Domino`s Pizza Ukraine MOBILE APP PRIVACY POLICY

The current policy regulates the procedure for collecting and processing personal and other confidential data of users of the Domino`s Pizza Ukraine mobile application using automation tools via the Internet.

Terms

1. Within the current policy, the following terms are used:

1.1. Personal data - any information relating directly or indirectly to a specific or identified individual (personal data subject).

1.2. The mobile application is a program for electronic computers Domino`s Pizza Ukraine, which is installed on the User's device running IOS, Android mobile operating systems, and allows to automate the User's access to the database.

1.3. Site - a set of programs for electronic computers and other information contained in the information system, access to provided via the Internet by domain names and (or) by network addresses, which allows you to identify sites on the Internet. Addresses of the site of the Rights holder on the Internet: https://dominos.ua/.

1.4. Rights holder - a person who has the right to use the site, as well as to use and distribute the mobile application, and who processes personal data of Users.

1.5. User - a person who uses a mobile application on a non-exclusive basis (license and provides the Rights holder with his personal data).

1.6. Customer - a person who informs the Rights holder about the existing need to provide him with services for the carriage of passengers, delivery of goods (cargo), carrying out loading and unloading operations (hereinafter - transport services).

1.7. Processing of personal data - any action (operation) or set of actions (operations) carried out with or without the use of automation, with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), receipt, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

1.8. Automated processing of personal data - processing of personal data using computer technology.

1.9. Provision of personal data - actions for disclosing personal data to a certain person or a certain group of persons.

1.10. Blocking of personal data - temporary cessation of personal data processing (unless the processing is necessary to clarify personal data).

1.11. Destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.

1.12. Personal data information system is a set of personal data contained in databases and information technologies and technical means that ensure their processing.

1.13. Cookies are pieces of data sent by the site and stored on a computer, mobile phone or other device from which the User visits the site, which are used to store data about the User's actions on the site.

1.14. Device ID - unique data that allows you to identify the User's device on which the mobile application is installed, provided by the device itself or calculated by the mobile application.

2. Installation by the User of a mobile application on his device or use of the mobile application in any other way, as well as use of the site means the User's consent to the terms of this policy, including the User's consent to the processing of personal data by the Rights holder. Such consent is required.

Personal data

3. In the process of personal data processing the User has the right to:

3.1. To obtain information concerning the processing of his personal data, including that containing:

3.1.1. Confirmation of the fact of personal data processing;

3.1.2. Legal grounds and purpose of personal data processing;

3.1.3. Purpose and methods of personal data processing used;



3.1.4. The processed personal data concerning the relevant personal data subject, the source of their receipt, unless otherwise provided by applicable law;

3.1.5. Terms of personal data processing, including terms of their storage;

3.1.6. The procedure for exercising by the User the rights provided by the current legislation;

3.1.7. Information on cross-border data transmission that has taken place or is envisaged;

3.1.8. Other information provided by the current legislation.

3.2. Require the Rights holder to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, and take legal measures to protect their rights.

3.3. To appeal against the actions or inaction of the Rights holder to the authorized body for protection of the rights of personal data subjects or in court, if the User believes that the Rights holder processes his personal data in violation of applicable law or otherwise violates his rights and freedoms.

3.4. To protect their rights and legitimate interests, including compensation and (or) compensation for non-pecuniary damage in court.

4. In the process of personal data processing, the Rights holder is obliged to:

4.1. Provide the User at his request with the following information:

4.1.1. Confirmation of the fact of personal data processing;

4.1.2. Legal grounds and purpose of personal data processing;

4.1.3. Purpose and methods of personal data processing used;



4.1.4. The processed personal data of the User are the source of their receipt, unless otherwise provided by the current legislation;

4.1.5. Terms of personal data processing, including terms of their storage;

4.1.6. The procedure for exercising by the User the rights provided by the current legislation;

4.1.7. Information on cross-border data transmission that has taken place or is envisaged;

4.1.8. Other information provided by the current legislation.

4.2. Ensure that measures are taken to prevent unauthorized access to the User's personal data.

4.3. Publish or otherwise provide unrestricted access to the document that defines the policy on personal data processing, as well as to information on the requirements for personal data protection that are implemented.

5. The purpose of collecting and processing personal data of the User is an agreement to grant the User the right to use the mobile application. When collecting and processing personal data, the Rights holder doesn`t pursue other goals, except for the purposes of execution of this agreement.

6. Personal data of the User are stored on electronic media and processed using automated personal data processing systems.

7. The Rights holder collects and processes the following personal data of the User:

7.1. Surname, name, patronymic;

7.2. Date of birth;

7.3. Subscriber telephone number;

7.4. Photographic image;

7.5. Series, number and date of issue of the document confirming the right to drive the vehicle;

7.6. State registration number (sign) of the vehicle.

7.7. The User's personal data are destroyed by the Rights holder within 24 hours from the moment of registration in the mobile application. After registration of the User, the personal data provided by him are not stored and are not used in the future, the Copyright Holder doesn`t store, process and use the personal data of the User, is not an operator for processing personal data.

8. Destruction of personal data of the User is carried out without the possibility of their further recovery.

9. The Rights holder uses and stores the following data about the User, which are not personal data and don`t allow to identify the User:

9.1. Make, model and color of the vehicle;

9.2. Digital part of the state registration number (mark) of the vehicle;

9.3. Name.

10. Only employees of the Rights holder have access to the User's personal data. The Rights holder doesn`t disseminate personal data of the User, and doesn`t provide access to them to third parties without the prior consent of the User, except in cases of personal data at the request of authorized state bodies in accordance with applicable law.

11. The Rights holder takes the following measures to prevent unauthorized access to the User's personal data:

11.1. Appoints employees responsible for the organization of personal data processing;

11.2. Applies organizational and technical measures to ensure the security of personal data of the User, namely:

11.2.1. Determines security threats to personal data during their processing in personal data information systems;

11.2.2. Organizes the regime of ensuring the security of the premises in which the information system is located, which prevents the possibility of uncontrolled penetration or stay in these premises of persons who don`t have the right of access to these premises;

11.2.3. Provides preservation of personal data carriers;

11.2.4. Approves the list of persons who have access to personal data necessary for the performance of their official (employment) duties;

11.2.5. Uses the means of information protection necessary to prevent unauthorized access to personal data;

11.2.6. Evaluates the effectiveness of measures taken to ensure the security of personal data;

11.2.7. Provides detection of facts of unauthorized access to personal data and taking measures;

11.2.8. Restores personal data modified or destroyed as a result of unauthorized access to them (if there is a technical possibility of such recovery);

11.2.9. Establishes rules for access to personal data processed in the personal data information system;

11.2.10. Supervises measures to ensure the security of personal data used and the level of protection of personal data information systems.

12. The User has the right to demand from the Rights holder clarification (update) of his personal data, their blocking or destruction in case the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as withdraw his consent. Processing of personal data by sending a request to the Rights holder and (or) a request in writing by registered mail with a notice of delivery or personal provision at the location of the Rights holder. The address of the location of the Rights holder is indicated in the relevant section of the site. The specified request must contain the number of the main document identifying the User or his representative, information on the date of issuance of the specified document and the issuing authority, address of residence of the User, information confirming the User's participation in relations with the Rights holder (ID number User), or information that otherwise confirms the fact of personal data processing, the requirement to clarify, block or destroy the User's personal data or notice of withdrawal of consent to the processing of personal data, the signature of the User or his representative. The Rights holder is obliged to provide a reasoned answer on the merits of the User's request within 30 calendar days from the date of receipt of the request.

Geolocation data

13. The Rights holder receives with the help of the mobile application data on the User's location (geolocation data). Geolocation data is transmitted to the Rights holder only when using the mobile application. The user may, at its discretion, prohibit the transfer of geolocation data by changing the appropriate settings of their mobile device, but this may result in the inability to use the mobile application.

14. In order to provide the Customer with transport services, the Rights holder may provide the Customer with data on the User's location.

Payment details

15. To be able to pay the license fee by cashless payment using bank cards, the User can link the bank card to his ID-number. The bank card is linked by the User independently in the mobile application by specifying the following data:

15.1. Bank card number;

15.2. Bank card validity period;

15.3. Surname and name of the bank card holder;

15.4. Bank card security code.

16. Payment by non-cash payment using bank cards is carried out in accordance with the rules of international payment systems on the principles of confidentiality and security of payment. The security of the data provided by the User is ensured by compliance of the procedures with the requirements of the Payment Card Industry Data Security Standard and no one, including the Rights holder, can obtain them. Entering bank card data is carried out on a secure payment page of the acquiring bank, which provides the possibility of non-cash payment for services.

17. In order to withdraw funds in the personal account, the User provides the Rights holder with data on the account opened with the credit institution and other data necessary for the transfer of funds, including personal data of the User, namely:

17.1. Bank identification code of the credit organization;

17.2. Recipient's account number in the credit organization;

17.3. Surname, name, patronymic of the recipient;

17.4. Debit or credit (bank) card number.

18. The data provided by the User for the purpose of withdrawing funds from the personal account don`t allow the Rights holder to do any operations, except for operations on crediting funds to the User's bank account.

Cookies

19. The Rights holder may use the following types of cookies:

19.1. Cookies are strictly necessary. These cookies are required to navigate the site and use the services requested. This type of cookie is used during User registration and login. Without them, the services requested by the User become unavailable. These cookies are basic and can be both permanent and temporary. Without the use of this type of cookie, the site doesn`t work properly.

19.2. Operational cookies. These cookies collect statistics on the use of the site. These files don`t receive the User's personal information. All information collected by these cookies is statistical and anonymous. Purposes of using these cookies:

19.2.1. Obtaining statistics on the use of sites;

19.2.2. Evaluating the effectiveness of advertising campaigns.

These cookies are permanent and temporary, and can be classified as both primary and third-party cookies.

19.3. Functional cookies. This type of cookie is used to store information provided by the User (such as username, language or location). These files use anonymous information and don`t track the User's actions on other sites. Purposes of using these cookies:

19.3.1. Memorization of information on whether the User has been provided with any service before;

19.3.2. Improving the quality of interaction with the site as a whole by remembering the preferences chosen by the User.

These cookies can be permanent or temporary, and can be classified as both primary and third-party cookies.

19.4. Advertising cookies. This type of cookie is used to limit the number of ad views, as well as to evaluate the effectiveness of advertising campaigns. Advertising cookies are used to manage advertising materials on the site. Advertising cookies are placed by third parties - for example, advertisers and their agents. They can be both permanent and temporary. These files are related to advertising on the site provided by third parties.

20. You can block or delete cookies, as well as limit their effect in the settings of the browser used by the User.

User device data

21. The Rights holder with the help of a mobile application receives data about the User's device, applications installed on it and Internet connections. This category includes information about the device model, operating system, browser data, IP address, device IDs.

22. The collected data about the User's device don`t contain personal data of the User.

23. The purpose of collecting information about the User's device is the internal accounting of users of the mobile application, as well as the improvement of its operation.

Data on the mobile operator

24. The Rights holder with the help of the mobile application receives data on the operator that provides the User with mobile telephone services (mobile communication).

25. The collected data on the mobile operator don`t contain personal data of the User.

26. The purpose of collecting information about the cellular operator is to automatically set in the settings of the mobile application data about the country of location of the User and the interface language of the mobile application.

Order history

27. The Rights holder keeps a history of orders executed by the User, namely the start time of the order, the address of the place of delivery of the car, intermediate and final address of the route, the applicable tariff, method of payment and other data specified by the Customer.

28. The purpose of collecting information on the history of orders is to improve the quality of services provided by automatically filling in the parameters of the order using previously provided data, which reduces the time of order creation.