Privacy Policy

This Privacy Policy (the “Privacy Policy”) is designed to provide data subjects (users) with information on the processing of their personal data (any information relating to them) in the context of usage of the Yango Joy (the application, website and other services connected with it) (the “Service”) under the License Agreement and the Terms of Use accepted by the data subject (the “Agreement”). It will help you understand how we process your personal data and assist you in exercising the privacy rights available to you.

This Privacy Policy is based on the provisions of data protection laws, which may be applicable in the country of your residence.

Terms and definitions in this Privacy Policy shall have meaning that is given to them in applicable data protection laws, in particular:

Personal data means any information relating to an identified or identifiable natural person (“data subject”).

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

1. Controller

The controller of personal data processed under this Privacy Policy is Plus Entertainment Services Holding Limited, a UAE private company located at the following address: Unit GD-GB-00-15-BC-01, Level 15, Gate District Gate Building, Dubai International Financial Centre, Dubai, United Arab Emirates, company registration number: 6484.

Data subjects can contact the controller on any questions relating to the processing of their personal data under this Privacy Policy by sending their request at dpo-yt@yango.com or through other means available at the Service.

2. The legal basis and purposes of processing of your personal data

The controller processes personal data for the following purposes:

to provide the Service to its users (for instance, in order to use the Service, the user has to register and provide certain personal data, such as name or phone number);
to improve the Service and user experience;
to market, promote, and advertise the Service;
to comply with legal obligations and law enforcement requests;
to establish, exercise, or defend legal claims;
to protect the security of the Service and to prevent illegal and fraudulent activities.

We process your personal data only when we have one of the legal bases mentioned below:

processing is necessary for the performance of the Agreement: we need your personal data to provide you the Service under the Agreement, for example, we process your registration data, so that you can log into your account and use the Service;
processing is necessary for the purposes of our legitimate interests or legitimate interests of third parties, for example, to ensure network or information security, or to prevent fraud and other illegal actions;
in some cases, when required by applicable laws, we may rely on your consent to process your personal data. In any case, you have the right to refuse to give the consent. You will be able to withdraw your consent at any time by contacting us;
processing is necessary for compliance with legal obligations, when applicable laws require to process your personal data.

You can get more information on the legitimate interests pursued by us and relevant balancing tests by sending a request with the use of contact details specified in Section 1 of this Privacy Policy.

We do not process your personal data for grounds other than mentioned in this Privacy Policy.

3. Categories and sources of data processed


Categories of personal data processed	Description	Source
Registration / authentication data	Name Surname Telephone Email address	Information provided by you when you register (create) a user account
Data on user’s preferences and choices made	Feedback regarding the media content Playlists and other folders Settings and preferences regarding media content The history of user’s activity Etc.	Data which we collect when you use the Service
Additional information	When you use the Service or interact with our support team, you may choose to provide or you may be requested to provide additional information (e.g., contact details, age). For instance, you may ask us to provide you technical support or to send you the information on various matters, such as functionalities of the Service.	Information provided by you or requested by us
Automatically collected data	Location data IP address Cookies Web beacons/pixel tags Information about your device (device identifier, type and model) Mobile operating system Wi-fi network data Browser or mobile application details Time spent within the app Etc.	Data automatically collected when you use the Service


Categories of personal data processed	Description	Source
Registration / authentication data	Name Surname Telephone Email address	Information provided by you when you register (create) a user account
Data on user’s preferences and choices made	Feedback regarding the media content Playlists and other folders Settings and preferences regarding media content The history of user’s activity Etc.	Data which we collect when you use the Service
Additional information	When you use the Service or interact with our support team, you may choose to provide or you may be requested to provide additional information (e.g., contact details, age). For instance, you may ask us to provide you technical support or to send you the information on various matters, such as functionalities of the Service.	Information provided by you or requested by us
Automatically collected data	Location data IP address Cookies Web beacons/pixel tags Information about your device (device identifier, type and model) Mobile operating system Wi-fi network data Browser or mobile application details Time spent within the app Etc.	Data automatically collected when you use the Service

Sensitive data. We do not intentionally collect any special categories of personal data (sensitive data), such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data.

Payment details. When you use the Service, you can make purchases. Please note that we do not process any information about any payment details, such as your card details, banking account, except for the last four digits of the card and payment status. We generally forward you to resources owned by external providers of payment services. Under no circumstances, we can have access, control, obtain or store information about your payment details. We do not control or have access to any communication you may have with those third-party payment services providers. Such processing may be governed by third party privacy policies not under our control.

4. Recipients of personal data

We can share your personal data for the above mentioned purposes with the following parties:

affiliates of the controller to the extent required to provide the Service;
partners who help us improve the Service;
partners who assist us in hosting and storing data (providers of cloud services);
partners who assist us with sales and marketing of the Service;
partners who assist us with gathering statistical and aggregated information about how users interact with the Service;
partners who otherwise assist us with the provision of the Service (IT support, legal advisors, companies assisting us with customer support, etc.) for the purposes mentioned in Section 2 of the Privacy Policy;
public authorities to the extent required to comply with legal obligations and (or) to respond to their legitimate formal inquiries;
any third party, to whom we assign any of our rights or obligations under the Agreement related to offering of the Service to the users, or who maintain control with other means over the entities, offering the Service as a result of its acquisition;
other third parties if you expressed consent to such transfer, or if transfer of your personal data is required for your use of a certain Service, or for compliance with applicable laws.

5. Transfer to third countries

We may transfer personal data of the data subjects to third countries, including Russia and other third countries that do not provide the same level of data protection as in the country of your residence.

In such cases, we follow the necessary procedures to ensure that your rights are respected and your personal data is protected during and after the transfer.

You can get more information on the mechanisms of transfers to third countries by sending us a request with the use of contact details specified in Section 1 of the Privacy Policy.

6. Storage of personal data

We store your personal data as long as it is required to achieve the purposes of the processing specified in Section 2 of the Privacy Policy, unless there are specific periods defined in applicable laws.

7. Basic rights

Right to access: you can ask us to confirm whether or not we process your personal data. If so, you can access these personal data and can ask us to explain certain details of the processing. For instance, you can ask us about the recipients or categories of the recipients of personal data, whether we transfer your personal data to third countries, the purposes of the processing, as well as the legal grounds for the processing.
Right to rectification: you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.
Right to erasure (“right to be forgotten”): you have the right to obtain from us the erasure of your personal data when (i) the personal data are no longer necessary in relation for the purposes for which they are processed (the purposes are set forth in Section 2 of the Privacy Policy), (ii) you withdraw your consent on which the processing is based, and there is no other legal ground for the processing, (iii) the personal data have been unlawfully processed, (iv) when the processing is based on the legitimate interest ground, you object to the processing, and there are no overriding legitimate grounds for the processing.
Right to restriction of processing: you can ask us to mark the stored personal data with the aim to limit their processing in the future. This applies if (i) you contest the accuracy of the personal data, (ii) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead, (iii) you need personal data to protect your rights when we no longer need the personal data for the purpose of processing, (iv) you have objected to the processing based on the legitimate interests pursued by us or by a third party.
Right to objection to processing (where provided to the data subjects by applicable laws): when the processing is based on the ground of our legitimate interest or legitimate interest of a third party, you can object to the processing. We will not proceed with the processing unless there are overriding legitimate grounds for the processing.
Right to data portability (where provided to the data subjects by applicable laws): when the processing is based on your consent or on the agreement with you, you can receive personal data, which you have provided to us, in a structured, commonly used and machine-readable format and can freely transmit those data to another controller. Where technically feasible, you can also ask us to transmit the personal data directly to another controller.

8. Withdrawal of consent

Where the processing is based on consent, you have the right to withdraw your consent for data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. To withdraw consent, you can contact us with the use of contact details specified in Section 1 of the Privacy Policy.

9. Right to lodge a complaint

When provided by applicable data protection laws, you have the right to lodge a complaint with a supervisory authority in the area of data protection in the country of your residence.

10. Necessity to provide personal data

We only collect such personal data that is necessary for us to perform our Service or for other purposes disclosed in Section 2 of the Privacy Policy.

However, please be aware that there are no general statutory or contractual requirements for you to provide us with personal data processed under this Privacy Policy.

11. Security of personal data

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia, the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; а process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

In assessing the appropriate level of security, we take into account the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

12. Changes to this Privacy Policy

We may change this Privacy Policy from time to time at our sole discretion. If so, we may notify you about these changes by an appropriate method. If there is no explicit notification, you may always review the up-to-date version of this Privacy Policy located at https://yandex.com/legal/confidential_yango_joy.