This Privacy Policy is meant to describe you, as the user and/or the visitor of the https://yamacolimited.com (“Website”):

• What data is collected from you when you use or browse the Website;
• For what purposes these data are collected and on what legal basis;
• With whom these data may/will be shared;
• How long these data shall be stored;
• What rights can you exercise in application to the processing of your personal data.

Information about the Data Controller.

Under the Article 4 (7) of the Regulation 2016/679 of the European Union and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation” or “GDPR”), the “controller” means “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”.

The Website is controlled and operated by YAMAKO LIMITED, the Company incorporated under the laws of the Republic of Cyprus, Registration number: HE 315639, Registered address:  Prodromos, 75, ONEWORLD PARKVIEW HOUSE, Floor 3, Flat 302 2063, Nicosia, Cyprus. YAMAKO LIMITED hereinafter shall be referred to as the “Company”.

Web-address for correspondence: info@yamacolimited.com.

Personal data, collected from you by the Company.

Under the Article 4 (1) of the GDPR, personal data means “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”. The term “personal data” hereinafter shall be referred to as the “data”.

Automatically collected data. When you visit the Website, the following data about you are collected:

–  Your IP address, the information about your location, information about your mobile carrier operator or internet provider;

–  The information about your device: its operating system, the type and version of the browser, screen resolution, installed time-zone, the type of the device (its model and manufacturer);

– The information about your browsing session and any interaction(s) with the interface of the Website (for example, your interaction with dialogue boxes);

–  Information about the source, from which you visited the Website.

Data, collected by cookies. The Website uses cookies and other technologies to collect data on our users’ behaviour and their devices (in particular a device’s IP address (captured and stored only in anonymized form), device screen size, device unique ID (if applicable), browser information, geographic location (country only), preferred language used to display our Website), operating system, information about your mobile carrier operator or internet provider, the number of times you visited the Website, the subpages you visited, access time and other information about your browsing session. To find out more information about the cookies, please follow “The information about the Cookies”.

Communication data. When you contact the Company via the interface of the Website, you may provide to the Company the following information:

– Your email;

– Your name;

– Your message/request/inquiry, that may contain the information, that can fall within the definition of “personal data” under the GDPR.

The purposes and legal basis of the processing.

To operate and control the Website. Automatically collected data and the data, collected by cookies are used by the Company in order to: a) protect the Website, the server that makes the Website available, any linked websites from any attacks (including DDoS attacks); b) prevent the Website from being used for any illegal and fraudulent purpose.

The legal basis for this type of processing: Article 6 (1) (f) of the GDPR – processing is necessary for the purposes of the legitimate interests pursued by the Company.

To provide you with the Website. Automatically collected data and the data, collected by cookies are used to provide you with the Website in all its functionality and, in some cases, to provide you with the Website, tailored for your preferences.

The legal basis for this type of processing: Article 6 (1) (f) of the GDPR – processing is necessary for the purposes of the legitimate interests pursued by the Company and you.

To contact you. Your communication data are used in order to respond to your message or in order to discuss the potential business relationships between you and the Company. Additionally, the Company may send you promotional materials and news about the Company and the Services the Company Provides (if applicable and upon your consent).

The legal basis for this type of processing: i) Article 6 (1) (a) of the GDPR – you have given consent to the processing of your personal data for the purposes of this Privacy Policy; ii) processing is necessary for the performance of a contract to which you are the party or in order to take steps at the request of you prior to entering into a contract.

To comply with the legislation of the Republic of Cyprus and the European Union. The Company may use the data, collected from you, to perform its regulatory obligations and for the purposes of compliance with applicable legislation.

The legal basis for this type of processing: Article 6 (1) (с) of the GDPR – processing is necessary for compliance with a legal obligation to which the controller is subject.

To develop the Website and the services, provided by the Company. The data, provided by you, can be used to develop the Website (add new functions, develop existent ones). Additionally, your feedback may be used to correct errors and omissions on the Website (if any). In some cases, the Company will pseudonymize your data (keeping the data in such a manner that the data can no longer be attributed to a specific individual without the use of additional information) and use these data for research and analysis.

The legal basis for this type of the processing: i) Article 6 (1) (f) of the GDPR – processing is necessary for the purposes of the legitimate interests pursued by the Company; ii) in case of the processing of the anonymized data – the GDPR is not applicable (these data shall contain anything, by using of which you can be identified without additional information).

Recipients of your data.

Under the Article 4 (9) of the GDPR “recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.”

Here you can find the recipients of your data and the reason for the disclosure of your data to them:

Employees, affiliates, sub-contractors of the Company. Your personal data may be shared with this category of the recipients for the purposes: i) to provide you with the Website; and b) to enter into precontractual negotiations with you (if you are interested in the Services, offered by the Company).

Service providers. The Server, that makes this Website available may not belong to the Company. Thus, your information may be shared with the host provider(s) and other providers of services.

Analytics. The Company uses Analytics to better understand user`s need and optimize user`s experience with the Website. It includes Google Analytics, Cloudflare and other Analytics providers.

1. i) Google Analyticsis a web analytics service offered by Google that tracks and reports Website traffic. Google uses the data collected from you to track and monitor the use of the Website. This data is shared with other Google services. Google Analytics Opt-out Browser Add-on provides visitors and users with the ability to prevent their data from being collected and used by Google Analytics. To install Google Analytics Opt-out Browser Add-on, follow this link: https://tools.google.com/dlpage/gaoptout?hl=en.
2. ii) Cloudflare. The Company uses Cloudflare to protect the Website and servers, that make it available, from any information security threats and attacks. Cloudflare also provides several services such as DDoS (Distributed Denial of Service) attacks protection, SSL/TLS (end-to-end encryption) and caching of web assets. You can find further information about Cloudflare via the link: https://www.cloudflare.com/privacypolicy/.

Public authorities. The Company may share the data, collected from you, with the public authorities of the Republic of Cyprus or the European Union if the Company is/will be obliged to do this under the applicable legislation.

The period for which collected data will be stored.

Your data, provided to the Website shall be stored for that period, which is required for the concrete purpose of the processing. In respect of cookies, you can find the expiration date of the concrete cookie in the section “The Information about Cookies.” Pseudonymized data shall be stored for an unlimited period of time. In case, when the legislation of the Republic of Cyprus or the European Union may require additional storage period, this information shall be published in revised version of this Privacy Policy or notified to you.

Your rights under this Privacy Policy.

As the data subject, you have several rights, which you can realize by contacting the Company via email info@yamacolimited.com.

 

These rights are:

 

The right to access. You have the right to obtain from the Company confirmation as to whether or not personal data concerning you are being processed, and, if the Company indeed processes your personal data, to receive a copy of the personal data undergoing processing.

 

The right to rectification. You have the right to obtain from the Company the rectification of inaccurate personal data concerning you.

 

The right to erasure/to be forgotten. You have the right to obtain from the Company the erasure (removal) of your personal data. Upon your request, your personal data shall be removed. This right shall be applied if: i) your personal data are no longer needed for the purposes, for which these data were collected; and ii) the Company doesn’t need your personal data for the purposes of compliance with the legislation.

 

The right to object to processing. You have the right to object, on grounds relating to your particular situation, to processing of your personal data, if the grounds of this processing were necessary for the purposes of the legitimate interests pursued by the Company. Additionally, you have the right to object to processing of your personal data for direct marketing purposes (if applicable).

The right to restriction of the processing. You have the right to obtain from the Company restriction of the processing, in case if one of the following applies: a) you contested to the accuracy of the personal data – for a period enabling the controller to verify the accuracy of the personal data; b) the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead; c) the Company no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; d) you have objected to processing on the basis of your right to object pending to verification whether your legitimate grounds override those of the Company.

The right to withdraw consent. If you previously consented to the processing of your data, you have the right to withdraw this consent at any time. It means that the Company shall stop processing of the personal data, for the processing of which the consent was required, starting from the date of the withdrawal. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

The right to data portability. You have the right to receive from the Company the data, which were collected from you, in a structured, machine-readable format and have the right to transmit those data to another controller (simply, to another company). Nevertheless, this rule applies only to the processing, which was carried out by automatic means.

Please note, that these rights are applicable with some restrictions:

• If the Company is not sure about the identity of the requestor,the Company shall verify the identity of a user/visitor who requests for the realization of any of the rights before the implementation of this right.
• The Company may restrict the rights, specified above, or deny in realization of any of the rights, if this restriction or denial is grounded on the legislation, to which the Company is subject. In this case, the Company will specify to you the reason for the denial in the reply to your request.

The right to lodge a complaint with the supervisory authority. You can always connect with Company`s legal team for any issue concerning your privacy, including complaints. Nevertheless, if you deem, that your rights under the data protection legislation have been infringed, you can lodge a complaint with The office of The Commissioner for personal data protection of the Republic of Cyprus. The Website of the Commissioner: dataprotection.gov.cy.

For EU Residents – data transfer outside the EU.

The Company`s business is global, and some employees, affiliates and contractors of the Company may be located, incorporated and established in the jurisdictions outside the European Economic Area (EEA region). In some cases, these countries may not be determined as the country, that offers an adequate level of data protection. The Company warrants, that all non-EU employees, affiliates and contractors of the Company have signed with the Company proper Data Transfer Agreements, which obliges these employees, affiliates and contractors to process your data in accordance with this Privacy Policy. You should note, that by agreeing to this Privacy Policy, you hereby agree to the transfers of your data to the non-EU recipients.

Third-party Websites.

This Website may contain the links to the Websites, owned by the third parties. For example, links/hyperlinks to third-party`s websites (“third-party`s websites”). You follow those links/hyperlinks at your own risk. The Company bears no liability for the content of any of those Websites and bears no responsibility on anything, what can happen as a result of your visit to those third-party`s websites. The Company recommends you to visit “Privacy Policy” or “Data Policy” or another privacy document on any of the third-party`s Websites before submitting any information to the latter.

Changes to this Policy.

The Company may change, amend or modify this Privacy Policy from time to time. If the Company does, the Company will let you know by revising the date of this Privacy Policy. The Company encourage you to review the Privacy Policy whenever you access our Website.  By continuing to use our Website after Privacy Policy changes go into effect, you agree to be bound by the revised version of the document.

Processing of children`s data.

The Company does not process the data of individuals younger that fourteen (14) years old (unless the consent for the processing is given by the holder of parental responsibility over the child).

The Information about Cookies.

The Website uses cookies. A cookie is a small file of letters and numbers that placed on your electronic device. These cookies allow The Company to distinguish you from other visitors and users of the Website, which helps the Company to provide you with a good experience when you browse the Website and also allows the Company to improve the Website.

Do not track preferences. Do Not Track is a function that allows visitors not to be tracked by websites. Do Not Track options are available in a number of browsers including:

Google Chrome: https://support.google.com/chrome/answer/95647?hl=en&p=cpn_cookies

Opera: https://help.opera.com/en/latest/web-preferences/

Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies

Internet Explorer: https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorer

Safari for Mac: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Essential cookies These cookies are essential for the functioning of the Website. Without these cookies Website will not work. These cookies cannot be disabled.

Name of the cookie	Source	Expiration time	Purpose of use
__cfduid	Cloudflare.	1 month.	This cookie is a security feature deployed by us in order to protect this Website. The _cfduid does not allow for cross-site tracking. It also does not allow for Cloudflare to follow visitors from site to site by merging various _cfduid identifiers into a profile. Rather, Cloudflare places the _cfduid cookie in a visitor’s web browser after the user has met certain security requirements. The _cfduid is a one-way hash of certain values and cannot be used to personally identify the individual.
cookies_settings	The Company.	1 month.	This cookie remembers your cookie preferences on the Website.

Analytics cookies. We use these cookies for the purpose of analytics and to know the audience of the Website. You can always withdraw your consent to the usage of these cookies via the interface of the Website.

Name of the cookie	Source	Expiration time	Purpose of use
_ga	Google Analytics.	2 years.	These cookies are used to collect information about how visitors use the Website. We use this information in order to improve and enhance our Website.
_gid		2 hours.
_gat		1 minute.
_gat_gtag_UA_156796761_1		1 minute.