PRIVACY AND DATA PROTECTION POLICY
on September 16, 2019 / by andyUA

This Privacy and Data Protection Policy (hereinafter – the Policy) defines the regulation of the relationship between Jasmin Group Limited, incorporated
under the
laws of Hong Kong located at No5, 17/F Bonham Trade Centre, 50 Bonham Stand, Sheung Wan, Hong Kong
(hereinafter – “Datejasmin”, the “Company”) and YOU
(hereinafter
also – the “Data Subject”) regarding the use of your personal data.

ALL DATA SUBJECTS ARE REQUIRED TO READ THIS POLICY TO UNDERSTAND HOW THE COMPANY COLLECTS AND
PROCESSES PERSONAL DATA AND WHAT SECURITY MEASURES ARE BEING APPLIED.

While conducting its activities, the Company adheres all conditions and requirements stipulated by the international applicable laws concerning data protection, including but not limited to, the General Data Protection
Regulation (hereinafter – the “GDPR”).

  1. DEFINITIONS

‘Personal data’ means any information relating to an identified or
identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in
particular by reference to an identifier such as a name, an identification number, location data, an online
identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or
social identity of that natural person.

‘Special categories of personal data’ (sensitive data) means
personal data
revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union
membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural
person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

‘Data controller’ (controller) means a natural or legal person,
public
authority or other body which, alone or jointly with others, determines the purposes and means of the processing of
personal data.

‘Data processor’ (processor) means a
natural or
legal person, public authority or other body which processes personal data on behalf of the controller.

‘Data Subject’ means any living individual who is the subject of
personal
data are processed by the Company, including Users, Visitors.

‘User’ means a data subject who has completed registration
procedure at the
Website and wanted to use Services or has already used Services.

‘Visitor’ means a data subject who has entered the Website with any
purpose.

‘Processing’ means any operation or set of operations which is
performed on
personal data or on sets of personal data, whether or not by automated means, such as collection, recording,
organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or
destruction.

‘Profiling’ means any form of automated processing of personal data
intended to evaluate certain personal aspects relating to a natural person, or to analyses or predict that person’s
performance at work, economic situation, location, health, personal preferences, reliability, or behavior. This
definition is linked to the right of the data subject to object to profiling and a right to be informed about the
existence of profiling, of measures based on profiling and the envisaged effects of profiling on the individual.

‘Automated decision-making’ means an ability to make decisions by
technological means without human involvement that produces legal effects concerning the Data Subject or similarly
significantly affects the Data Subject.

‘Personal data breach’ means a breach of security leading to the
accidental, or unlawful, destruction, loss, alteration, unauthorized disclosure of, or access to, personal data
transmitted, stored or otherwise processed.

‘Consent’ means any freely given, specific, informed and
unambiguous
indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action,
signifies agreement to the processing of personal data.

‘Datejasmin Services’ (also –
‘Services’)
means the
provision of access to the personal Datejasmin User’s account.

‘Supplier’ means an individual entrepreneur or a legal entity with
which
the Company may cooperate for the Services provision on the Website. Suppliers use the Services in accordance to the
terms of their agreement with Datejasmin.

‘Data Protection Authority’ (DPA) means an independent public
authority
which is established by a Member State pursuant to the GDPR.

  1. STATEMENT

2.1.  In collecting and using of the personal data, the
Company is subject to a variety of the legislation controlling how such activities may be carried out and the
safeguards that must be put in place to data protect.

2.3. This Policy sets out how the Company uses, processes
and stores the Data Subjects’ personal information. The Company will obtain that information from Data Subject
with his/her permission and consent.
2.4. The Data Subjects have a right to apply to the
Datejasmin about their personal data breach if they become aware of it earlier than the Datejasmin.
  1. PRINCIPLES OF PROCESSING
3.1. During collecting and processing the personal data,
the Company adheres the principles as follows:

(a) Lawfulness, fairness and transparency

Lawfulness – the controller identifies a lawful basis before to process the personal
data
(for example consent).

Fairness – in order to process fairly, the controller has to make certain information
available to the data subjects as practicable. This applies whether the personal data was obtained directly from the
data subjects or from other sources.

Transparency – any information and communication relating to the processing of the
personal
data be easily accessible and easy to understand, and that clear and plain language be used.

(b) Purpose limitation

The personal data must be collected for specified, explicit and legitimate purposes and not
further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in
the public interest, scientific or historical research purposes or statistical purposes shall, not be considered to
be incompatible with the initial purposes.

(c) Data minimization

The personal data must be adequate, relevant and limited to what is necessary in relation to
the
purposes for which they are processed.

(d) Accuracy

The personal data must be accurate and, where necessary, kept up to date; every reasonable
step
must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are
processed, are erased or rectified without delay.

(e) Storage limitation

The personal data must be kept in a form which permits identification of data subjects for no
longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for
longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest,
scientific or historical research purposes or statistical purposes, if only are implemented appropriate technical
and organizational measures required by governing law in order to safeguard the rights and freedoms of the data
subject.

(f) Integrity and confidentiality

The personal data must be processed in a manner that ensures appropriate security of the
personal
data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or
damage, using appropriate technical or organizational measures.

  1. COLLECTED PERSONAL DATA AND PURPOSES OF PROCESSING

PERSONAL DATA

PURPOSES

The Users personal data

Obtained via registering the User’s account at the Website
 

− full name;
− email address;
− IP address

 

● for register the Datejasmin User’s account at the Website;
● for communication with the User and providing support with authorization, account managing, account security, system software errors, Services, bans etc.

 

Obtained during registration via Facebook account:

 

− full name;
− IP address;
− browser type;
− email address;
− profile photo

 

Obtained during registration via Google account:

 

− full name;
− IP address;
− browser type;
− email address

 

− Gender and age;
− Bad habits;
− Marital status and number of children;
− Interests and activities;
− Education;
− Languages knowledge;
− Preferences on communication with other Users;
− Photo;
− Height, physique, eye and hair color.

 

● used for communication and interaction between Users at the Website. Filled personally by the User and publicly displayed in the Datejasmin User’s account at the Website.

The Visitors personal data

− Browser type and version;
− Operation system type and version;
− Information about device;
− Information about visited websites;
− HTTP cookies

 

● used for prevention frauds related to the Service provision;
● used for fast and easy User’s authorization on the Website.

 

The Suppliers (or its staff) personal data

− Full name;
− Position;
− E-mail address;
− Ways of communication
● used to register the accounts for Supplier’s clients and staff at the Website. Filled personally by the Supplier’s representative;
● used to communication regarding to the Service provision through the Website or other financial/legal issues.

 

4.2. The User regulates public accessible personal data in
Datejasmin account, at his/her sole discretion
4.3. All sensitive data are collected and/or processed by
the Datejasmin strictly on the basis of the Consent the User.
4.4. While processing personal data, the automatic
decision-making and profiling is not applied by the Company.
4.5. The Datejasmin does not collect from Data Subjects
more personal data than it is determined in this Policy. The Datejasmin also does not collect more personal data
than it is needed for the purposes of processing specified herein.
  1. THE LAWFULNESS OF PROCESSING
5.1. 
The Users personal data are being collected while the appropriate User is registering
the Datejasmin account on the Website.
5.2. The Company processes the Users personal data on the
basis of the Consent which is provided by User before registration upon to the Consent Form.
5.3. The Consent is considered to be provided to after the
User has put a tick and pressed the “I give consent” button in the end of the appropriate Consent Form.
5.4. The User confirms that he/she is eighteen (18) years
of age or older by putting a tick in front of relevant sentence.
5.5. By giving the consent the User acknowledges and
accepts all terms and conditions specified in Consent Form as well as all conditions specified in the current
Policy.
5.6. It worth to clarify that the Privacy Notice is to be
provided to the Users within the Website right before the appropriate registering form is filled in.
5.7. The Company shall be able to demonstrate that Consent
was obtained for the processing operation if it is required.
5.8. The Visitors personal
data
are being collected while the appropriate Visitor is entering the Website. Herewith, the personal data
are being collected via a consent. Herewith, the personal data are being collected, because such data processing
necessary for the persuasion of the legitimate interests of the Company. Also the Company may process Visitors
personal data on the basis of the Consent.
5.9. Along with the Consent Form, the Company provides the
User and the Visitors with the Privacy Notice, which contains, including the precise information concerning the
purposes of processing and the information on methods of processing as well as on the period for which such
personal data are to be stored.
5.10. Company shows to the Visitor the Cookie Notice,
which contains, including the precise information concerning the purposes and types of the cookies as well as how
prohibit they using. The Visitor may provide Company with consent by pressing “I accept” button in the Cookie
Notice.
  1. USER AGE
6.1. The Datejasmin collects the personal data on the
basis of Consent obtained from the Data Subjects who have reached the age of 18 years.
6.2. Registering on the Website and giving the Datejasmin
the Consent, the appropriate User acknowledges that he/she reached the age of 18 years and has all rights to
provide to Datejasmin the Consent to his/her personal data processing.
6.3. If you know that the Datejasmin processes data of
person under 18 years old, please inform about this by writing to e-mail address:
dpo@datejasmin.com
  1. WITHDRAWING OF CONSENT
7.1. The Data Subject is entitled to withdraw the Consent
at any time he/she wishes. The withdrawal of the Consent is considered to be properly made after the Data Subject
has sent such letter of withdrawal to the next e-mail address:dpo@datejasmin.com.
7.2. The appropriate request for withdrawing of the
Consent shall be examined within 72 hours since a moment the respective form of withdrawal is received, and the
adequate decision will be made by the Datejasmin.
7.3. The User is entitled to withdraw the Consent at any
time in own account at the Website by deleting it.
8.1. The Datejasmin processes and stores the personal data
during the period that is needed for realization of the processing purposes, specified in this Policy.

Personal data

Period of storage

The Users personal data

− Full name;
− E-mail address;
− Gender and age;
− Bad habits;
− Marital status and number of children;
− Interests and activities;
− Education;
− Languages knowledge;
− Preferences on communication with other Users;
− Photo;
− IP address;
− Height, physique, eye and hair color.

 

no more than 36 months since User’s last
activity

at the Website.

The Visitors personal data

− Browser type and version;
− Operation system type and version;
− Information about device;
− Information about visited websites;
− HTTP cookies.

 

no more than 12 months since date of
Visitor
consent
.

The Suppliers (or its staff) personal data

− Full name;
− Position;
− E-mail address;
− Ways of communication

 

no more than 5 years since the
end of agreement
with the appropriate Supplier

 

8.3. After an expiration of the period of storage, the Datejasmin is obliged to delete the personal data or ask the Data Subject to provide the Datejasmin with a new Consent if the necessity of processing remains actual for the Datejasmin or another purpose of processing appears.
8.4. The Datejasmin is entitled not to store more and delete the earlier collected Data Subject personal data of at any time if such personal data are not needed more. Herewith, the Datejasmin is obligated to notify the respective Data Subject that his/her personal data are deleted.
8.5. The Datejasmin may keep storing the personal data if a subsequent processing is foreseen by law and is deemed relevant for a purpose which is not compatible with the original purpose of processing stated in this Policy. Herewith, under the incompatible purposes means the purposes concerning archiving in the public interest, scientific, statistical or historical use.
  1. PROCESSORS
9.1. While processing the Users personal data, the Company engages processors which act only in accordance with the Company instructions and within appropriate contract concluded between them. Users personal data processors are Partners which provides support with authorization, account managing, account security, system software errors, Services, bans etc. Partners that get personal data from the Datejasmin are located in Ukraine.
9.2. The Datejasmin commit ourselves to reducing the data breach risks, so selects Partners with an impeccable reputation and conclude the appropriate confidentiality agreements with them.
9.3. While processing the Visitors personal data, the Company may engage Google LLC (CA, United States) as processor by using its products.
9.4. The Company is responsible for the proper processing of the Users’ personal data under the
international applicable laws concerning data protection. Herewith, each processor is responsible for the
adherence of the GDPR as well as for other applicable laws concerning data protection while processing the Users’
personal data.
9.5. The processors are not entitled to define any additional purposes for the personal data processing.
  1. DATA SUBJECTS RIGHTS

right to access. The Data Subjects have a right to know whether
their
personal data are being processed and if so, access such data.

right to rectification. If the personal data are inaccurate, the
respective Data Subject is entitled to ask the Company to correct them indeed.

right to erasure or right to be forgotten The Data Subjects have a
right
to obtain from the Company the erasure of the Data subjects’ personal data without undue delay and the Company has
the obligation to erase such personal data without undue delay.

right to restriction of processing. The Data Subjects have a right
to
limit processing of their personal data with several exceptions under the scope of the GDPR.

right to be informed. The Company obliged to inform Data Subjects
what
data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third
parties. This information must be communicated concisely and in plain language.

right to data portability. The Data Subjects are permitted to
obtain and
reuse their personal data for their own purposes across different services. This right only applies to personal data
that Data Subject has provided to the Company by way of the consent.

right to object. The Data Subjects can object to the processing of
personal data that are being processed by the Company. The Company must stop processing personal data unless the
Company can demonstrate compelling legitimate grounds for the processing that overrides the interests, rights and
freedoms of the individual or if the processing is for the establishment or exercise of defense of legal claims.

right not to be subject to a decision based solely on automated
processing.

The Data Subjects have a right to object to any automated profiling that is occurring without consent. Herewith, the
Data Subjects have a right their personal data are to be processed with the human involvement.

10.2. The User can realize right to access and right to restriction of processing in own account on the Website. The User has the opportunity at any time withdraw consent to his/her personal data processing for purposes of direct marketing in own account on the Website.
10.3. The User can realize right to erasure by deleting own account on the Website.
10.4. The Data Subject has the opportunity at any time withdraw consent to his/her personal data processing for purposes of displaying to him/her most relevant advertising material and offers concerning Services based on the profiling such information about Data Subject by using option “Opt-out” at the Website.
10.5. The Data Subject can realize any of described above rights by sending request to the e-mail address:dpo@datejasmin.com. Data Subject request must include name, contact information of the Data Subject, right which Data Subject wants to realize, personal data processed by the Company, details and reason/justification of such request.
10.6. These are the timescales within which the Data Subjects may realize its rights, stated above (the period starts from the moment the Company receives the request):

Data Subject Request

Timescale

The right to be informed

When data is collected

The right of access

2 weeks

The right to rectification

2 weeks

The right to erasure

Without undue delay

The right to restrict processing

Without undue delay

The right to data portability

2 weeks

The right to object

On receipt of objection

Rights in relation to automated decision making and profiling.

2 weeks

  1. DATA PROTECTION OFFICER
11.1. The email of the Datejasmin Data protection Officer isdpo@datejasmin.com.
  1. SECURITY
12.1. The Company is responsible for ensuring that any personal data that Company holds and for which they are responsible, is kept securely and is not under any conditions disclosed to any persons unless that persons has been specifically authorized by Company to receive that information and has entered into a confidentiality agreement.
12.2. All personal data should be accessible only to those who need to use it under internal documentation of the Company. The personal data shall be treated with the highest security and must be kept encrypted.
  1. DATA BREACH NOTIFICATION
13.1. The Company takes all reasonable steps to minimize the risk of the personal data breach while processing the personal data.
13.2. In the case of a personal data breach, the Company shall without undue delay and, where feasible, no later than 72 hours after having become aware of the breach, notify the personal data breach to the DPA in accordance with Article 55 of GDPR, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of the Data Subjects.
13.3. To define a severity of the personal data breach, the Company shall carry out the risk assessment of the personal data breach. Via such assessment, the Company may determine whether the risk to the rights and freedoms of the Data Subjects affected is judged to be sufficiently high to justify notification to them.
13.4. Also, in the case of a personal data breach, which is likely to result in a high risk to the rights and freedoms of the Data Subjects, the Company shall without undue delay notify the appropriate Data Subject the personal data of which were breached.
13.5. However, if appropriate measures have subsequently been taken to mitigate the high risk to the Data Subjects, so that it is no longer likely to happen, then communication to the Data Subjects is not required by applicable laws concerning data protection.
13.6. The Company documents all personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. The documentation shall enable the Supervisory Authority to verify compliance with the applicable laws concerning data protection.
13.7. The respective Processor is obligated without undue delay to notify the Company about the breach of the personal data during processing such personal data under the Company’s instructions
  1. DATA TRANSFER

14.2. During the processing, the personal data can be
transferred to
the сountries other than in European Economic Area where the respective processors and/ or
Partners and/or Suppliers are registered and/or located.

14.3. The Company may transfer the personal data to the countries that may not have laws which provide the same level of protection to the personal data such as the European laws. Where this is the case, the Company takes all reasonable steps to put in place appropriate safeguards to ensure that such transfers comply with applicable
laws concerning data protection.

14.4. The Datejasmin safeguards the protection for the rights of Data Subjects whose data will
be
transferred by the following means:

14.5. You, as the Data Subject, give an explicitly Consent for such personal data
transfer.

14.4. The personal data are being transferred for the purposes defined.

14.5. The Company does not sell or trade personal data to any legal persons or
individuals.

  1. ADDITIONAL CONDITIONS
15.1. A current version of this Policy is available to all at the following link:
https://datejasmin.com/privacy.
15.2. The Company may revise this Policy from time to time. If the Company makes material changes to this Policy, it will notify the Data Subjects by e-mail or by posting a notice on the Website prior to the effective date of the changes. By continuing to access or use the Website after those changes become effective, Users and Visitors agree to the revised Policy.