Data Processing Policy

Effective date: September 7, 2025

Document version: 1.0 | App version: 2.1

1. Legal basis for processing

1.1 GDPR basis

Article 6(1)(b) — contract performance (core app functionality)
Article 6(1)(f) — legitimate interest (analytics, service improvement)
Article 6(1)(a) — consent (marketing analytics, personalization)

1.2 Russian law basis

Consent of the data subject
Performance of a contract where the data subject is a party
Exercise of rights and legitimate interests of the controller

2. Data processing principles

2.1 Core GDPR principles

Lawfulness — processing on lawful grounds
Fairness and transparency — fair and transparent processing
Purpose limitation — processing only for stated purposes
Data minimization — processing only necessary data
Accuracy — maintaining data currency
Storage limitation — storing no longer than necessary
Integrity and confidentiality — protection from unauthorized access

3. Categories of processed data

3.1 Personal data

Anonymous device identifier (UUID)
Subscription and payment data
Contact data (when contacting support)

3.2 Technical data

Device model and version
Operating system version
App version
Language settings and region

3.3 Usage data

App interaction events
User settings
Error and crash information
Ad interaction data

4. Third-party data recipients

4.1 Recipient categories

Google AdMob — advertising services
Apple App Store — payment processing
Cloud providers — data storage
Analytics services — metrics processing

4.2 Protection measures for transfers

Data encryption during transmission (TLS 1.3)
Identifier anonymization
Minimization of transferred data
Compliance with third-party policies

5. Cross-border data transfers

5.1 Transfer conditions

Data may be transferred outside the EEA if there are:

Adequacy decisions
Standard contractual clauses
Certified protection mechanisms

5.2 Transfer countries

USA — Google AdMob, Apple (with appropriate safeguards)
EU — cloud services

6. Data subject rights

6.1 GDPR rights

Right to information and access
Right to rectification
Right to erasure ("right to be forgotten")
Right to restriction of processing
Right to data portability
Right to object
Rights regarding automated decisions

6.2 Exercising rights

To exercise your rights, contact: privacy@ponravilos.ru

Response time: 30 days from request receipt

7. Contacts

7.1 Data controller

Email: convertik@ponravilos.ru

Specialized contacts:

Data processing questions: privacy@ponravilos.ru
Data subject rights: rights@ponravilos.ru