User shall use the means of communication belonging to the User personally.
2.5. Any personal information of the User transmitted to the Operator within the framework of the Policy, including Personal Data, is perceived by the Operator “as is” and is not subject to preliminary review for reliability. The burden of responsibility for the authenticity of the information provided to the Operator is borne by the User personally.
2.6. When disclosing or providing information, the Operator shall comply with confidentiality requirements and measures to ensure the security of Personal Data during their processing, as well as national requirements for the localization of Personal Data in cases where this is provided by applicable law.
2.7. The Operator may also perform automated processing of the information presented by the User.
2.9. The Project is addressed to adults who are of legal age in accordance with the applicable law (21 years). If the Operator becomes aware that the minor User has provided him with personal information, the Operator will immediately remove such data from its servers. The parent or guardian of a child who has provided personal information to the Operator must contact the Operator to remove it.
3. PURPOSES OF PERSONAL DATA COLLECTION
3.1. The Policy discloses measures taken to ensure adequate protection of Personal Data from unauthorized access and disclosure, which is, in addition to ensuring protection of rights and freedoms of a person and a citizen in the processing of his Personal Data, including protection of the rights to privacy, personal and family secrets, the main purpose of the Operator during the processing of Personal Data.
3.2. The processing of Personal Data is limited to the achievement of specific, predetermined and lawful purposes listed in the Agreement and the Policy and Personal Data processing consent. Personal Data processing incompatible with the purposes of Personal Data collection is not allowed.
3.3. The purposes of Personal Data collection within the framework of the Policy are:
3.3.1. Provision of User’s personalized access to the Project;
3.3.2. Improvement of the Project activities;
3.3.3. Analysis of the Project activities;
3.3.4. Provision of services to Users;
3.3.5. Displaying targeted ads to Users.
3.4. The Operator may also use the Personal Data of Users for any marketing, information, organizational and other mailings related to the Project activity without obtaining additional consent.
3.5. The User may at any time withdraw consent to the processing of his Personal Data for marketing purposes, and consent to the processing of Personal Data for the purposes specified in Clause 3.3. remains valid and is considered not withdrawn.
4. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
4.1. The legal grounds for processing Personal Data is a set of regulatory legal acts, pursuant to which and in accordance with which the Operator processes Personal Data.
4.1.1. Consent of subjects to processing their Personal Data.
4.1.2. Normative legal acts and normative documents of authorized state authorities in accordance with applicable law;
4.1.3. Local normative acts of the Operator.
T4.2. he Operator undertakes to adhere to the specified legal grounds for processing Personal Data of Users, as well as to maintain a list of regulatory legal acts regulating data processing.
5. DATA BEING PROCESSED
5.1. The User shall give unconditional consent to the Operator to process the following data:
5.1.2. E-mail addresses (to confirm registration and identification of the User on the Website);
5.1.3. User’s nickname (for displaying in the profile on the Website and in the User’s comments to the news);
5.1.4. User’s avatar (for displaying in the profile on the Website and in the User’s comments to the news);
5.1.5. Cookies (for ease of use of the Website and presentation of targeted advertising);
5.1.6. User IDs in Stores (for personalized use of the Application);
5.1.7. Links of the User to his social networks profiles, added by him in the Project and information available in the specified profiles.
5.1.8. Other data necessary for the Operator to perform the obligations under the Agreement, communicated by the User in the process of interaction with the Operator, if the need arose in accordance with the obligations.
5.2. The above data list may be changed at the discretion of the Administrator, written notification of the User about such changes is not required. If the User who made the Acceptance of the Agreement enters other necessary data on the Website and (or) in the Application — this means that he agrees with the changes.
5.3. Whenever the User uses the Application, the Operator collects data and information (through third-party products) on the User’s device called Log Data. These log data may include information such as the address of the Internet protocol of the User device (IP), the device name, operating system version, mobile application configuration when using the Application, the time and date of use of the Website and (or) Application and other statistics.
6. PROCEDURE AND CONDITIONS FOR PROCESSING PERSONAL DATA
6.1. If the User adds information to the Project during its use, such information shall not be publicly available if the User has not wished to do so himself (for example, when commenting on the Project’s news).
6.2. Personal information of the User shall be provided at the request of state bodies (local self-government bodies) in accordance with the procedure stipulated by the applicable law.
6.3. Upon the request of the User sent to the Operator, the Personal Data of the User shall be deleted in accordance with the requirements specified in the request in whole or in part from the Operator’s database within 10 (Ten) working days provided that the Agreement is terminated and all settlements are made thereunder.
6.4. The Operator shall transmit the User’s data to its employees for the performance of their official duties, as well as to third parties with whom the Operator has entered into relevant agreements (service providers). The User agrees and accepts that these third parties have access to the Personal Data to perform the tasks assigned to them on behalf of the Administrator, but they are obliged not to disclose or use the information for any other purpose.
6.5. The Application uses third-party services that can collect information used to identify the User. The following links allow the User to read the privacy policies of third-party service providers used by the Application:
6.6. Mandatory verification of the User’s data for compliance with the provisions of the Policy is not provided. The Operator may, but is not obliged to, delete User data and information that violates the Policy, Agreement and (or) applicable law.
6.7. The condition for termination of Personal Data processing may be achievement of goals of Personal Data processing, expiration of consent period or withdrawal of consent of Personal Data subject to processing of Personal Data, as well as detection of unlawful processing of Personal Data.
6.8. Personal information of the User may be transmitted and stored on servers and facilities located in your region or other country. Some of these countries do not provide the same level of data protection as the country in which the User resides and are not recognized by the European Commission as providing an adequate level of protection.
6.9. When the Operator transmits the information of the User to other countries, it will use, transmit and protect this information as described in this Policy. In order to provide services or manage the User’s participation in promotions, donations and events, the Operator may transfer the personal information of the User that it collects to countries that do not provide the same level of data protection as the country in which the User resides and are not recognized by the European Commission as providing an adequate level of data protection. In any case, the Operator shall transmit the personal information of the User to these countries only with the consent of the User, when necessary for the services that are provided to the User, and subject to appropriate security measures that ensure the protection of the personal information of the User, such as standard contractual clauses.
7. DATA PROCESSING SECURITY
7.1. The Operator shall take technical and organizational legal measures to ensure protection of the User’s personal information against unlawful or accidental access to it, destruction, modification, blocking, copying, distribution, as well as against other illegal actions.
7.2. The Project software provides prevention of unauthorized access to information and (or) its transmission to persons who do not have the right to access information.
7.3. The Operator shall also take the following measures to ensure the security of personal information:
7.3.1. Threats to the personal information security during its processing are determined;
7.3.2. Organizational and technical measures are applied to ensure the personal information security during its processing;
7.3.3. Persons responsible for processing the User’s Personal Data shall be appointed from among the Operator’s employees;
7.3.4. Means of information protection are used, which have passed the conformity assessment procedure in the prescribed manner;
7.3.5. The effectiveness of the measures taken to ensure the security of personal information is evaluated;
7.3.6. Procedures are adopted to identify unauthorized access to personal information;
7.3.7. Personal information modified or destroyed due to unauthorized access to it is restored;
7.3.8. Rules for access to personal information are established, as well as registration and recording of all actions performed with personal information;
7.3.9. Only licensed software is used on the Operator’s workstations involved in processing the Users’ data;
7.3.10. Limited access at the technical and organizational level to the Operator’s workstations involved in processing Personal Data;
7.3.11. There is constant control over the measures taken to ensure the security of personal information.
7.4. The Operator shall not be liable for the actions of third parties who have gained access to the User’s personal information as a result of unauthorized access to the Website and (or) the Application, as well as due to other unlawful actions committed by third parties when the Operator could not foresee or prevent them.
8. COOKIE PROCESSING POLICY
8.1. Depending on the settings of the User’s web browser, the Operator collects information that is automatically transmitted by the browser when the User visits the Website. This transmission is made using cookies. This information typically includes the IP address currently assigned to the User device, the type of operating system, and the web browser used.
8.2. A cookie is a small text file that the web server places in the memory of the User device. There are “session” and “permanent” cookies.
8.3. Session cookies are used by the Operator to assign a unique identification number to the User device each time he visits the Website. Session cookies are deleted when the current browser window is closed. They are used to maintain the functionality of the Website and to analyze the User’s work on the Website, for example, which pages the User visits, which links he uses and how long he remains on each page.
8.4. When allowed, the Operator uses permanent cookies that are not deleted immediately after the web browser is closed, but are stored on the computer for a certain period of time or until the User deletes them on his own. Each time the User visits the Website, the web server recognizes permanent cookies stored in the memory of the User’s device. By assigning a unique identifier to the User’s device, a database of User actions and preferences is created. This unique identifier also allows to define:
how often the User visits the Website,
at what frequency the User returns to the Website,
how he uses the Website,
how effective are the Website promotion activities.
8.6. Cookies do not contain Personal Data, but only record actions on the User’s device. If the User goes to the Website using the link that was sent to his email, or if the User creates a “user ID” during one of the visits, the information provided by the Website cookies or cookies of third-party service providers may be related to the information in the records, which will make personal identification of the User possible.
8.7. Session cookies do not require the prior consent of the User to use them, since they are necessary for the operation of the Website and will be deleted after closing the web browser.
8.8. Permanent cookies that track past actions and preferences of the User, but are not necessary for the operation of the Website, require the prior consent of the User. When visiting the Website, the User agrees to use permanent cookies unless he changes his device settings so that these cookies are not saved. The same applies to third-party cookies.
Analytical cookies are cookies that are used to monitor the interaction of Users with the Website. They allow to identify the sections or functions of the Website to which Users devote the most time, and also help to track how users navigate the Website.
Marketing cookies are cookies that are placed to show the most current content for the User based on information about his use of the Website. These cookies may be placed by marketing partners or made available to the User for advertising when they use other websites or platforms. Disabling these cookies does not always reduce the amount of advertising or marketing content viewed — most likely, the User will receive content without taking into account his preferences.
Functional cookies are cookies that are placed to optimize interaction with the User, for example, to increase the level of functionality or preserve his preferences for subsequent visits. These cookies also make it possible to use features such as creating an account and subscribing to updates.
Strictly necessary cookies are types of cookies that are used by the Website to function properly, for example, to display individual elements on the Website or to ensure the security of the Website. The Administrator cannot disable them, but the User has the option to restrict or prohibit their use at the level of his browser settings. Any restrictions are likely to cause problems when downloading or using the Website.
8.10. Setting up a web browser is a free and efficient way to manage cookies. The User can make one of the following decisions:
enable all cookies integrated into pages. Note: on the one hand, only their publishers will have access to these cookies; on the other hand, this process is not irreversible, and subsequently the User can always delete these cookies (the procedure for managing cookies differs depending on the browser used);
enable the use of on-demand cookies on a case-by-case basis;
accept or reject cookies depending on their publisher.
8.11. The process for enabling or disabling cookies may vary, depending on the web browser you use. More detailed instructions are available from the links below:
9. DATA STORAGE POLICY
9.1. The Personal Data shall be stored in accordance with the User’s consent within the period specified in the Policy.
9.2. Storage of Personal Data is carried out no longer than the purpose of their processing requires. The Personal Data to be processed shall be destroyed or depersonalized upon achievement of the processing goals or in case of loss of the need to achieve these goals.
9.3. Storage of Personal Data, the purposes of processing of which are different, shall be carried out separately within the framework of the Operator’s information system or, subject to storage on material media, within the scope of the functions of the respective Operator’s subdivision.
9.4. Operator’s employee having access to Personal Data in connection with performance of work duties shall ensure storage of information containing Personal Data, excluding access to them by third parties. In the absence of an employee, documents containing Personal Data should not be at his workplace. In case of vacation, business trip and other cases of long-term absence of the employee at the workplace, he shall transfer documents and other media containing Personal Data to the person who will be entrusted with the performance of such work duties by a local act of the Operator. In case such person is not appointed, documents and other media containing Personal Data of Users shall be transferred to another employee who has access to Personal Data at the direction of the head of the corresponding structural subdivision of the Operator.
9.5. Upon dismissal of an employee who has access to Personal Data, documents and other media containing Personal Data shall be transferred to another employee who has access to Personal Data at the direction of the head of the structural subdivision and with the notification of the data protection supervisor.
10. BACKUP POLICY
10.1. The Operator shall provide backup of Personal Data in its architecture in order to prevent information loss in case of equipment failures; software; hardware failures; operating system and application software failures; malware infection; inadvertent deletion of information, user errors; intentional destruction of information, etc.
10.2. Backup makes it possible to move Personal Data from one Operator workstation to another, thus removing dependence of Personal Data integrity on a specific workstation and (or) a specific room.
10.3. The following main categories of information are to be backed up:
10.3.1. Personal data of Users;
10.3.2. Information required to restore the Project’s servers and database management systems;
10.3.3. Information of automated systems of the Operator’s architecture, including databases.
10.4. All media containing data backup shall be marked “Commercial Secret”, so that all backup information is confidential and protected by the Operator in accordance with the applicable legislation.
10.5. The Operator shall appoint a person responsible from among the employees for backing up Personal Data.
10.6. The main tasks of the person responsible for the backup are:
10.6.1. Backup and recovery planning;
10.6.2. Establishing the life cycle and calendar of activities;
10.6.3. Daily review of backup logs;
10.6.4. Protecting the backup database;
10.6.5. Daily definition of the backup pop-up window;
10.6.6. Creation and support of open reports, open problem reports;
10.6.7. Consulting with vendors and backup software vendors;
10.6.8. Development of the backup system;
10.6.9. Monitoring backup tasks;
10.6.10. Preparing fault reports and successful completion reports;
10.6.11. Analysis and resolution of problems;
10.6.12. Backup manipulation and library management;
10.6.13. Architecture performance analysis;
10.6.14. Review and analysis of the backup methodology;
10.6.15. Planning architecture development, defining daily, weekly and monthly tasks.
10.6.16. The person responsible for backup shall have the right to make proposals and demand termination of Personal Data processing in case of violation of the established information backup technology or functional failure of the backup system tools.
10.7. The Personal Data shall be backed up at a frequency of 1 (one) times a month.
10.8. The results of all backup procedures shall be monitored by the person responsible for processing Personal Data appointed from among the Operator’s employees (data protection supervisor) within 5 (Five) working days from the moment of performance of these procedures.
10.9. If a backup error is detected, the person responsible for the backup shall inform the Administrator as soon as possible.
10.10. Backups are checked selectively at least 1 (one) time per month.
11. INCIDENT RESPONSE POLICY
11.1. An incident of information security of Personal Data is any unforeseen or undesirable event that may disrupt the activity or data security of the Operator’s architecture and lead to a Personal Data breach and (or) violation of the Policy.
11.2. The source of information about an information security incident can be:
11.2.1. Messages of the employees, Users, counterparties of the Operator sent to him by e-mail, in the form of official notes, letters, statements, etc.
11.2.2. Notifications/communications of the supervisory authority in the field of Personal Data processing.
11.2.3. Data received by the Operator based on the analysis of logs of information systems and Personal Data protection systems.
11.3. The Operator’s employee, who has received information about the incident, informs the data protection supervisor, who records the incident in the electronic incident management system, assigning it a serial number, recording the date of the incident and its core subject. The information security incident base is updated as incidents occur.
11.4. The user whose rights are affected by the incident shall be informed of the incident by e-mail as soon as possible, but not later than 30 (Thirty) working days after the occurrence of the incident. Within the same period, all possible measures shall be taken to reduce or prevent further damage to the rights of the User.
11.5. The analysis of incidents shall be carried out by the person responsible for processing data from among the Operator’s employees, who for each incident:
11.5.1. Collects and analyzes all data on the circumstances of the incident (e-mails, log files of information systems, readings of Users and employees of the Operator, etc.);
11.5.2. Establishes the extent to which the Personal Data was breached, the circumstances accompanying the breach;
11.5.3. Identifies persons guilty of violating the prescribed measures to protect Personal Data;
11.5.4. Establishes the causes and conditions that contributed to the breach.
11.5.5. Upon completion of the analysis of the incident, issues a report to the Operator’s management.
11.6. Upon completion of the analysis of the incident and receipt of the report of the data protection supervisor, the Operator makes decision on the punishment of the perpetrators.
12. FINAL PROVISIONS
12.2. The Operator may change the text of the Policy unilaterally without giving prior notice to the User. In such case, the appropriate notification of the User will be the publication of the new version of the Policy on the Project pages. The responsibility for timely familiarization with the current version of the Policy lies entirely with the User.
12.3. All disputes and differences arising in connection with the use of the User’s personal data shall be resolved in the manner provided for by the current legislation of Dubai in the pre-trial dispute settlement procedure. The response period to the claim for processing Personal Data shall be 30 (thirty) working days. If the dispute has not been resolved in the pre-trial procedure, it shall be considered in court at the Operator’s location.
12.4. The consent to the processing of Personal Data is attached to the Policy (Appendix No. 1)