Current version publication date: 19.09.2022

LAVA.TOP PRIVACY POLICY

Document version No.1.0. dated 18.07.2022

Current version publication date: 19.09.2022

Current version effective date: 19.09.2022

1. General provisions

1.1. This Privacy Policy (hereinafter, the Policy) defines the procedure for processing and protection of personal data of individuals (hereinafter, the Users) who use the LAVA platform through the website https://lava.top (hereinafter, the Platform), by LAVALANE LTD, a company organized and existing in accordance with legislation of the Republic of Cyprus, having its registered office at Vas. Freiderikis, 20 EL GRECO HOUSE, 1st floor, Flat/Office 104, 1066, Nicosia, Cyprus (hereinafter, the Administration). Terms of use of the Platform are stipulated in the Platform Terms of service available at https://faq.lava.top/article/53764 (hereinafter, the Terms of service).

1.2. The Administration acts both as the controller and the processor of the User’s personal data as provided for by Regulation (EU) 2016/679 of the European Parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).

1.3. The current version of the Privacy Policy is a public document available to any Internet user at https://faq.lava.top/article/53766.

1.4. The Administration has the right to make changes to this Policy at its own discretion. When making changes to the Policy, the Administration shall notify the Users thereof by posting a new version of the Policy on the Plaftorm at the permanent address (https://lava.top). The previous versions of the Policy are stored in the documentation archive of the Administration. The Users should check the Platform occasionally to ensure that they consent with any changes to this Policy. If the User disagrees with any terms of this Privacy Policy, the User must immediately cease to use the Platform and notify the Administration of intention to stop the processing of the User’s personal data.

1.5. This Policy applies to all processes for the collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), blocking, deletion, destruction of personal data carried out by automated means.

1.6. Before using the Platform and providing the Administration with information necessary to initiate further interaction, the User must expresses his/her consent to processing of personal data in accordance with this Policy. In case of disagreement with these terms, the User must refrain from using the Platform and its contents. The User gives consent by clicking on the "Register" button in the interface of the Platform, after having read the text of this Policy available via hyperlink in the same section of the Platform interface, or by checking the checkbox in the corresponding window of the Platform interface upon registration.

2. Terms of Use of the Platform

2.1. By providing access to the Platform and its services for the Users, the Administration, acting reasonably and in good faith, believes that each User:

• has all necessary rights enabling him/her to register and use the Platform;
• specifies true, accurate and complete information about himself/herself to use the Platform;
• is aware that information including personal data published by the User with the use of the Platform, unless the User restricts access to such information in the interface of the Platform, may become available to other Users of the Platform and Internet users, may be copied and distributed by such users;
• is aware that some types of information transmitted by the User to other Users may not be deleted by the User himself/herself;
• has read this Policy, agrees to be bound by it, and accepts the rights and obligations set forth herein.

2.2. The Administration does not verify the accuracy of received (collected) information about the Users, except when such verification is necessary for the Administration to fulfill its obligations before the Users.

2.3. If the User accesses his/her account at the Platform using the registered username and password or other credentials as provided for in the Terms of service, such access is considered to be authorized by the User by default, and the person obtaining access with these credentials has all necessary powers, unless the User has provides the Administration with information that account details of such User have been compromised.

2.4. The Platform is used to provide access to electronic files, including, but not limited to images, video and audio recordings, texts etc. (hereinafter, the Content). The Content is uploaded to the Platform by Users that register at the Platform as authors of such Content (hereinafter, the Authors). The Platform allows for execution of agreements between the Users and the Authors in relation to access to the Content, but the Administration is not responsible for performance of such agreements. Additional information on performance of agreements concluded between the Users and the Authors may be found in the Terms of service.

3. Purposes of personal data processing

3.1. The Administration may use personal data of each User for the following purposes:

3.1.1. Identification of the User for entering into and performance of the agreement with the User according to the Terms of service;

3.1.2. Performance of the Terms of service, including granting Users access to the Platform, its functions and content, organization of interaction between the Users via the Platform, including assistance in execution of agreements to access the Content between the Users and the Authors;

3.1.3. Development, improvement, modernization, updating of services and products of the Administration;

3.1.4. Informing the User in connection with use of the Platform and performance of the Agreement;

3.1.5. Compliance with the requirements of the applicable law or the decision of a court or other competent state or municipal authority.

4. Personal data processed by the Administration

4.1. Users may provide the Administration with the following personal data that will be processed by the Administration in accordance with this Policy:

4.1.1. data provided by the Users and minimally necessary for registration at the Platform:

4.1.1.1. name, surname;

4.1.1.2. e-mail address;

4.1.2. data provided by the Users using the “edit” section of their personal pages (profiles) at the Platform, which may include personal photo, User’s interests in relation to the Content, other information that may be provided by the Users when filling out personal profiles;

4.1.3. data, additionally provided by the Users at the request of the Administration for confirmation of information indicated by the Users in their profiles at the Platform and prevention of fraudulent or other illegal activities, which may Include a scanned copy or photo of his/her identification document;

4.1.4. data obtained automatically throughout the use of the Platform by the User, including information on the purchases of the User in the Platform’s interface and subscriptions to the Content made by the User;

4.1.5. data additionally provided by Users registering as Authors on the Platform:

4.1.5.1. nickname;

4.1.5.2. field of activity;

4.1.5.3. ID of the Author’s profile at the Platform;

4.1.5.4. short and full description of the Author’s profile at the Platform;

4.1.5.5. links to Author’s profiles in social media;

4.1.5.6. information on payment collection methods used by the Author to receive the Author’s remuneration;

4.1.5.7. details of identity documents issued in accordance with the Author’s country of residence (passports, drivers’ licenses etc.) for the purposes of identification of the Author;

4.1.5.8. personal data indicated in documents provided by Authors acting as legal persons, including: statutory documents, extracts from state registers, decisions of governance bodies, information cards etc.;

4.1.5.9. other personal data provided by the Authors to the Administration for the purposes of performance of the Terms of service.

4.2. Other information about Users processed by the Administration that may be received from the User and other sources:

4.2.1. identification number (ID) at the Platform, assigned after registration at the Platform

4.2.2. IP address

4.2.3. geolocation

4.2.4. identifiers (UUID, model, and others) of mobile device

4.2.5. operating system and its version.

4.2.6. time zone.

4.2.7. language used.

4.2.8. cookies (small files stored in the memory of User’s device, designed to personalize User’s activity and behavior at the Platform).

4.2.9. information that may include personal data of the Users that is exchanged or published by the Users by using the Platform.

5. Methods of personal data processing

5.1. The way the Administration uses personal data depends on the specific purposes for processing it.

5.1.1. Use of personal data for User identification and registration at the Platform

In order to obtain personal information for creation of the User’s personal profile at the Platform, the Administration must obtain sufficient information to establish the User’s identity, indicated in clause 4.1.1. hereof. The Administration collects, records, stores and systematizes this information through automated means as well. Such personal data is processed until deletion of the User’s personal account at the Platform.

5.1.2. Use of personal data for communication with the User

For the purposes of informing the User in connection with use of the Platform and performance of the Agreement the Administration processes the information indicated in clause 4.1.1. hereof. The Administration collects, records, systematizes, accumulates, and uses the personal data listed above. The Administration may use aforementioned personal data to send notifications to personal account of the User or the User’s mobile phone number and/or email address, which may concern operation of the Platform, new functions of the Platform and special offers intended for Users. The aforementioned personal data is processed for these reasons until termination of the Agreement in accordance with terms and conditions of the Agreement.

5.1.3. Use of personal data for performance of the Terms of service

For the purposes of due performance of the Administration’s obligations under the Terms of service, and, in particular, to allow editing the personal profile of the User, publishing of the User’s profile at the Platform, verification of the User’s personal data and assistance in communication between the Users, the Administration processes the information indicated in clauses 4.1.1. to 4.1.5. and 4.2. hereof. The Administration collects, records, systematizes, accumulates, and uses the personal data listed above. Such personal data is processed until deletion of the User’s personal account at the Platform.

5.1.4. Use of personal data for operation and improvement of the Platform

For the purposes of operation and improvement of the Platform the Administration collects, records, systematizes, accumulates, and uses information indicated in clauses 4.1.1., 4.1.2., 4.1.4, 4.1.5. and 4.2. hereof. This information may be shared with third parties subject to prior depersonalization of this information. This information is considered for development of the Administration’s market strategy, as well as the new and existing services and products of the Administration. The aforementioned personal data is processed until termination of the Agreement in accordance with terms and conditions of the Agreement.

5.1.5. Use of personal data for compliance reasons

For the purposes of compliance with applicable legislation and in order to protect the rights and interests of the Administration in legal or administrative proceedings, the Administration collects, records, systematizes, accumulates, and uses information indicated in clauses 4.1.1., 4.1.2., 4.1.4, 4.1.5. and 4.2. hereof. The Administration collects, records, systematizes, accumulates, and uses the personal data listed above. Such personal data is processed until deletion of the User’s personal account at the Platform and may be kept by the Administration for compliance reasons for up to three years following this date.

6. Processing information about Users

6.1. Processing of personal data is based on principles:

6.1.1. lawfulness, fairness and transparency of processing personal data;

6.1.2. personal data processed is accurate and, where necessary, kept up to date on the basis of information provided by the Users;

6.1.3. processing of personal data in specified, explicit and legitimate purposes without further processing in a manner that is incompatible with those purposes;

6.1.4. personal data processed shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

6.1.5. personal data is stored in a form which permits identification of the Users for no longer than is necessary for the purposes for providing access to the Platform and its contents, keeping accounting documents related to use of the Platform by the User and compliance with applicable legislation;

6.1.6. protection of personal data against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (integrity and confidentiality of personal data).

6.2. Personal data of the User is collected by the Administration upon registration of the User’s personal account at the Platform, upon registration of the User as an Author at the Platform, as well as further at the User's own initiative when the Users choose to provide additional information about themselves through the tools available in the interface of the Platform.

The personal data provided for in clause 4.1.1. of this Policy is provided by the User and is minimally necessary for the purpose of registering the personal account of the User at the Platform.

The personal data provided for in clause 4.1.2. of this Policy is additionally provided by the User at his/her own initiative by using the "Edit" tab in the "My Profile" section of the Platform.

The personal data provided for in clause 4.1.5. of this Policy is additionally provided by the User at his/her own initiative by using the "Become Author" tab in the "My Profile" section of the Platform.

6.3. Personal data of Users is stored only on electronic media and processed by automated means, except when non-automated processing of personal data is required in connection with the implementation of legislative requirements.

6.4. Personal data of the Users indicated in clauses 4.1.1., 4.1.2. and 4.1.4. of this Policy is published by the Users at the Platform at the relevant profiles of such Users and becomes available to all Users following registration and/or editing of the User’s personal account, unless the User elects to prohibit demonstration of his/her personal account to other Users with the exception of Users directly indicated by such User. Part of personal data indicated in clause 4.1.5. of this Policy is also published in order to inform the Users about the Content that is uploaded by the Authors and may be viewed through the use of Platform. The User determines the terms and provides access to the User’s personal data to an unlimited number of people, including by registering and using the standard functionality of the Platform, as well as by choosing the privacy settings and visibility of their personal page within the functionality of the Platform provided to the User. The Administration does not initiate or influence such choice of the User, nor does it have the purpose of obtaining the User's permission to share its personal data.

6.5. Personal data of the Users may only be transferred to third parties in cases stipulated in the Terms of service and applicable legislation. The Administration may provide personal data of the Authors to the Users for settlement e Users' claims against the Authors in connection with a breach by the Authors of their obligations to provide access to the Content

6.6. If the User has given relevant consent, the User's personal data may be transferred to third parties-contractors of the Administration, provided that such contractors undertake to ensure the confidentiality of information received, in particular when using applications.

6.7. Provision of personal data of Users at the request of state agencies (local authorities) is carried out in the manner prescribed by applicable law.

6.8. In order to perform the obligations set forth in the Terms of service and to provide access to the Platform for the Users, the Administration develops and improves the existing and new functions of the Platform. To ensure implementation of these goals the User agrees for the Administration, in compliance with applicable law, to collect, store, accumulate, systematize, extract, compare, use, fill (refine) their data, as well as to receive and transfer to affiliated persons and partners the depersonalized results of such data automated processing, using various information evaluation models, in the form of integer and/or text values and identifiers, corresponding to those specified in the evaluation requests.

6.9. Personal data of the User is deleted by the Administration in following cases:

• At the User's own request to delete the User’s personal data and personal sent to [email protected] with information sufficient to identify such User in order to process the User’s request;
• If the Administration removes the information published by the User, as well as the User's personal page according to terms of the Agreement.

In case of deletion of the User’s personal page the Administration may continue to store personal data of the User and information published by the User and/or transferred by the User with the use of the Platform for the period required and established by the applicable law and this Policy.

6.10. By posting information including personal data on the User’s personal page at the Platform the User acknowledges and agrees that this information may be available to other users of the Internet, taking into account the specific architecture and functionality of the Platform.

6.11. The Administration may use cookies or similar technologies. Cookies are small text files that are stored on the User’s device and provide the Administration with the ability to track, store, and collect information about the User’s actions related to the Platform. User may control cookies at the browser level, however, if the User disables cookies part of Platform functions may become unavailable to the User until cookies are enabled again.

7. Storage of personal data and data transfer outside the European Union

7.1. Recording, systematization, accumulation, storage, improvement (updating, modification), extraction of User’s personal data is performed with the use of databases located in the territory of the the Russian Federation.

7.2. The Platform may be maintained in the Russian Federation. By using the Platform, the User authorizes the export of personal data to the Russian Federation and its storage and use as specified in this Policy. The Administration may transfer personal data from the EU to the Russian Federation and other countries, which have not been determined by the European Commission to have an adequate level of data protection. Information stored in the Russian Federation may be subject to lawful requests by the courts or law enforcement authorities in the Russian Federation.

7.3. If the User is located in the EU, he/she may contact Administration via the contact details indicated in section 13 hereof if the User requires further information on the specific mechanism used by the Administration when transferring personal data out of the EEA.

8. Rights and obligations of Users

8.1. Users have the right to:

8.1.1. Access the information about the User by visiting personal pages at the Platform with the use of User’s username and password or other credentials as stipulated by the Agreement;

8.1.2. Independently make changes and corrections to the personal data on the personal page of the User at the Platform, provided that such changes and corrections contain current and accurate information. The Administration may require additional verification if changes are made by the Author;

8.1.3. Delete information about the User from the User’s personal page at the Platform or request the Administration to delete certain information from the User’s personal page or the User’s personal page itself according to procedure set forth in the Terms of service;

8.1.4. Demand from the Administration to rectify (clarify) the User’s personal data, block or destroy them if such data is incomplete, outdated, unreliable, illegally obtained or not necessary for the stated purpose of processing and if it is impossible to independently perform the actions provided by clauses 8.1.2. and 8.1.3. of this Policy. The Administration may require additional verification if changes are made by the Author;

8.1.5. On the basis of a request to receive information from the Administration relating to the processing of his personal data, to receive electronic copy of personal data or organize direct transfer of personal data from the Administration to another personal data operator and/or processor where technically feasible;

8.1.6. Complain about personal data processing by the Administration to a supervisory authority;

8.1.7. Withdraw consent to personal data processing subject to deletion of User’s personal profile at the Platform;

8.1.8. Restrict processing of personal data and object to processing in cases as provided for by applicable law.

8.2. When deleting personal data (other user information) from the User's personal page or deleting the User's personal page from the Platform, information about the User copied by other Users or stored on other Users' pages is retained unless the User applies with a request to the Administration to delete such information with indication of exact location of such information at the Platform.

9. Personal data protection measures

9.1. The Administration takes technical, organizational and legal measures to protect personal data against accidental or unlawful destruction, manipulation, damage, loss or alteration, unauthorized or unlawful access, disclosure or misuse, and all other unlawful forms of processing of personal data in possession of the Administration.

9.2. To ensure compliance with GDPR and applicable legislation, the Administration takes the following measures to protect personal data of the Users:

• A person responsible for organizing the processing of personal data (data protection officer) has been appointed;
• The Administration has adopted company regulations, policies and standards on personal data processing, security and procedures aimed at preventing and detecting violations of the laws and eliminating the consequences of such violations;
• Legal, organizational and technical measures have been taken to ensure the security of personal data, the Administration uses network and information security technologies, monitors the systems and data centers to ensure that they comply with security policies
• The technology safeguards are continuously adapted and improved in line with technological developments;
• The Administration conducts regular training and awareness programs on security and privacy, to ensure that employees understand the importance of protecting personal data, and that they learn and maintain the necessary knowledge and skills effectively to protect it in practice
• The rules of access to personal data processed in personal data information systems are established;
• A register of actions performed with personal data in the information systems that contain personal data is maintained;
• Rules have been established for back-up and restoration of information including personal data;
• The Administration takes all reasonable measures to prevent personal data breaches. If such breaches occur the Administration shall take appropriate actions will be consistent with the role of the Administration in relation to the products, services or processes affected by the breach.

9.3. In order to access the User’s personal page at the Platform, the User's login (email address) and password (set by the User) are used. Alternatively, User may select authorization with the use of information received from administrators of social networks. In case of registration at the Platform via the social networks, the User expresses his/her consent to the Administration receiving the User's personal data from the administrator of the respective social network.

9.4. Each User is responsible for the security of this information. The User may not give its own login and password and other credentials that are used for authorization to third parties, and is obliged to take measures to ensure their confidentiality.

10. Limitation of Policy Effect

10.1. This Policy shall not apply to the actions and Internet resources of third parties. The Administration shall not be responsible for the actions of the third parties, which, as a result of using the Internet or the Platform, get access to the information about the User in accordance with the confidentiality level chosen by the User, for the consequences of using the information, which, due to the nature of the Platform, is available to any Internet user. The Administration recommends Users to be responsible in deciding the amount of information about themselves published at Platform.

10.2. This Platform uses third-party online services, which perform data collecting, independent from the Administration. Such services include: Google Analytics. Data collected by these services may be provided to other services within those organizations. They can use the data for advertising personalization of their own advertising network. The User may learn about user agreements of those organizations on their websites. The User may also refuse their collection of your personal data. For example, Google Analytics Opt-out Browser Add-on can be found here.

11. User requests

11.1. Users have the right to send their requests to the Administration, including requests concerning processing of their personal data under clause 8.1.5. of this Policy. Requests may be sent in writing to the address: Vas. Freiderikis, 20 EL GRECO HOUSE, 1st floor, Flat/Office 104, 1066, Nicosia, Cyprus or in electronic form from an email address indicated by the User in its profile at the Platform to the email address of the Administration: [email protected]. If the User sends a request from a different email address the Administration may require the User to provide additional information in order to properly identify such User for further processing of his/her request.

11.2. The request sent by the user must contain the following information:

• Number, date of issue and issuing authority of the User’s identity document;
• Username or User’s identification number (ID) issued by the Administration if the User has previously created a personal account at the Platform;
• The signature of the user or his representative if the document is sent in written form by mail or courier.

11.3. The Administration undertakes to review and respond to the User's request within 30 days after its receipt.

11.4. All correspondence received by the Administration from Users (requests in written or electronic form) refers to restricted information and may not be disclosed without the written consent of the User. Personal data and other information about the User, who sent a request, may not be used without the User's express consent, except to respond to the received request or in cases expressly provided by applicable law.

12. Final Provisions

12.1. This Policy is obligatory for acquaintance and performance by all persons admitted to processing of personal data by the Administration, and the persons participating in the organization of processes of processing and safety of personal data in the Administration.

12.2. The Administration does not make decisions that give rise to legal consequences in respect of Users or otherwise affect their rights and legitimate interests, based solely on the automated processing of their personal data.

12.3. The Administration does not entrust the processing of personal data to other persons (processors).

12.4. Processing of personal date by the Administration is governed by legislation of the Republic of Cyprus. Any disputes between the Users and the Administration related to personal data or this Policy shall be exclusively settled by competent state courts of the Republic of Cyprus.

12.5. This Policy is subject to update in the event of changes in the applicable law or at the discretion of the Administration.

13. Contacts

User may contact the Administration by using the "Tech support" function of the Platform interface.

User may contact data protection officer of the Administration on issues related to the processing of User’s personal data via following means:

Registered office address: Vas. Freiderikis, 20 EL GRECO HOUSE, 1st floor, Flat/Office 104, 1066, Nicosia, Cyprus

Email address: [email protected]

Company name: LAVALANE LTD

State registration number: HE 387079