Date of last revision:
July 28, 2023.

1. Introduction

This Privacy Policy (the “Policy”) informs You about the types, scope, and purposes of processing personal information (including personal data) that the Company and/or its affiliates may receive when You use MyOffice mobile applications (the “Mobile Applications” or “Applications”) and their components (including, but not limited to, MyOffice Documents, MyOffice Mail, MyOffice Focus).

This Policy uses the definitions that comply with Article 3 of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” (“152-FZ”).).

1.1. Authorized person

Name:

Limited Liability Company New Cloud Technologies (New Cloud Technologies Ltd., the “Company“).

Registered office address:

7 Universitetskaya Street, office 302, Verkhneuslonsky district, Innopolis, Republic of Tatarstan, 420500 Russian Federation.

Postal address:

1 Bolshoy Gnezdnikovsky Lane, building 2, Moscow, 125009 Russian Federation.

Contact information:

contact@myoffice.team

1.2. Types of Information Collected and Processed

• User credentials
• Information about the user's device
• Contact information
• Applications failure reports
• Applications usage reports
• Other information

1.3. Processing of Special Categories of Data

Special categories of data (in accordance with Article 10, Clause 1 of the Federal Law No. 152-FZ “On Personal Data” of July 27, 2006) are not processed.

1.4. Categories of Data Subjects

• Application Users

1.5. Processing Purposes

• Provision of stable operation of the Applications
• Support, improvement, detection, and correction of errors of the Applications
• Development of new functions of the Applications
• Provision and ensuring of security and reliability of the Applications

2. Applicable Legal Basis

Your consent shall be the legal basis for the processing of personal information (including personal data).

By using the Mobile Applications, You agree that the Company may collect, store, use and otherwise process Your personal information (including personal data).

3. Amendments and Additions to the Policy

Please read the contents of this Policy on a regular basis. The Policy will adapt to regulatory changes. The current version of the Policy is available at https://myoffice.ru/privacy_mobile_en//.

As soon as the changes require Your additional consent or mandatory familiarization, You will be promptly notified about this fact.

4. Ensuring Information Security

Security is ensured in data collection and processing operations at every stage of the data lifecycle.

The following factors are considered when ensuring information security:

• Current technological level
• Cost of implementing protection measures
• Types, categories, and purposes of processing, as well as the likelihood and degree of risk to the rights and freedoms of natural persons
• Compliance of technical and organizational protection measures with risks

Measures include, but are not limited to, ensuring the confidentiality, integrity, and availability of data by controlling physical access to data, and controlling data entry, modification, deletion, and transfer processes.

The Company has developed and implemented procedures to ensure compliance with the rights of data subjects and to respond to data disclosure.

In addition, we consider the protection of personal data already when developing or choosing hardware and software in accordance with the principles of “privacy by default” and “privacy by design”.

Security measures include data transmission over encrypted communication channels (TLS).

5. Data Processing

When You use the Company's Applications, location information, device information, usage data and Application failure reports (see Sections 6 and 7 of this Policy) are processed for the purposes of analyzing usage, optimizing, detecting, and correcting errors in the Applications, and sending notifications to Application Users.

6. Transfer of Data to Third Parties

For the purposes of usage analysis, optimization, detection, and correction of errors in the Applications, as well as for the purposes of sending notifications to Application Users, information is transferred to the following third-party services:

• Huawei Analytics Kit (only for MyOffice Documents Application running on the Android platform)
• Firebase Crashlytics
• Firebase Performance Monitoring
• Firebase Cloud Messaging
• Kaspersky Security Network
• Yandex Managed Service for Apache Kafka

6.1. Huawei Analytics Kit

We use the Huawei Analytics Kit service to collect and analyze technical data on the use of the MyOffice Documents Application running on the Android platform.

The following information is automatically transferred to Huawei Analytics Kit:

• Information about the location of the device, including country, region, and city obtained by converting an IP address.
• Device information such as: device ID, model and type, operating system version and name, device settings and language settings.
• IDs of operations being performed and the results of the completed operations.
• Information about the use of the Application.
• Application version.

Details of the processing of personal data are set out in the document at:

• https://developer.huawei.com/consumer/en/doc/development/HMSCore-Guides/android-personal-data-0000001050705120

Huawei Analytics Kit is used in MyOffice Documents Application running on the Android platform in accordance with the recommendations for integration:

• https://developer.huawei.com/consumer/en/doc/development/HMSCore-Guides/android-integrating-sdk-0000001050161876

The information transferred to Huawei Analytics Kit is not additionally stored or transferred to other services or resources.

Information about the Huawei company's policy regarding the data received and data protection measures can be found on the following resources:

• https://consumer.huawei.com/en/privacy/privacy-policy/

The transfer of analytical information to Huawei Analytics Kit can be disabled by the user in the settings of MyOffice Documents Application running on the Android platform.

6.2. Firebase Crashlytics

We use the Firebase Crashlytics service which provides information about failures and other malfunctions of Applications developed by the Company.

The following information is transferred to Firebase Crashlytics when failures or malfunctions occur:

• Information about the location of the device, including country, region, and city obtained by converting an IP address.
• Device information such as: device ID, model and type, operating system version and name, device settings and language settings.
• Failure time and technical information about the failure.
• Application version.

The information transferred to the Firebase Crashlytics is not additionally stored and not transferred to other services or resources.

Information about the Firebase Crashlytics service policy regarding the data received and data protection measures can be found on the following resources:

• https://firebase.google.com/terms/crashlytics/
• https://firebase.google.com/terms/crashlytics-app-distribution-data-processing-terms

Google's Privacy Policy is available at:

• https://policies.google.com/privacy?hl=en

The transfer of information about failures and malfunctions of Applications to the Firebase Crashlytics service can be disabled by the user in the Application settings.

6.3. Firebase Performance Monitoring

We use the Firebase Performance Monitoring service which provides performance information (launch time, screen rendering time, and activity) of the Applications developed by the Company.

The following information is transferred to Firebase Performance Monitoring:

• Information about the IP address of the device.
• IDs of operations being performed and the results of the completed operations.
• Information about the device ID.

The information transferred to the Firebase Performance Monitoring is not additionally stored and not transferred to other services or resources.

Information about the Firebase Performance Monitoring service policy regarding the data received and data protection measures can be found on the following resources:

• https://firebase.google.com/support/privacy?hl=en

Google's Privacy Policy is available at:

• https://policies.google.com/privacy?hl=en

The transfer of Application performance information to the Firebase Performance Monitoring service can be disabled by the user in the Application settings.

6.4. Firebase Cloud Messaging

We use the Firebase Cloud Messaging service which allows us to deliver notifications to You about changes in file access settings and other changes in their status when working with them, on them, about new emails and short messages addressed to You.

The following information is transmitted via Firebase Cloud Messaging servers:

In MyOffice Documents Application:

• Information about the owner of the modified document: the ID of his/her avatar in the system, first name, last name, postal address, and owner ID.
• Information about the modified file: unique ID, MIME type, file name.

In MyOffice Mail Application:

• Information about the author of the email: their avatar ID in the system, his/her first name, last name, and email.
• Information about the email You received: the subject of the email, the part of its body, the name of the folder in which it was received, the date of receipt.

In MyOffice Logos Application, this is:

• Information about the message You received: message ID, message text, information about the position of the message in the chat.
• Information about the new chat: chat ID, chat name, chat type information.
• Information about the author of the message You received or the user who added You to the chat: his/her first name, last name, and user ID.

In addition, Firebase Cloud Messaging service information, such as a unique application ID, is always transferred.

The information transferred via Firebase Cloud Messaging is not additionally stored and is not transferred to other services or resources.

Information about the Firebase Cloud Messaging service policy regarding the data received and data protection measures can be found on the following resources:

• https://firebase.google.com/terms
• https://firebase.google.com/terms/data-processing-terms

Google's Privacy Policy is available at

• https://policies.google.com/privacy?hl=en

The transfer of notifications via the Firebase Cloud Messaging service can be disabled by the user in the Application settings.

Kaspersky Security Network, Yandex Managed Service for Apache Kafka.

We use the Kaspersky Security Network (KSN) service which allows us to process analytical information about the use of Applications developed by the Company.

The following information is transferred to KSN:

• Device information such as: device ID, model and type, operating system version and name, device settings and language settings
• Anonymized analytical information about the use of Applications
• Application version

In order to obtain analytical information from KSN, the Apache Kafka® service in the Yandex Cloud infrastructure (Yandex Managed Service for Apache Kafka®) is used to create and manage clusters.

Information about the KSN service privacy policy regarding the data received and data protection measures can be found on the following resources:

• https://www.kaspersky.com/products-and-services-privacy-policy

YANDEX LLC Privacy Policy is available at:

• https://yandex.ru/legal/confidential/?lang=en

The transfer of analytical information about the use of Applications can be disabled by the user in the Application settings.

7. Internal Analytics

For the purposes of analysis of usage, optimization, detection, and correction of errors in the Applications, information is transferred and processed in the Company's internal analytical system.

7.1. Internal Analytics System

We use the internal analytics system to collect and analyze technical data on the use, failures and other malfunctions of Applications developed by the Company.

Internal analytics systems are hosted and operate on the Company's resources, the information received is not additionally transferred to other external services, products, or resources.

The following information is automatically transferred to internal analytics systems:

• Information about the location of the device, including country, region, and city obtained by converting an IP address.
• Device information such as: device ID, model and type, operating system version and name, device settings and language settings.
• IDs of operations being performed and the results of the completed operations.
• Information about the use of the Application.
• Failure time and technical information about the failure.
• Application version.

The transfer of analytical and failure information to internal systems can be disabled by the user in the Application settings.

8. Connection to Gmail Mailbox

If You use MyOffice Mail Application as a client to connect to a Google mailbox (https://mail.google.com) provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, California 94043, USA), then the processing of Your credentials is subject to the terms and conditions defined in the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy).

We use OAuth authentication to provide access to Google services. This is an open authorization protocol that provides us with limited access to secure resources for our services without disclosing Your account authorization data.

You can restrict MyOffice Mail Application from accessing Your data at any time in Your Google Account settings.

MyOffice Mail Application uses Gmail API calls (https://developers.google.com/gmail/api/guides?hl=en) allowing to solely read, create and modify messages (including attachments), metadata and message headers.

MyOffice Mail Application's use of information obtained from the Gmail API complies with Google's restricted use requirements.

To access emails when there is no Internet connection, emails are saved on the user's mobile device.

MyOffice Mail Application does not provide anyone with access to the received user data, including not allowing them to be read by people or processed by third parties, unless You have expressly authorized access to a particular message for the purposes defined in Clause 1.5. of this Policy.

9. Connection to Google Drive

If You use MyOffice Documents Application as a client to connect to Google Drive (https://drive.google.com) provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, California 94043, USA), then the processing of Your credentials is subject to the terms and conditions defined in the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy).

We use OAuth authentication to provide access to Google services. This is an open authorization protocol that provides us with limited access to secure resources for our services without disclosing Your account authorization data.

You can restrict MyOffice Documents Application from accessing Your data at any time in Your Google Account settings.

MyOffice Documents application uses Google Drive API calls (https://developers.google.com/drive/api/v3/about-sdk) allowing to perform the following actions:

• Reading a list of the Google account holder's files stored in Google Drive.
• Getting metadata of each file: name, type, size, creation date, modification date, owner.
• Getting the contents of files.
• Saving files to the device's local storage.
• Exporting files to other cloud resources.
• Modifying file contents.
• Saving files to Google Drive.

MyOffice Documents Application's use of information obtained from the Google Drive API complies with Google's restricted use requirements.

To access the list of files when there is no Internet connection, the names of files along with their paths are saved on the user's mobile device.

As a Google Drive identifier, MyOffice Documents Application saves only the email address of the Google account holder and does not save passwords and other confidential information.

MyOffice Documents Application does not provide anyone with access to the received user data, including not allowing them to be read by people or processed by third parties, unless You have expressly authorized access to a particular document.

10. Limitations

Our Applications are not suitable for use by children under the age of 16.

Thus, we do not collect, at least knowingly, information about persons under the age of 16, and do not transfer it to third parties.

11. Information Processing Timeframes

We process Your data solely for the period necessary to achieve the purposes specified herein. Once these purposes have been achieved, Your data will be immediately deleted.

12. Your Rights

You are not required to consent to the transfer of Your data to the Company and/or third parties.

If You refuse to provide us and/or third parties with Your data, You may not use the Applications that require You to provide certain data.

When Your data is processed in accordance with this Policy, You have the right to withdraw consent at any time without affecting the lawfulness of the processing carried out prior to such withdrawal of consent.

If You have any questions, requirements or requests related to the processing of Your data in accordance with this Policy, You may contact us using the contact information from Section 1.1. of the Policy.