VTG SOFT DMCC

(the “Company”)

PRIVACY AND PERSONAL DATA PROCESSING POLICY

(the “Policy”)

  1. General

  1. The present Policy has been elaborated in accordance with the applicable law and shall set the way of collection, protection, storage, processing and transfer of the Personal Data of the Users of Company’s products (software) and other natural persons if necessary (hereinafter – the “Person”, the “Persons”, the “Personal Data”) and shall be valid for all the information the Company can get about the Persons (if any) when they are using the Company’s software and services.

  1. This Policy shall be mandatory for all Company employees (including payroll employees and associates working under other types of contracts) as well as other persons when it is necessary for them to participate in the Personal Data Company processing procedures should Personal Data be transferred by the Company to Third Parties in the established order on the basis of Personal Data processing orders and other agreements.

  1. With the exception of the above said this Policy shall not be valid for other Internet sites, marketplaces, exchange platforms, information systems, and shall not apply also to that of third parties. The Company shall not be held responsible for the Internet sites, marketplaces, exchange platforms, information systems of third parties that the Persons may go to using links available in the software, products and in the documents of the Company.

  1. The Personal Data being processed by the Company shall include Personal Data, necessary for using of Company’s products (software) and considered as such in the applicable law. The use of data that may be referred to Personal Data and represent digital trace of using products (software) and services of the Company (including geolocation, IP addresses, cookies) shall be subject to separate consent of the Person by ticking the consent box in the pop-up window (if applicable).  

  1. The Personal Data shall be confidential information and may not be used by the Company or any other persons for personal purposes.

  1. The Company shall ensure free and payless access to Persons to their Personal Data, including the right to obtain a copy of any record with their Personal Data as well as the right to get information concerning processing of the Personal Data except for when provided for in the applicable law within 10 (ten) working days of receipt by the Company of the Person’s request. The said term may be extended but not more than for 5 (five) working days subject to the motivated notice from the Company to the Person with the reasons for the term extension for the requested information provision.

  1. Contact information for the applying of the Persons to the Company on any issues related to the processing of Personal data: [email protected].

  1. Personal Data Storage, Processing and Transfer

  1. Personal Data processing shall be allowed only for the purposes of:
  1. Persons’ identification for the use of the software and other products and services of the Company (if necessary);
  2. granting of access to the Person to personalized products (software) and services;
  3. interaction between the Persons and the Company;
  4. establishment of connections (feedback) with the Person, including notices, requests regarding the products (software), services, the Persons requests processing, collection and update of information;
  5. efficient user and technical support;
  6. advertising;
  7. compliance with applicable law to determine the way of processing and protection of Personal Data of the Persons;
  8. the Company rights and rightful interests’ enforcement in connection with its activity;
  9. other legal purposes.

  1. Personal Data shall be stored in electronic form in the information system of the Company as well as in the database archives of the Company, unless delegated to the Personal Data processor under the applicable law.

  1. Organizational and technical measures shall apply to Personal Data ensuring safety of such and excluding access without permission. The Company shall elaborate protection measures for the Personal Data.

  1. Processing of Personal Data of the Persons may be accessed only by the Company’s associates or Third parties under corresponding agreements and subject to non-disclosure agreements as regards Personal Data.

  1. By using the Company’s products (software) the Person grants his consent to processing of his Personal Data, namely, any actions (operations) or combination of such, including collection, recording, systematization, storage, clarification (renewal, alteration), extraction, use, transfer (distribution, granting, access to), anonymization, blocking, removal, destruction of Personal Data. Personal Data processing shall be automated except for when non automated processing is mandatory by applicable law.

  1. The Company may transfer Persons Personal Data to third parties only for prevention of hazard to their life and health or subject to the Persons corresponding consent, and in other cases when provided for in the applicable law.

  1. The Company shall provide Personal Data only to authorized persons and only in the part that is required for the fulfillment of their function in accordance with the Policy and the applicable law.

  1. When the Personal Data is transferred to third parties such data may be used only for the purposes that it has been provided for.

  1. The Persons consent for the Personal Data processing that the Client allows to distribute shall be formalized separately from other consents of the Personal Data subject for Personal Data processing. The Company shall provide the subject of Personal Data with the opportunity to define a list of Personal Data for each category specified in the consent to process Personal Data permitted by the subject for dissemination.

  1. The Person’s consent for the Personal Data processing that the Person allows to distribute may prohibit Personal Data transfer (apart from giving access to) to unlimited number of persons as well as processing or set conditions for processing (apart from giving access to) such Personal Data by unlimited number of persons.

  1. Transfer (distribution, granting, access to) Personal Data that the Person allows to distribute shall be stopped at any time at his written request. Personal Data indicated in such demand may be processed by the Company only (or Third parties that the Company has the corresponding agreement with).

  1. Other rights, obligations, actions of the Company, its employees and counterparties that are responsible for Personal Data processing may be determined by job manuals and other relevant documents.

  1. All information regarding the Personal Data shall be considered to control whether the information is properly used by the persons obtaining it.

  1. The Company may store log files on actions of the Persons in certain cases when using software and services for the purposes of services quality increase and to legal protection enhancement.

  1. The Company rights and obligations     

  1. The Company may establish mandatory requirements to the content of the Personal Data that shall be present for the use of the products (software) and services of the Company, and the Company shall be guided by the Policy and the applicable law.

  1. The Company is not obliged to verify whether the Personal Data is true and relies on the representation that the Persons act in good faith and maintain actual information about the Personal Data.

  1. The Company shall not be held liable for the voluntary transfer of Personal Data by the Persons, contact data, password and login, means of access to any third parties.

  1. The Company shall not collect and process Personal Data of the Persons regarding their political, religious and other beliefs and private life.

  1. The Company shall at its account ensure the protection of the Personal Data from unlawful use or loss as established by the applicable law.

  1. The Company shall be obliged to take measures necessary and sufficient to comply with the legal obligations under the applicable law. The Company shall in its discretion determine the measures to ensure such compliance. The measures may in particular include:
  1. appointment of the officer responsible for the organization of the Personal Data processing;
  2. documents that determine the Personal Data processing, methods, period of processing and storage, method of Personal Data destruction when the purposes of their processing or other legal consequences shall have been achieved or for other legal grounds,  as well as other local acts for procedures designed to detect and prevent breach of law, removal of the breach consequences (such documents and local acts may not contain provisions limiting the rights of subjects of Personal Data or imposing rights and obligations on the Company not provided by law);
  3. taking of legal, organizational, technical measures to ensure Personal Data safety;
  4. internal control and (or) audit of the Personal Data processing compliance with the applicable law and Personal Data protection requirements, the Policy, other internal documents;
  5. evaluation of damage that can be caused by to the Persons in case of breach of law, proportion of said damage and measures to be taken for compliance with the legally imposed obligations;
  6. acknowledgement of the employees directly involved in the Personal Data processing with the applicable law provisions of Personal Data, in particular, as regards Personal Data protection, documents regarding the Personal Data processing policy, internal documents on the same issue and/or training of employees.

  1. Rights of Persons for Personal Data Protection

  1. The Persons shall be entitled to the following for the purposes of protection of their Personal Data stored with the Company or Third parties under corresponding agreements for protection processing and storage:
  1. to get full information on their Personal Data, its processing and transfer;
  2. to determine their representatives for the Personal Data protection;
  3. to demand exclusion or correction of incomplete or incorrect Personal Data as well as data processed in breach hereof and the applicable law;
  4. to demand from the Company that all persons shall be notified if such have received incomplete or incorrect Personal Data of all exceptions, amendments to the Personal Data.


Should the Company refuse of amendment or exception of Personal Data, the relevant Person may notify the Company of disagreement giving reasons to such.

  1. The Person may change, remove or amend the Personal Data provided previously by notice to the Company or amendment in the Company’s software (if applicable).

  1. Shall the Persons find that their Personal Data is processed not in compliance with the applicable law or otherwise infringes their rights and freedom, they have the right to raise claims against the Company actions or omission in court or to a competent authority as provided for in the applicable law.

  1. The Persons may at any moment send a request notice for amendment of Personal Data provided at registration or authorization giving reasons for this and enclosing requisite confirming documents. The Company shall review such notice within the term not to exceed 10 (ten) business days upon receipt of such notice and satisfy the request or deny giving reasons for the denial.

  1. Destruction, blocking of Personal Data

  1. In case of any improper processing of Personal Data at the Person’s request to the Company the latter shall block the potentially improperly processed Personal Data relating to such Person from the moment of such notice for the period of internal check, unless blocking of such Personal Data infringes other Persons or third parties’ rights and rightful interests.

  1. In case of any inaccuracy of Personal Data found at the Person’s request to the Company the latter shall block such Person’s Personal Data from the moment of such notice for the period of internal check, unless blocking of such Personal Data infringes other Persons or third parties’ rights and rightful interests.

  1. Should the Personal Data inaccuracy be found, the Company shall on the basis of the information from the Person or other necessary documents amend the Personal Data within 10 (ten) business days from the date when such information was received and remove the Personal Data block.

  1. Should it be found that Personal Data is processed improperly by the Company, the latter shall within 10 (ten) business days from the day when this fact is found stop such improper Personal Data processing.

  1. Should it be impossible to ensure the proper processing of the Personal Data, the Company shall within 10 (ten) business days from the day when the fact of improper processing of Personal Data is found destroy such.

  1. The Company shall notify the corresponding Person of the Personal Data destruction or removal of the incompliance found.

  1. Should the Company relations with the Person be terminated, the Company shall store such Person’s Personal Data for not less than 5 (five) years from the relationship termination.

  1. Should the Person withdraw the consent for the Personal Data processing, the Company shall stop the processing thereof and in case if storage of the Personal Data is not required anymore for their processing, destroy Personal Data within the term not exceeding 10 (ten) days from the day when the said withdrawal notice receipt. The Person is aware that the consent withdrawal for the Personal Data processing may be the ground for the  access block or termination of access to products and services that require Person identification.

  1. Should it not be possible to destroy Personal Data within the term indicated in sections 5.4-5.8 hereof, the Company shall block such Personal Data and ensure destruction of such Personal Data within 3 (three) months, unless another term is set forth by the applicable law.

  1. Policy Amendment

  1. The Policy may be amended or terminated unilaterally by the Company without a prior notice to or consent of the Clients. The new version of the Policy shall be valid as of its publication unless otherwise provided for in the new version of the Policy.

  1. The current version of the Policy:

https://static.vataga.trading/mobile_docs/mobile_privacy_policy_vtg_soft_dmcc.en.pdf