Full Policy

Entrepreneur and Information Supervisor“MPAY” OSC

51/41 Ganja Avenue, Baku, Azerbaijan, AZ1126

E-mail of the Owner: info@mpay.az

Types of data collected

The types of Personal Data collected by this Application personally or through a third party include the following: telephone number; name; surname; email address; sex; date of birth; VAT number; company name; address; country; ZIP / postal code; different types of information; city; Tax ID; User ID; Calendar permission; Camera permission; Accurate location permission (non-permanent); Approximate location permission (non-permanent); Telephone permission; Sensor permissions; SMS permission; Reminder permission; Permission of motion sensors; NFC Reader permission; Permission to obtain biometric information; Photo Library permission; Call permission; geographical location; username; password; picture; prefix; profile picture.

Full information about each type of collected Personal Data is presented in separate sections of the current Privacy Policy or in special explanatory texts recorded before the collection of Information.

Personal Data can be provided by the user independently or can be obtained automatically when the current application is used while using the information.

Unless otherwise stated, all information required by the current Application is mandatory, and failure to provide this information may make it impossible for the current Application to provide services. Indicating that some of the information in this Application is optional, Users are free not to provide this information without affecting the availability or operation of the Service.

Users who do not know what personal information is required can contact the owner of the application.

The use of cookies or other tracking tools by the current Application or by third party owners used in this Application is intended to provide the Service requested by the user, in addition to other purposes described in this document, if any, in the Cookie Policy.

Users are responsible for the Personal Information of any third party received, distributed or transmitted through this Application, and must confirm that the third party's consent has been obtained to provide this information to the Owner of the Application.

Mode and place of data processing

Processing means

The application owner must take appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of information.

Data processing is carried out using computers and / or efficient IT tools in accordance with organizational procedures and regimes that are closely related to the stated objectives.

In addition to the Application Owner, if necessary, for Information Processors designated by the Application Owner, i.e. certain types of people who manage the Information, parties involved in the management of this Application (management, sales, marketing, legal affairs, system management) or designated external parties (third party). The information may be available to service providers, postal carriers, hosting providers, IT companies, communications agencies, etc.). An updated list of these parties may be requested from the Application Owner at any time.

Legal framework for processing

If one of the following conditions applies, the Owner may process Personal Data for users:

· Users have given their consent for one or more purposes. Note: In accordance with the laws of some countries, the use of Personal Data by an owner may be permitted without consent or other legal grounds, as long as the User does not object to such processing ("opt-out"). However, this law does not apply if the processing of personal data is regulated by the Law of the Republic of Azerbaijan on personal data;

· The provision of information is necessary to fulfil an agreement with the User and / or fulfil pre-contractual obligations;

· Processing is necessary for an owner to fulfil the legal obligations to which he is subject;

· processing, public interest or work related to the execution of official powers vested in the owner;

· processing is necessary for the purposes of legitimate interests pursued by the Owner or a third party.

In any case, the Owner may be happy to help clarify whether the specific legal basis for the processing, and in particular the provision of Personal Data, is a legal or contractual requirement or whether a contractual requirement is required.

Location

The information is processed in the offices of the Owner and in other places where the parties involved in the processing are located.

Depending on the location of the User, the transfer of information may include the transfer of the User's data from his country to another country. In order to obtain more detailed information about the place of processing of such transmitted data, Users can check the section containing detailed information on the processing of Personal Data.

Users should also be informed of the legal basis and security measures for transferring data to a country outside the Republic of Azerbaijan or to any international organization governed by international public law or established by two or more countries such as the UN, and users should be aware of the protection of this information. They have the right to be informed about the security measures taken by the owner.

If such a transfer occurs, Users can obtain additional information by checking the relevant sections of this document or by contacting the Owner using the information provided in the contact section.

Retention period

Personal Data is processed and stored for as long as it is necessary for the purpose for which it was collected. For this reason:

· Personal Data collected for the purpose of fulfilling a contract between the Owner and the user must be kept until the full execution of this contract.

· Personal Data collected in the legitimate interests of the Owner will be retained until these purposes are fulfilled. Users can obtain specific information regarding the legitimate interests of the Owner in the relevant sections of this document or by contacting the Owner.

If the user consents to the processing, the Owner may be allowed to store Personal Data for a longer period of time, during which the consent is not revoked. In addition, the Owner may be required to retain Personal Data for a longer period of time if this is necessary to fulfil a legal obligation or as directed by a competent authority. Personal data must be deleted after the expiration of the retention period. Thus, the right of access, the right to erasure, the right to rectification and the right to transfer data cannot be exercised by the Owner after the expiration of the retention period.

Purposes of processing

User-related information is collected to ensure that the Owner provides his / her Services, complies with his / her legal obligations, complies with enforcement requirements, protects his / her rights and interests (or users or third parties) and detects any malicious or fraudulent activity. It also includes: advertising, user interaction, device permissions for personal information, hosting and back-end infrastructure, location interaction, and registration and identification provided directly by the current application.

To obtain specific information about the Personal Data used for each purpose, the User can refer to the section "Detailed information on the processing of Personal Data".

Device Permission for Personal Data Access

Depending on the specific user's device, the current application may need certain permissions, as described below, in order to access the data on the user's device.

By default, these permissions must be issued by the User prior to receiving the relevant information. The user can revoke it at any time after receiving permission. To revoke these permissions, Users can refer to the device settings or contact the Owner for support using the contact information provided in the current document.

The exact procedure for managing application permissions may vary by device and user software.

Please note that revoking such permissions may cause this Application to malfunction.

If the User grants any of the following permissions, the relevant Personal Data may be processed by the current Application (i.e. this information may be accessed, changed or deleted).

Approximate location permission (non-permanent)

It is used to determine the approximate location on the user's device. The current application can collect, use and transmit the user's location information to provide location services.

The geographic location obtained by the user is determined in an inconsistent manner. This means that the current application cannot use the estimated user space all the time.

Permission to access biometric data

It is used to access user biometric data and / or identification systems such as FaceID.

Calendar Permission

It is used to access the calendar on the user's device, including reading, adding and deleting entries.

Call Permission

It is used to access standard telephony features.

Camera Permission

It is used to access the camera or to take photos and videos from the device.

Motion sensor permission

It is used to measure the movement of the user by inputting data from the movement sensors of the user's device, such as the number of steps, descending stairs and other types of movement (walking, cycling, etc.).

NFC Reader permission

It allows the current application to read contactless messages. Telephone Permission

It is used to access typical telephony features. This allows you to simply read, for example, “phone status,” which means you can access the device's phone number, current mobile network information, or the status of any ongoing calls.

Photo Library Permission

It allows access to the user's Photo Library.

Accurate location permission (variable)

It is used to get the exact location on the user's device. This Application may collect, use and transmit User's location information to provide location-based services.

The geographic location of the user is determined in an inconsistent manner. This means that the current Application cannot continuously obtain the user's exact location.

Reminder Permission

It is used to access reminders on the user's device, including reading, adding and deleting entries.

Sensor Permission

It is used to get information about what is going on in the bodies of users, such as the sensors they use to measure their heart rate.

SMS Permission

It is used to access user messaging functions, including sending, receiving and reading SMS.

Detailed Information on the processing of Personal Data

Personal Data is collected for the following purposes and used for the following services:

• Advertising

This type of service allows the use of user data for advertising and communication purposes. These messages are displayed in the form of banners and other types of advertising in the current Application, based on the interests of the User as much as possible.

This does not mean that all personal information is used for this purpose. Information and terms of use are below.

Some of the services listed below may use cookies or other identifiers to identify users, or they may use behavioural redirection techniques. That is, it can display ads that match the interests and behaviour of the user, including certain interests and behaviour outside the current Application. For more information, see the privacy policies of the respective services. In addition to the opt-out feature offered by any of the following services, Users can also opt-out of this service by visiting the Network Advertising Initiative's opt-out page.

Users can opt-out of certain advertising features of their mobile phones through appropriate device settings, such as device advertising settings or advertising settings in general.

Direct marketing via SMS (current application)

The current application uses user information to offer services and products that are not related to products or services provided by third parties or provided through the current application.

Personal data processed: name; surname; phone number. Direct Email Marketing (DEM) (current application)

The current application uses user information to offer services and products that are not related to products or services provided by third parties or provided through the current application.

Processed personal data: email address; name; surname.

• Contact with the User

Contact form (current Application)

By filling out the contact form with their information, the User authorizes this Application to use this information in order to comply with the information, quotas or other similar requirements as stated in the title of the form.

Processed personal data: address; city; name of the company; country; date of birth; e-mail address; name; sex; surname; phone number; TIN; User ID; different types of information; VAT number; ZIP code / postal code.

Telephone contact (current Application)

Users who provide a phone number may be contacted for commercial or promotional purposes related to the current Application, and to fulfil support requests.

Personal data processed: phone number.

• Device permission for personal data access

This application requires certain permissions from users to allow users to access device data, as described below:

Device Permission for Personal Data Access (Current Application)

This app requires specific permissions from users to allow users to access device data, as described below and in this document.

Personal Data Processed: Approximate Location Permission (Non-Permanent); Access to biometric information; Calendar permission; Call permission; Camera permission; Motion sensors permission; NFC Reader permission; Telephone permission; Photo library permission; Accurate location permission (variable); Reminder Permission; Sensor permission; SMS permission.

• Hosting and backend infrastructure

The purpose of this type of service is to host Information and files that enable this Application to run and distribute, as well as to provide a ready-made infrastructure to run certain functions or parts of this Application.

Some of the services listed below, if any, may be operated by geographically dispersed servers, making it difficult to determine where Personal Data is stored.

Amazon Web Services (AWS) (Amazon Web Services, Inc.)

Amazon Internet Services (AWS) is hosting and back-end service provided by Amazon Web Services, Inc.

Personal Data processed: the different types of information specified in the privacy policy of the service. Processing location: USA - Privacy Policy. Privacy Shield Member.

• Location based interaction

Non-sustainable geological location (Current Application)

The current application can collect, use and transmit location information to provide location-based services.

Most browsers and devices provide tools to standardize this feature. If explicitly permitted, the User's location information may be tracked by this Application.

The geographic location of the User is determined either in a non-permanent way, or at the special request of the User, or if the User does not indicate the current location in the appropriate section and allows the application to automatically determine the location.

Personal Data processed: geographic location.

• Registration and identification provided directly through this Application

By registering or identifying, Users allow the current Application to identify them and access certain services. Personal information is collected and stored for registration or identification purposes only. The collected information is only the information that Users need to provide the requested service.

Direct Registration (current Application)

The User registers by filling out the registration form and submitting Personal Data directly to the current Application.

Personal Data Processed: address; city; company name; country; date of birth; email address; name; sex; surname; password; telephone number; picture; prefix; profile picture; User ID; username; different types of information.

Additional Information about Personal Data

• Push notifications

This Application may send push notifications to the User in order to achieve the goals set out in the current Privacy Policy.

Users can often turn off the push notification setting in the notification settings by accessing their mobile phone settings and then changing those settings in the settings of both this App and some or all of the apps on a particular device.

Users should be aware that disabling push notifications can negatively impact the usefulness of this application.

· Access to the address book

This application may need to access your address book.

• Personal Data received from the user from other sources

The owner of this application may reuse Users' Personal Data legally without notice, or collect such information from third parties, as indicated in the section defining the legal basis of the application.

Users can obtain specific information about the source of collection of personal data of the Application Owner in this way in the relevant sections of this document or by contacting the Application Owner.

• Push alerts based on the user's geographic location

This Application may use the geographic location of the User to send push notifications for the purposes specified in the current Privacy Policy.

Users can often turn off the push notification setting in the notification settings by accessing their mobile phone settings and then changing those settings in the settings of both this App and some or all of the apps on a particular device.

Users should be aware that disabling push notifications can negatively impact the usefulness of this application.

• Push notifications for direct marketing

This Application may send push notifications to the User for direct marketing purposes (to offer services and products related to a product or service provided or provided by this Application through third parties).

Users can often turn off the push notification setting in the notification settings by accessing their mobile phone settings and then changing those settings in the settings of both this App and some or all of the apps on a particular device.

Users should be aware that disabling push notifications can negatively impact the usefulness of this application.

In addition to the corresponding device settings, the User can also use the rights described in the "User Rights" section in the corresponding section of the current Privacy Policy.

• Unique identification of the device

This application can analyze or track users to remember the user's preferences by storing a unique identifier on users' devices.

• User identification by universal unique identifier (UUID)

The current application can be analysed by tracking a tool called a universally unique identifier (or UUID for short), or by tracking users to maintain user preferences. This identifier appears when the current Application is loaded, it exists between the launch of the Application and updates, but disappears when the User uninstalls the Application. On reboot, a new UUID is created.

User Rights

Users can exercise certain rights to the Information processed by the Owner. In particular, Users have the following rights:

· Revoke your consent at any time. Users have the right to withdraw their consent to the processing of Personal Data.

• Objection to data processing. Users have the right to object to the processing of their information if it is obtained on other legal grounds than with their consent. Detailed information is provided in the corresponding section below.
• Access to the Data. Users have the right to find out if the Data has been processed by the Owner, to receive information about certain aspects of the processing and to receive a copy of the processed data.
• Verification and correction. Users have the right to verify the accuracy of the information and request that it be updated or corrected.

· Restriction to data processing. Users have the right to restrict the processing of their data under certain conditions. In this case, the Owner has no right to process his data for any purpose; he can only store this information.

• Deletion or otherwise removal of Personal Data. Users have the right to request the deletion of business data under certain conditions.
• Receipt of information and transferring it to another controller. Users have the right to receive their data in a structured, widely used and readable format and to transfer this information to another controller (controller) without any technical hindrance. This provision applies if the information is processed by automated means and the processing is based on the user's consent, a contract with the user or a pre-existing obligation.
• Making a complaint. Users have the right to sue the body empowered to protect their data.

Details of the right to object to processing

If Personal Data is used in the public interest, for the exercise of official powers granted to the Owner, or for the legitimate interests exercised by the Owner, Users may object to such processing by substantiating their objections.

Users should be aware that if their Personal Data is processed for direct marketing purposes, they have the right to object to such processing at any time without any reason. Users can refer to the relevant sections of the current document to find out if the entrepreneur's personal information is being used for direct marketing purposes.

How to use your rights?

Any application for the exercise of user rights can be sent to the Owner through the contact information specified in the current document. These requests must be fulfilled by the Owner free of charge, as soon as possible and always within a month.

Further information on the collection and processing of data

Legal activity

The User's personal data may be used by the Owner for legal purposes in court or at stages arising as a result of possible legal activity caused by the improper use of this Application or related Services.

The User should be aware that the Owner can disclose the User's Personal Data at the request of state authorities. Further information about the user's personal data

In addition to the information provided in this Privacy Policy, this Application may provide the User with additional and contextual information related to certain services or requirements for the collection and processing of Personal Data.

System access and maintenance

For operation and maintenance purposes, this Application and any third-party services may collect files that record interactions with this Application (system access) using other Personal Information (for example, an IP address) for this purpose.

Information not included in the policy

More detailed information on the collection or processing of Personal Data can be requested from the Owner at any time. See the Contact Information provided at the beginning of this document.

How "not to track" requirements are managed

This application does not support the "not to track" requirements.

Please read their privacy policy to determine if any third party services are using “not to track” requirements.

Changes to the current privacy policy

The Owner reserves the right to change the current Privacy Policy at any time by notifying Users on this page through this Application and / or any technically and legally available contact information. It is recommended that you check this page frequently; referring to the date it was last modified below.

If the changes affect development activities carried out with the consent of the User, the Owner must obtain new consent from the user, if necessary.

Definitions and legal references

Personal Data (or Information)

Any information directly or indirectly or otherwise related to the identification of an individual, including a personal identification number.

Use of the Data

Information automatically collected by the Current Application (or third-party services used in this Application) may include: IP addresses or domain names of computers used by Users using the current Application, URI addresses (Uniform Resource Identifier), query time, method used to submit the request to the server, file size in response, numeric code indicating the status of the server response (successful result, error, etc.), country of origin, features of the browser and operating system used by the user, different time per visit details (for example, time spent on each page within the Application) and information about the trajectory tracked within the Application and other parameters about the device's operating system and / or the User's IT environment, with special reference to the sequence of pages visited.

User

Unless otherwise specified, the person using this Application in accordance with the Subject of Information.

Subject of Information

Person who owns personal data.

Data Processor (or Data Supervisor)

An individual or legal entity, government agency, intermediary or other body acting on behalf of the Personal Data Supervisor (Controller) as described in the current Privacy Policy.

Data Controller (or Owner)

An individual or legal entity, government agency, intermediary or other person who individually or collectively determines the purposes and means of obtaining Personal Data related to the development and use of the Current Application, including security measures. Unless otherwise stated, the Data Controller is the owner of the current application.

Current Application

A tool used to collect and process personal information from users.

Service

Service provided through the current Application, subject to applicable terms (if any) and as described on this page / application.