Русский

Privacy Policy on Personal Data Processing

Chapter 1: General Provisions

1. This Regulation on the Processing and Protection of Personal Data (hereinafter — the Regulation) defines the policy of the Limited Liability Company “Doverka Fintech” (hereinafter — the Company) regarding the processing of personal data, including the procedure for collection, storage, use, transfer, and protection of personal data.

2. Personal data is processed using mixed methods (both with and without automation tools), including, but not limited to, using internal networks and the Internet.

3. Amendments, annexes, and supplements to this Regulation are made and approved by order of the Company’s head.

4. This Regulation is a local legal act of the Company, mandatory for compliance and execution by employees of the Company, as well as other persons involved in personal data processing in accordance with this Regulation.

5. This Regulation is developed in accordance with the Constitution of the Republic of Belarus, the Law of the Republic of Belarus dated 07.05.2021 No. 99-Z “On Personal Data Protection” (hereinafter — Law No. 99-Z), the Law of the Republic of Belarus dated 10.11.2008 No. 455-Z “On Information, Informatization and Information Protection”, and other regulatory legal acts of the Republic of Belarus.

Chapter 2: Basic Definitions

6. The following terms and definitions are used in this Regulation:

6.1. Company or Operator – Limited Liability Company “Doverka Fintech”, UNP 193855027, located at: Republic of Belarus, Minsk, Briketa Street, 30, office 501-7;

6.2. Personal data – any information relating to an identified or identifiable individual;

6.3. Data subject – an individual who is not an employee of the Company and whose personal data is processed by the Company;

6.4. Processing of personal data – any action or set of actions performed with personal data, including collection, systematization, storage, modification, use, anonymization, blocking, dissemination, provision, and deletion;

6.5. Automated processing – processing of personal data using computing technology;

6.6. Non-automated processing – processing of personal data without the use of automation tools;

6.7. Dissemination – actions aimed at making personal data available to an indefinite group of persons;

6.8. Provision – actions aimed at making personal data available to specific persons;

6.9. Blocking – termination of access to personal data without deletion;

6.10. Deletion – actions resulting in the impossibility of restoring personal data;

6.11. Anonymization – actions making it impossible to identify a specific data subject without additional information;

6.12. Cross-border transfer – transfer of personal data to a foreign country;

6.13. Identifiable individual – a person who can be identified directly or indirectly by personal attributes;

6.14. Counterparty – an individual or legal entity having a contractual relationship with the Company;

6.15. Website – the Company’s website available at https://doverkapay.com/.

Chapter 3: Categories of Data Subjects

7. The scope and content of personal data are determined by processing purposes and legal obligations.

Chapter 4: Purposes and Requirements

12. Personal data is processed for the following purposes:

12.1. Conducting business activities;

12.2. Performance of contractual obligations;

12.3. Recruitment processes;

12.4. Personnel reserve management;

12.5. Candidate verification;

12.6. Business trip organization;

12.7. Security and prevention of violations;

12.8. Marketing and events;

12.9. Promotion of services;

12.10. Website functionality and analytics;

12.11. Communication with data subjects;

12.12. Handling requests and complaints;

12.13. Compliance with legal obligations including AML;

12.14. Other lawful purposes.

13. Processing is carried out in accordance with Law No. 99-Z.

14. Processing must be proportional and lawful.

15. Processing requires consent unless otherwise provided by law.

Chapter 5: Rights of Data Subjects

23. Processing is generally based on consent.

24. Consent must be free, informed, and explicit.

25. Consent may be given:

25.1. in writing;

25.2. electronically;

25.3. via website actions or codes.

26. Data subjects have the right to access information about processing.

27. The Company must respond within 5 working days.

28. Data subjects may request correction of inaccurate data.

29. The Company must update or justify refusal within 15 days.

30. Data subjects may request information on third-party transfers once per year.

31. Data subjects may withdraw consent.

32. The Company must stop processing and delete data within 15 days.

Chapter 6: Data Protection

34. Personal data protection includes legal, organizational, and technical measures.

35. The Company ensures:

35.1. restricted access;

35.2. secure storage;

35.3. controlled destruction;

35.4. monitoring and audits;

35.5. incident investigation;

35.6. IT security tools;

35.7. data recovery.

36. Additional measures include:

36.1. risk assessment;

36.2. security controls;

36.3. media tracking;

36.4. breach detection;

36.5. data recovery;

36.6. access logging.

37. Responsible persons are appointed.

38. Staff are trained on data protection.

Chapter 7: Final Provisions

40. Violations may result in disciplinary, civil, administrative, or criminal liability.

41. The purpose is to ensure data protection and confidentiality.

42. This Regulation forms the basis for internal policies.