MyOffice Mobile Privacy Policy

Date of last revision:
July 30, 2020

1. INTRODUCTION

This Privacy Policy (hereinafter referred to as the «Policy») informs you about the types, scope and purposes of processing of personal information (including personal data), which the Company and/or its affiliates may receive when you use mobile applications MyOffice (hereinafter referred to as «Mobile applications») and their components (including but not limited to MyOffice Documents, MyOffice Logos, MyOffice Mail).

Mobile Applications are also referred to as «Applications».

This Policy uses the definitions corresponding to Article 3 of Federal Law No. 152-FZ «On Personal Data» of July 27, 2006 (hereinafter referred to as «152-FZ»).

1.1. Authorized person

Name:

Limited liability company «NEW CLOUD TECHNOLOGIES» (NEW CLOUD TECHNOLOGIES LTD, hereinafter referred to as «Company»).

Legal address:

420500, Russian Federation, Republic of Tatarstan, Innopolis city, Universitetskaya str., 7, of. 302.

Post address:

125009, Russian Federation, Moscow, Bol. Gnezdnikovskiy per., 1, build. 2.

Contact information:

contact@ncloudtech.ru

1.2. Types of information collected and processed

• user credentials;
• information about the user’s device;
• contact information;
• Applications’ crash reports;
• Applications’ usage reports;
• other information.

1.3. Processing of special information categories

Special information categories (in accordance with Article 10, paragraph 1 of 152-FZ) shall not be processed.

1.4. Categories of data subjects

• Users of the Applications.

1.5. Processing purposes

• to provide stable operation of Applications;
• to maintain and improve Applications;
• to develop new functions of Applications;
• to provide security and reliability of Applications.

2. APPLICABLE LEGAL BASIS

The legal basis for processing personal information (including personal data) is your consent. By using Mobile Applications, you agree that the Company may collect, store, use and otherwise process your personal information (including personal data).

3. CHANGES AND AMENDMENTS TO THIS POLICY

Please read this Policy regularly. The policy will adapt to regulatory changes. The current version of the Policy is available at https://myoffice.ru/privacy_mobile_en.

As soon as the changes require your additional consent or obligatory familiarization, you will be informed about this fact.

4. INFORMATION SECURITY

Data collection and processing processes ensure security at every stage of the data lifecycle.

The following factors are taken into account in the information security:

• current technological horizon;
• the cost of implementing protection measures;
• types, categories and purposes of processing, as well as the probability and degree of risk to the rights and freedoms of individuals;
• compliance of technical and organizational protection measures with the risks.

Measures include, but are not limited to, providing for the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the processes of data entry, modification, deletion and transfer.

The Company has developed and implemented procedures to ensure that the rights of data subjects are observed, and to respond to data disclosure.

In addition, we consider the protection of personal data when developing or selecting hardware and software according to the principles of «privacy by default» and «privacy by design».

Security measures include, in particular, data transmission over encrypted communication channels (TLS).

5. DATA PROCESSING

5.1. Mobile applications

When you use the Company’s Mobile Applications, information about the user’s location, the user’s device, data about how You use the Mobile Applications and Mobile Applications crash reports (see the section 6 of this Policy) is transferred to third parties, for the purpose of analysis, optimization, sending notifications to You and troubleshooting.

6. TRANSFER OF DATA TO THIRD PARTIES

For the purposes of analysis, optimization, and troubleshooting in the Applications, information is transferred to the following analytical systems:

• Facebook Analytics;
• Mixpanel;
• Amplitude;
• Firebase Crashlytics;
• Firebase Cloud Messaging.

6.1. Facebook Analytics

We use the Facebook Analytics service to collect and analyze technical data about the use of Applications developed by the Company.

The following information is transferred to Facebook Analytics:

• location data such as: country, region, city obtained by IP address conversion;
• information about the device, such as: device ID, model and type, operating system version and name, device and language settings;
• identifiers of the operations to be performed and the results of the performed operations;
• application version.

Facebook Analytics is used in Applications developed by the Company in accordance with Facebook recommendations:

• https://developers.facebook.com/docs/analytics/getting-started;
• https://developers.facebook.com/docs/app-events.

The information transferred to Facebook Analytics is not additionally stored or transferred to other services or resources, nor is it linked to other data held by Facebook.

Information about Facebook’s data privacy policy and data protection measures can be found on the following resources:

• https://www.facebook.com/privacy/explanation.

The transfer of analytical information to Facebook Analytics can be disabled by the user in the Application settings.

6.2. Mixpanel

We use the Mixpanel service to collect and analyze technical data about the use of Applications developed by the Company.

The following information is transferred to Mixpanel:

• location data such as: country, region, city obtained by IP address conversion;
• information about the device, such as: device ID, model and type, operating system version and name, device and language settings;
• identifiers of the operations to be performed and the results of the performed operations;
• application version.

Mixpanel is used in Applications developed by the Company in accordance with the installation recommendations:

• https://mixpanel.com/help/reference/ios;
• https://mixpanel.com/help/reference/android.

Information transferred to Mixpanel is not additionally stored or transferred to other services or resources.

Information about Mixpanel’s data privacy policy and data protection measures can be found on the following resources:

• https://mixpanel.com/legal/privacy-policy.

The transfer of analytical information to Mixpanel can be disabled by the user in the Application settings.

6.3. Amplitude

We use the Amplitude service to collect and analyze technical data about the use of Applications developed by the Company.

The following information is automatically transmitted to Amplitude:

• location information, such as: country, region, city, obtained by converting an IP address;
• device information such as: device ID, model and type, operating system version and
  name, device settings and language settings;
• IDs of operations performed and results of operations performed;
• information about using the app;
• application version.

Amplitude is used in applications developed by the Company in accordance with the embedding
recommendations:

• https://developers.amplitude.com/docs/ios;
• https://developers.amplitude.com/docs/android.

The information transmitted in Amplitude is not additionally stored or transmitted to other
services or resources.

You can find information about the Amplitude company’s policy regarding received data and
data protection measures on the resource:

• https://amplitude.com/privacy.

The transfer of analytical information to Amplitude can be disabled by the user in the
Application settings.

6.4. Firebase Crashlytics

We use the Firebase Crashlytics service, which provides information about unforeseen failures and other malfunctions of the Applications developed by the Company.

The following information is transferred to Firebase Crashlytics in case of failures or malfunctions:

• information about the IP address of the device;
• information about the device, such as: device ID, model and type, operating system version and name, device and language settings;
• the application version and functionality;
• the time of failure.

Information transferred to Firebase Crashlytics is not additionally stored or transferred to other services or resources.

Information about Firebase Crashlytics’s data privacy policy and data protection measures can be found on the following resources:

• https://firebase.google.com/terms/crashlytics/;
• https://firebase.google.com/terms/crashlytics-app-distribution-data-processing-terms.

Google’s Privacy Policy is available at:

• https://policies.google.com/privacy.

The transfer of information about failures and malfunctions to the Firebase Crashlytics service can be disabled by the user in the Application settings.

6.5. Firebase Cloud Messaging

We use the Firebase Cloud Messaging (FCM) service, which allows us to deliver notifications about changes in a file access settings or other file status changes which occur while working with it, and also to deliver notifications about received emails and short messages addressed to You.

The following information is transferred via Firebase Cloud Messaging server:

In applications «MyOffice Documents»:

• owner of the modified document data: avatars ID, e-mail, Name and system ID;
• changed file data: unique ID, MIME type, file name.

In applications «MyOffice Mail»:

• data about the author of the received letter: his avatars ID, e-mail, his Name;
• received email data: its subject, part of its body, the name of the folder it was put in and the date it was received.

In applications «MyOffice Logos»:

• received message data: a unique identifier for this Message, its text and position;
• new Chat data: a unique Chat identifier, Chat name and type;
• information about the author of that message recieved: his Name and ID.

In addition, FCM internal service information, such as the unique application ID, is always transfered.

Any data, transmitted via Firebase Cloud Messaging are not additionally saved or transmitted to other services or resources.

Information about the policy of the Firebase Cloud Messaging service in relation to received data and data protection measures can be found on the following resources:

• https://firebase.google.com/terms;
• https://firebase.google.com/terms/data-processing-terms.

Google’s privacy policy is available at

• https://policies.google.com/privacy.

The transfer of notifications through the Firebase Cloud Messaging service can be disabled by the user in the Application settings.

7. Connecting to Your Gmail mailbox

If You use the «MyOffice Mail» app as a client to connect to your Google mailbox (https://mail.google.com) provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, California 94043, USA), your account data is processed in full compliance with the terms set out in the Google API user data Policy (https://developers.google.com/terms/api-services-user-data-policy)

To provide access to Google services, we use OAuth authentication. This is an open authorization Protocol that provides us with limited access to secure resources for our services without disclosing your account authorization details.

You can block access to your data for the «MyOffice Mail» app at any time in your Google account settings.

The «MyOffice Mail» app uses Gmail API calls that allow you to exclusively read, create, and modify messages (including attachments), metadata, and message headers.

«MyOffice Mail» app use of information received from Gmail APIs will adhere to Google’s Limited Use Requirements.

To access email messages when you are not connected to the Internet, email messages are saved on the user’s mobile device.

The «MyOffice Mail» application does not grant anyone access to the received user data, including not allowing it to be read by people or processed by third parties, unless You gave direct permission to access a specific message for the purposes specified in paragraph 1.5. of this Policy.

8. LIMITATIONS

Our Applications are not intended for children under 16 years.

Thus, we do not collect, at least knowingly, information about persons under 16 years, and do not transfer it to third parties.

9. TERMS OF INFORMATION PROCESSING

We process your data only for the period of time necessary to achieve the goals set out in this Policy. Your data will be deleted immediately when the specified objectives are achieved.

10. YOUR RIGHTS

You are not obliged to consent to the transfer of your data to us and/or third parties.

If you refuse to provide us and/or third parties with your data, you cannot use the Applications that require you to provide certain data.

When processing your data in accordance with this Policy, you have the right to withdraw your consent at any time without affecting the legality of the processing performed prior to such withdrawal of consent.

If you have any questions, requirements or requests related to the processing of your data under this Policy, you may contact us using the contact information provided in section 1.1. of this Policy.