1 . GENERAL PROVISIONS
1.1 This Personal Data Processing Privacy Policy (hereinafter referred to as the Policy) is developed in accordance with the General Regulation of the Protection of Personal Data of the European Union (Regulation EU 2016/679) as amended from time to time (the Regulation) and the respective national Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018) (the Law) and establishes the purposes, legal grounds, procedure and scope for processing personal data.
1.2 We are committed to providing children with a safe environment where parents and guardians of the same can feel confident that their children’s privacy is protected.
1.3 If a User is under 13 years old when he / she registers an account with the Application, We will require verifiable parental consent for the User to use Our services. These additional measures are in place to keep minor Users as safe as possible online.
1.4 The concepts specified in this Policy are used in the sense in which they are given in the Regulation as well as the Law unless otherwise directly specified within this Policy.
1.5 The current version is permanently located on the Site at: https://www.dreamo.ai/privacy-policy/.
1.6 The Application is intended for use on worldwide territory. Personal Data of Users (as defined below) is stored on servers located on the territory of the Republic of Armenia.
1.7 By joining the use of the Application, as well as when creating a Profile in the Dreamo Application, the User:
● confirms that the data submitted by him belongs to him personally;
● confirms that before using the Application, he carefully read the conditions for the use of Personal Data set out below;
● expresses full and unconditional consent with this Policy and the conditions for collecting and processing personal information specified therein, and provides the Application with voluntary consent to the processing of their Personal Data on the terms provided for by the Policy.
1.8 In case of disagreement with the terms of this Policy, the User is obliged to refuse to use the Application.
1.9 The User, performing any (all) actions, including, but not limited to, the use of the functionality of the Application and filling out the forms (feedback, registration or otherwise provided by the functionality of the Application) accepts this Policy and unconditionally agrees to all the terms and conditions of the same.
1.10 Interpretation:
Application – means the Dreamo application, a computer program available for download and installation on mobile devices using the mobile interface.
Automated processing of Personal Data – processing of Personal Data using computer technology;
Blocking of Personal Data – temporary suspension of the processing of Personal Data (unless the processing is necessary to clarify Personal Data);
Child or Children – means any User under the age of 13;
Counterparty of the Operator – an individual/legal entity with whom the Operator has a contractual relationship or communicates (negotiates) to conclude an agreement;
Depersonalization of Personal Data – actions as a result of which it is impossible to determine, without the use of additional information, the ownership of Personal Data by a specific subject of Personal Data;
Data controller – means the Operator entity.
Information system of Personal Data – a set of Personal Data contained in databases, and information technologies and technical means that ensure their processing;
Personal Information – means all data that relates to an identifiable human being whose identity is apparent, or can reasonably be inferred, from the data (i.e. the User).
Processing of Personal Data – any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with Personal Data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal Data;
About the Operator – The operator independently organizes and carries out the processing of Personal Data, and also determines the purposes of processing Personal Data, the composition of Personal Data to be processed, actions performed with Personal Data.
Personal Data – The term Personal Data is defined in the Regulation and the Law as “any information relating to an identified or identifiable natural person (Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.”
Application User – an individual who has reached the age stipulated by the legislation of the Republic of Armenia and / or has the necessary legal capacity to accept (conclude) the User Agreement, as well as this Policy;
Provision of Personal Data – actions aimed at disclosing Personal Data to a certain person or a certain circle of persons;
Destruction Personal Data – actions as a result of which it is impossible to restore the content of Personal Data in the information system of Personal Data and / or as a result of which material carriers of Personal Data are destroyed.
Terms not defined in this section shall be interpreted in accordance with the Regulation and the Law.
2 COMPOSITION OF PROCESSED PERSONAL DATA AND PURPOSE OF THEIR PROCESSING
2.1 Personal Data that the Users provide when using the Application:
Every User who decides to use the Application has to create an account in order to participate in the experience of the Application. When a User creates an account, We will ask the User to provide an email address and password. We require this information so that the User can log into the account and participate in the features of the Application. We do not use email addresses to identify individual users outside of their activities on the Application and services related to it. User may reset his password using the email address provided. The primary purpose for this email address is to provide account security, since this is the only way for the Operator to check the authenticity of an account owner. In this circumstance, children are asked to provide a parent email address. Users may change the email address associated with their account at any time; however, a notification will be sent to the previously provided email address upon making that change.
We will also ask for the User’s age, sex, eye color, hair color and which language he / she speaks. The User may share his / her password with his / her parent(s) or legal guardian, but never share it with anyone else, not even his / her friends.
When an adult User submits any Personal Data relating to a child User in connection with the Application, the adult User represents that they have the authority to do so and agree to Us using the Personal Data in accordance with this Policy.
2.2 Why does the Operator (Data Controller) process Users’ data and on what basis?
When a User uses the Application, we process his / her data in ways that enable us to provide the services related to the Application to the User (for example, saving the Users’ stories).
The data of the Users also enables us to provide related services (for example, account services and support), to maintain our services related to the Application (for example, by troubleshooting issues Users encounter or moderating our apps), and to improve the services we provide (for example, by running surveys to get Users’ feedback).
2.3 What data does the Operator process?
When Users access and use the Application, we may collect information Users submit to us or through the Application, for example when creating an account or contacting us for support. We may also automatically collect information about your use of the Application and the device you use to access the Application. When Users see our ads outside of the Application, we may collect information about Users’ interactions with those ads. We may use the data we collect to infer other data, for example about Users’ content preferences.
2.4 Where does the Operator collect Users’ data from?
Primarily, we collect data directly from the Users or the Users’ device when a User uses the Application. However, we may also receive data about a User from other companies, for example third-party login providers if a User chooses to use them or advertising partners involved in delivering our ads to Users outside of the Application.
2.5 Actions Performed By The Operator With Users’ Personal Data
A User grants the Operator the right to perform the following actions (operations) with Personal Data:
● collection, recording, systematization, accumulation;
● to manage the User’s account, support and provide information;
● to monitor the effectiveness of visiting the Application;
● storage on the territory of the Republic of Armenia until the loss of legal grounds for processing and during the storage periods established by regulatory documents;
● clarification (update, change);
● depersonalization, destruction, removal;
● fraud detection;
● transfer (provision, access) to third parties in accordance with the conditions and purposes specified in this Policy and the current legislation of the Republic of Armania;
● other actions solely for the purpose of fulfilling the User Agreement and providing access to the Application.
The transfer of data to third parties is carried out only for the purposes of using the functionality of the Application by the User. Users hereby give their full consent to the transfer of their Personal Data to third parties for the purposes of the functioning of the Application.
The Operator processes Personal Data for the period necessary to achieve the goals defined by the Operator in this Policy.
We guarantee to our Users child safety while using the Application. This means that accounts of Users will never include any pop-up ads or other advertisements directed to children. In addition, Child Users are blocked from accessing external links. External links will only be available if an Adult User enters his or her password.
We will never sell or rent the Personal Data of any User to a third party, except as described in this Policy in the context of a sale of the Operator (the company).
Where we intend to process Users’ Personal Data for a purpose other than that for which it was originally collected, We will provide Users with information on that other purpose and any relevant further information prior to such processing.
2.6 Who does the Operator share Users’ data with?
Users’ data is likely to be transferred to and/or processed in countries other than their home country when they access or use the Application. Where allowed by applicable laws and regulations, a User consents to the transfer of his / her data outside of his / her home country by using the Application. The Operator routinely shares data within its internal group and to our service providers and partners who we work with to provide the services related to the Application. By design, some information (such as a Users’ story created) may also be visible to other users of the Application. More rarely, the Operator may need to share data when making changes to its corporate structure, when required by applicable law or regulation, or when necessary for the Operator’s legal rights or someone’s vital interests.
The Operator may share Users’ data with third parties to achieve the purposes described in this Privacy Policy. This may include sharing data with the following types of recipients:
● other companies in the internal group of the Operator, for example where they help the Operator develop or operate the Application or other games;
● persons or companies outside of the Operator’s group that provide services to the Operator and process data on the Operator’s behalf when providing those services (for example, providers of hosting services, analytics services, services that add functionality to the Application, or other services that help the Operator develop and operate the Application;
● other partners the Operator works with while providing the services related to the Application (who may process Users’ data independently of the Operator), including advertising partners;
● prospective or actual buyers (including their agents or advisors) in the context of a planned or actual acquisition, merger, or other business restructuring;
● competent courts of law or other government authorities where the Operator believes disclosure is necessary as a matter of applicable law or regulation;
● any person or entity where We believe disclosure is necessary to exercise, establish or defend our legal rights or to protect Users’ or another person’s vital interests; or
● with any other person or entity with the Users’ consent.
The Operator may transfer Users’ data outside of the European Union (EU) and the European Economic Area (EEA). For example, a number of servers We may use for hosting data may not be located in the EU or the EEA, and some of our group companies or the service providers we use to provide the services related to the Application may be located outside of the EU and the EEA. These countries may have data protection laws that differ from the laws of a User’s home country. In these cases, the Operator will provide appropriate safeguards to protect a User’s Personal Data. This may include applying the standard contractual clauses approved by the European Commission for transfers of Personal Data or other safeguards recognized by applicable laws and regulations. Upon request, the Operator can provide Users with a copy of the European Commission’s standard contractual clauses and further details on the applicable safeguards.
2.7 How does the Operator keep Users’ data secure?
The Operator has adopted measures to provide Users’ data a level of security appropriate for the degree of risk involved with the processing activities described in this Policy. These measures are designed to protect Users’ data against accidental or unlawful destruction, loss, or alteration as well as unauthorized disclosure or access. The specific measures we employ vary, but typically include, for example, encryption in transit, pseudonymization of identifying data where feasible, controls to limit access to services or systems that contain Personal Data, and maintaining procedures to handle any suspected security incidents. Please consider that, despite our efforts to secure your data, the internet is an inherently insecure environment and we cannot guarantee absolute security for your data.
2.8 Retention Time
Information belonging to Users is kept for as long as necessary to provide our services through the Application, or as needed to fulfill the purposes outlined in this Policy. Prior to destruction the Operator is required by Law to extend the retention period. In some cases records may be reviewed when child protection / safeguarding interventions have occurred or where the Operator has been involved in multi-agency investigations.
Upon Account cancellation, User anonymised data may nonetheless persist internally in Our archive files or similar databases and may still be used, on an anonymous basis, for our internal support, administrative, and record-keeping purposes including, but not limited to, allowing us to improve the services We provide through research, evaluation, and analytics as permissible by applicable data protection and privacy laws.
Following a request to delete information or a User’s account as provided under section 7 of this Policy, information including Personal Data may remain in backup or archive records, and We may retain certain data if required by applicable laws, relevant to preventing fraud or future abuse, or for legitimate business purposes, such as account recovery and customer support, and all subject to Our internal records retention periods. All retained data will continue to be subject to the privacy policy in effect at that time and applicable law.
3 PRINCIPLES AND CONDITIONS FOR PROCESSING PERSONAL DATA
3.1 Principles of Personal Data processing
The processing of Personal Data by the Operator is carried out on the basis of the following principles:
● legitimacy and fairness;
● limiting the processing of Personal Data to the achievement of specific, predetermined and legitimate purposes;
● preventing the processing of Personal Data that is incompatible with the purposes of collecting Personal Data;
● preventing the merger of databases containing Personal Data, the processing of which is carried out for purposes incompatible with each other;
● processing only those Personal Data that meet the purposes of their processing;
● compliance of the content and scope of the processed Personal Data with the stated purposes of processing;
● preventing the processing of Personal Data that is excessive in relation to the stated purposes of their processing;
● ensuring the accuracy, sufficiency and relevance of Personal Data in relation to the purposes of processing Personal Data;
● destruction or depersonalization of Personal Data upon reaching the goals of their processing or in case of loss of the need to achieve these goals, if it is impossible for the Operator to eliminate the committed violations of Personal Data, unless otherwise provided by the applicable Law.
● optimization by the Operator of distribution of advertising messages – advertising messages can be sent both by the Operator and by third parties who are involved in the technical support for the delivery of messages. Advertising messages may be sent to an email address and mobile phone number of a User. At the same time, the User has the right to refuse to use the email address and / or mobile phone number for sending promotional materials.
3.2 Conditions for the processing of Personal Data
The Operator processes Personal Data in the presence of at least one of the following conditions:
● the processing of Personal Data is carried out with the consent of the subject of Personal Data to the processing of a User’s Personal Data;
● the processing of Personal Data is necessary for the execution of the Agreement, to which the subject of Personal Data is a party or beneficiary or guarantor, as well as to conclude an agreement on the initiative of the subject of Personal Data or an agreement under which the subject of Personal Data will be the beneficiary or guarantor;
● The processing of Personal Data is necessary for the exercise of the rights and legitimate interests of the operator or third parties, or for the achievement of socially significant goals, provided that the rights and freedoms of the subject of Personal Data are not violated .
3.3 When collecting and processing Personal Information about children, the Operator proceeds from the fact that:
● By registering in the Application and providing Personal Information about the child, the Parent gives the Operator full and unconditional consent to the processing of the child’s Personal Data, acting as the legal representative of the Child for the purposes and under the conditions specified in this Policy and the User Agreement;
● Parents regularly check the content of the information about children posted in the Application and can contact the Operator at any time if they wish to delete it and (or) request that no further information about their child be collected or processed by the Operator;
● The Operator is aware of the importance and necessity of protecting children from information that could harm their health and (or) development. All information posted in the Application is safe for children and has no age restrictions. The Operator makes every possible effort to prevent the placement of information in the Application, including advertising materials, which, in accordance with the Law and the Regulation is prohibited for distribution among children and (or) the distribution of which among children of certain age categories is limited.
3.4 If a parents or guardian’s email address is provided to the Operator when an account is created through the Application, the Operator will share information about that account with the parents / guardians by email. The Operator may also invite the parent or guardian to review or update settings and approve the account.
4 MODIFICATION AND DESTRUCTION OF PERSONAL DATA
4.1 The processing of the Users’ Personal Data is carried out by the Operator from the moment of registration of a User’s Profile until the loss of the legal grounds for processing.
4.2 The User may at any time change the Personal Data provided by him / her or part of it in the “Profile” section of the Application. The changes must be up-to-date and reliable.
4.3 Destruction of Personal Data is carried out in the following cases:
● deletion of the User Profile in the Application at the request of the User;
● receipt from the User of withdrawal of consent to the processing of Personal Data;
● receipt from the User of a requirement (request) for the destruction of Personal Data;
● expiration of the consent in accordance with the provisions Policy.
4.4 If a User of the Application provides the e-mail of a third party, the User guarantees that he / she has previously taken consent to the processing of Personal Data from the person whose e-mail is transmitted to the Application.
5 KEEPING THE SECURITY OF PERSONAL DATA
5.1 The security of Personal Data processed by the Operator is ensured by the implementation of legal, organizational and technical measures necessary to ensure the requirements of national legislation in the field of Personal Data protection.
5.2 To prevent unauthorized access to Personal Data, the Operator applies the following organizational and technical measures:
● appointment of officials responsible for organizing the processing and protection of Personal Data;
● restriction of the composition of persons admitted to the processing of Personal Data;
● familiarization of subjects with the requirements of national legislation and regulatory documents of the Operator for the processing and protection of Personal Data;
● organization of accounting, storage and circulation of media containing information with Personal Data;
● determination of threats to the security of Personal Data during their processing, the formation of threat models on their basis;
● development of a Personal Data protection system based on the threat model;
● checking the readiness and effectiveness of the use of information security tools;
● delimitation of user access to information resources and software and hardware for information processing;
● registration and accounting of actions of users of information systems of Personal Data;
● use of anti-virus tools and means of restoring the Personal Data protection system;
● application, if necessary, of firewalls, intrusion detection, security analysis and cryptographic information protection;
5.3 The Users’ data is transmitted over the network using the cryptographic TLS protocol. Only the responsible engineers of the Operator have access to servers with Personal Data through two-factor authentication (or through ssh keys). Platform user passwords are not stored in the system, user authentication is carried out through reliable external providers (Apple, Google, Facebook, Yandex).
6 COOKIES AND SIMILAR TECHNOLOGIES
6.1 The Operator uses tracking technology (such as “Cookies”) on our website and Application to help us understand and improve our service, as well as to understand Users’ preferences. A Cookie is a small text file that allows Us to remember Users’ actions and preferences on the website and on the Application (such as your login details, language settings and font size preference) over a period of time so Users don’t have to re-enter them whenever they come back to the website and the Application or browse from one page to another.
7 ACCESS, CHANGE, OR DELETE OF ACCOUNT INFORMATION
7.1 Users can review or change the information they provided when they registered for the services by requesting the changes they wish to effect via email on pb@dreamo.ai. In addition Users may contact Us at any time to request that We provide for their review, or delete from Our records, any Personal Data they have provided about child Users associated with their Accounts, or to cease collecting Personal Data from those child Users, as applicable. Please keep in mind that a request to delete Personal Data may lead to cancellation of a User’s Account or the inability to use certain services in the Application.
7.2 When we change or delete any Personal Data at a User’s request, We will make good faith efforts to make the changes in our then-active databases as soon as reasonably practicable, generally within 24- 48 hours. Changing setting options may not result in immediate changes to the settings, which are subject to Our operations and maintenance schedules. Please note that information, including Personal Data, may remain in backup or archive records, and We may retain certain data relevant to preventing fraud or future abuse or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable or Anonymous Data, account recovery, or if required by the applicable laws and regulations of the Republic of Armenia. All retained data will continue to be subject to the Privacy Policy in effect at that time.
7.3 Users’ have the following rights:
● the right to access the Personal Data We hold about them: Users may access the Personal Data we hold about them at any time by contacting Us at pb@dreamo.ai;
● where Our processing of a User’s Personal Data is based on the User’s consent, the right to withdraw such consent to such processing at any time;
● the right to rectification of a User’s Personal Data: Users can also contact Us to update or correct any inaccuracies in their Personal Data;
● the right to restriction of processing or to object to processing of their Personal Data;
● the right to request Us to transfer their Personal Data to a third party in a standardised machine-readable format;
● the right to object to direct marketing. Users may contact Us at any time to opt out of direct marketing communications from our side;
● the right to request We erase and forget their Personal Data. Users can request that we erase their Personal Data; and
● the right to lodge a complaint with a supervisory authority. In the Republic of Armenia this is the Office of the Commissioner for Personal Data Protection.
If a User wishes to exercise any of these rights, please contact Us using the details in section 9 below, (Complaints, Reporting and Contacting Us). In such a request Users must make clear: (i) what Personal Data is concerned; and (ii) which of the above rights a User would like to enforce.
For the Users protection, We may only implement requests with respect to the Personal Data associated with the particular email address that a User used to send Us such request, and We may need to verify the User’s identity before implementing such request. We will try to comply with the User’s request as soon as reasonably practicable and, in any event, within one month of such request. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that a User began prior to requesting such change or deletion.
8 FINAL PROVISIONS
8.1 Users independently monitor changes to this Policy and familiarize themselves with the current version of the Policy before each use of the Application. Continued use of the Application by the Users after making changes and/or additions to this Policy means acceptance and consent of the User with such changes and/or additions. If a User disagrees with the terms of this Policy, the use of the Application must be immediately terminated.
8.2 This Policy and relations between Users and the Operator arising in connection with the application of the Policy shall be subject to the laws of the Republic of Armenia. All Users have access to this Policy. All questions, suggestions and comments regarding this Policy should be sent to the following email address: pb@dreamo.ai.
8.3 Other rights and obligations of the Operator in connection with the processing of Personal Data are determined by the legislation of the Republic of Armenia in relation to the use, control protection and processing of Personal Data.
9 COMPLAINTS, REPORTING AND CONTACTING INFORMATION
Address: 175, 7/6 Argishti str., Yerevan, Armenia
Telephone: +37595110386
E-mail address: pb@dreamo.ai