Personal Data Processing Policy

PERSONAL DATA PROCESSING POLICY

[Dubai][01.09.2024]

This Personal Data Processing Policy (hereinafter – the Policy) defines the personal data processing policy, and contains information on the requirements to the protection of the Users' personal data implemented by the Operator.

IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIV ACY POLICY , PLEASE DO NOT ACCESS THE APPLICATION.

This Policy is published on the Software page at Meera.me and in the mobile application interface.

1. TERMS AND DEFINITIONS

1.1 User An individual using the Software or interacting with the Operator through its contact details on the matters related to the use of the Software.

1.2 Operator Meera Group FZ-LLC., a company incorporated and existing under the laws of United Arab Emirates, having its registered office at Dubai, United Arab Emirates, Dubai Internet City, building 1.

1.3 Software A set of programs for electronic computers and other information in the information and telecommunication network "Internet", intended for display in a browser and accessed using the domain name Meera.me, as well as its subdomains. The term Software also includes mobile applications MEERA available to the User for downloading in AppStore and Google Play.

1.4 Cookies A piece of data as part of a HTTP request intended for storage on the User's device and used by the Operator for user authentication, storing personal preferences and user settings, tracking the status of the User's access session, and maintaining statistics on Users.

1.5 Depersonalization of personal data Any actions resulting in the impossibility to determine without additional information whether personal data belong to a particular subject of personal data.

1.6 Processing of personal data Any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

2. GENERAL PROVISIONS

2.1 The Policy regulates the processing of personal data when the User uses the Software and when the Operator interacts with the User in connection with the User's use of the Software.

2.2 The Policy is developed in accordance with the requirements of: 2.2.1 the applicable law relating to personal data protection; 2.2.2 agreements concluded between the Operator and the Users; 2.2.3 General Data Protection Regulation; 2.2.4 Other regulatory documents with due regard to the applicable requirements in the field of personal data protection;

2.3 We process the personal data in according to the following principles: 2.3.1 lawful purposes and methods of personal data processing; 2.3.2 good faith; 2.3.3 the purposes of personal data processing meet the purposes determined in advance and declared at the time of personal data collection as well as to the Operator’s powers; 2.3.4 the scope and nature of the personal data being processed and the methods of personal data processing meet the purposes of personal data processing; 2.3.5 it is unacceptable to unify personal data bases created for incompatible purposes;

Rights and obligations of the Operator

2.4 The Operator ensures the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of the User according to the applicable law.

2.5 The Operator transfers personal data only to those third parties specified in the consent.

2.6 The Operator has the right to transfer personal data to the bodies of inquiry and investigation, other authorized bodies on the grounds provided for by applicable law.

Rights and obligations of the User

2.7 The User has the right at any time to withdraw consent to the processing of personal data, to request changes and clarifications of personal data from the Operator.

2.8 The User has the right to access his personal data, as well as to receive information related to the processing of his personal data. Such information is provided at the request of the User in accordance with the procedure adopted by the Operator.

2.9 The User has the right to demand the destruction of incomplete, outdated, inaccurate, illegally obtained and excessively processed personal data.

2.10 The User has the right to request notification of all persons to whom incorrect or incomplete personal data were previously reported.

2.11 The User has the right to appeal against the actions and omissions of the Operator, if such considers that the Operator violates his rights or processes personal data in an illegal way.

2.12 The User has the right to get acquainted with information related to personal data processed by the Operator.

2.13 The User has the right to independently make changes and clarifications to their personal data, delete personal data provided by the User when using the Software.

3. PURPOSE AND GROUNDS FOR PROCESSING PERSONAL DATA

3.1 Personal data of Users shall be processed for the following purposes: 3.1.1 Provision, improvement and development of Software and the use of the Application by Users through personalization of content, ensuring conduct surveys and research; ensuring access to the Application and showing the appropriate experience by using Cookies and similar technologies to provide and support our Software to verify your account and determine when you're logged; 3.1.2 Interaction and communication with Users, provision of Users with information about Application; 3.1.3 Provision and improvement of relevant advertising and measurement systems in Software, provision of recommendations for User on conduct surveys basis; 3.1.4 Promotion of safety and security through User’s identification, verifying accounts and activity and/or investigating suspicious activity or violations of this Policy; 3.1.5 Provision of User support; 3.1.6 Research and analytics through analyzing user patterns, traffic, and demographic data to understand usage trends and improve the Application;

3.2 Personal data may be used for other purposes, if it is mandatory in accordance with the provisions of the applicable law.

3.3 Processing of personal data is limited by specific, predetermined, and legitimate purposes. Processing of personal data incompatible with the purposes of personal data collection shall not be permitted.

4. INFORMATION ABOUT USERS

4.1 The Operator processes the following personal data of Users: 4.1.1 For purposes, settled by p.3.1.1 and 3.1.4, 3.1.5, 3.1.6 of this Policy: email address, and telephone number, surname, first name, patronymic, gender, date of birth, profile photo, geolocation; 4.1.2 For purposes, settled by p. 3.1.1 of this Policy: payment data; 4.1.3 For purposes, settled by p.3.1.4 of this Policy: IP address, MAC address, device ID, IMEI, MEID, cookies data, browser information, operating system, access time, as well as other data as agreed with the User and required to address the User's questions, as applicable; 4.1.4 For purposes, settled by p. 3.1.3 and 3.1.6 of this Policy: User activities on Application, types of viewable content, information on how Application is used, frequency and duration of such activities, information from websites and apps that use Software; 4.1.5 For purposes, settled by p. 3.1.1 and 3.1.4 of this Policy: External account information.

4.2 Processing of personal data under this Policy does not entail purposeful collection of sensitive categories of personal data (data related to racial or ethnic origin, political opinions, religion or philosophical beliefs, genetic data, data concerning health or data concerning sex life etc.) but Operator is entitled to process such personal data provided that you made it available in the Application. In this case, Operator is not obliged to request the User’s consent to process sensitive categories of personal data as the we are not aware of the potentially sensitive nature of personal data in advance.

4.3 Operator processes data for as long as it is necessary to provide products and services to you and others, including those described above. Information on User will be kept until it is deleted, and/or the purposes of personal data processing are reached..

5. IMPLEMENTED REQUIREMENTS TO PERSONAL DATA PROTECTION

5.1 When processing personal data, the Operator takes the necessary legal, organizational and technical measures and ensures their adoption to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in relation to personal data, which include (but not limited to): 5.1.1 Appointment of a person responsible for personal data processing. 5.1.2 Limitation of employees having access to personal data. 5.1.3 Software identification of persons having access to personal data of Users, and recording of their actions. 5.1.4 Implementation of anti-virus control and other protection measures against malicious software. 5.1.5 Application of backup and data recovery tools. 5.1.6 Regular updates of software used in the personal data processing to ensure the security of processed data. 5.1.7 Encryption of personal data transmitted over the Internet. 5.1.8 Taking measures related to the admission of only appropriate persons into the places where technical equipment is installed. 5.1.9 Application of technical equipment for protecting the premises, where technical means of personal data information systems are located.

6. CONFIDENTIALITY

6.1 The Operator provides full, profonde and sufficient protection of personal data as confidential. The applicable measures are stipulated by Operator’s local acts.

6.2 The Operator and other persons who have access to personal data shall not disclose to third parties and shall not distribute personal data without the User's consent, except as provided for by applicable law.

6.3 Such disclosure may include responding to legal requests from jurisdictions outside of the country if the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. Operator may also access, preserve and share information when it is necessary to: detect, prevent and address fraud and other illegal activity; to protect Operator and Users, including as part of investigations; or to prevent death or imminent bodily harm.

7. DESTRUCTION (DEPERSONALIZATION) OF PERSONAL DATA

7.1 The User's personal data shall be destroyed (depersonalized) in the following cases: 7.1.1 Upon achieving the purposes of their processing or in case there is no further need to achieve them within a period not exceeding thirty days from achieving the purpose of personal data processing, unless otherwise provided for by the contract to which the User is a party, other agreement between the Operator and the User (their representative); 7.1.2 In case of unauthorized processing of personal data or lawful withdrawal of personal data within a period not exceeding ten business days from the date of detecting such a case; 7.1.3 In case of expiration of the personal data storage period determined in accordance with the applicable law and the Operator's organizational and administrative documents, including withdrawal of consent to the processing of the User's personal data; 7.1.4 In case of an order issued by the authorized body for the protection of the rights of personal data subjects or a court decision.

8. TRANSFER TO THIRD PARTIES

8.1 The Operator for the purposes listed under of this Policy may transfer certain personal data to the following third parties: 8.1.1 Hosting, web analytics and technical support providers, as well as marketing service providers, affiliates, contractors, business partners, service providers, third-party analytics providers and advertising partners for the purposes stipulated by art. 3.1.1, - 3.1.4, 3.1.6 of this Policy; 8.1.2. Employees of the Operator, as well as to the developers of the Software for the purposes under p. 3.1.1 of this Policy; 8.1.2 Employees of the Operator, as well as to the developers of the Software for the purposes under p. 3.1.1 of this Policy; 8.1.3 Partners, consultants, lawyers, auditors, courts and / or law enforcement agencies, as well as government agencies and organizations for legal and financial audits; persons, institutions, organizations that have grounds for obtaining access to Personal data by virtue of the provisions of the law for the purposes stipulated by p. 3.1.1, 3.1.4 of this Policy. 8.1.4 Other third parties, which are specified in the consent of the User to the processing of Personal data.

8.2 Operator may transfer personal data to any other country for the purposes set out in section 3 of this Policy only under the User’s consent if such transfer is permitted by applicable law.

8.3 Before transferring the personal data to another country, Operator ensures the compliance with the requirements stipulated under applicable law and that a country provides reliable protection of the rights of personal data subjects.

8.4 The transfer of personal data to a country that do not meet the aforementioned requirements may only be carried out under User’s consent in writing to transfer personal data and/or for the performance of the agreement to which User is a party.

9. FINAL PROVISIONS

9.1 User can send inquiries regarding the use of the personal data to Operator. Operator undertakes to consider and respond to your inquiry within 30 days after it is received.

9.2 All correspondence received from User (written or electronic inquiries) is classified as restricted-access information and may not be disclosed without User’s written consent.

9.3 To withdraw the consent, User (or representative) can send Operator a written demand in a free form, in a way that allows to reliably determine the person who signed and sent the correspondence as well as the grounds for the representative’s authority.

9.4 Operator contacts for all data privacy issues or any questions or concerns about this Privacy Policy – help@meera.me

9.5 The period for processing personal data processed by the Operator is equal to the period of processing purposes achieving or until withdrawal of consent by the User or termination of the Operator's activity.

9.6 This Policy may be amended, or supplemented in case of new legislative acts and special regulations on processing and protecting personal data, as well as by the Operator's decision.

9.7 All issues not settled by this Policy shall be governed by applicable law.

10. DETAILS OF THE OPERATOR

MEERA GROUP FZ-LLC.

Legal address Dubai, United Arab Emirates, Dubai Internet City, Building 1

Identification number 101897

Contact Information help@meera.me