1. General provisions

1.1. User data of the mobile application BMIP Track (here in after referred to as the Application) is confidential. Boomerangs (hereinafter referred to as the Organization) does not disclose user data of the Application (hereinafter referred to as the user data) to third parties unless it is required by the applicable law.

1.2. This Privacy Policy specifies the rules for processing user data related to both personal data in compliance with the applicable law and non-personal data, and it also contains data on the applied requirements for the protection of user and personal data. Installing and using the Application, the user gives their consent to the Organization for their personal data processing in compliance with this Privacy Policy.

1.3. This Privacy Policy shall be governed by the provisions of the applicable law as well as other laws and regulations related to user data protection and privacy issues.

2. User data contents

2.1. User data of the Application consists of:

2.1.1. Data entered by the user in the Application database (hereinafter referred to as the   Application database).

2.1.2. User contact details specified during the registration process in the support service: last and first names, a company name, email address, phone number (hereinafter referred to as the user contact details).

2.2. Non-personal data on the Application performance, collected by the Organization for the purpose of the Application enhancement and development, shall not be considered as user data and identified with any particular user.

2.3. Biometric personal data, as well as data related to race, national origin, political opinions, religion or philosophical beliefs, health condition, private life, shall not be processed with the use of the Application.

3. Cases and purposes of user data processing

3.1. Data entered by the user in the Application database shall only be processed on the user device where the Application is installed. The Organization does not have any access to the data and does not process it. The user can apply services and tangible media of third parties to store the Application database and its backup copies. In this case, relations on user data processing and protection shall be subject to users’ agreements with such third parties.

3.2. The user contact details are processed only for the implementation of the agreement with users, namely providing technical support, user tracking, and other similar purposes.

3.3. The Organization processes only such personal data that corresponds to the processing goals.

3.4. Processing of user personal data in the Organization can also be implemented for the purposes of and in cases directly regulated under the applicable law.

3.5. Installing and using the Application, the user gives their consent to the Organization for charging a third party with their personal data processing (the user contact details) on condition that the third party shall ensure the user data privacy and security. The third party that the Organization charges with personal data processing does not have to receive the consent from the personal data owner for such processing. The Organization shall bear responsibility to the personal data owner for the actions of the third party that was charged with personal data processing.

4. The transborder transfer of personal data

4.1. The Organization has the right to perform the transborder transfer of personal data to the territory

of states that can ensure adequate protection of the rights of personal data owners.

4.2. In cases, when the applicable law restricts the storage space for personal data of nationals of the

state concerned, the Organization records, systematizes, accumulates, stores, specifies (updates,

changes), withdraws the user contact details, being the personal data of such nationals, with the use of

databases located on the territory of the state concerned, except for cases provided by the applicable

law.

5. Measures taken by the Organization to ensure user data privacy and regulatory compliance in the

field of personal data

5.1. The Organization takes required and appropriate steps to avoid unauthorized access to user data, its

intended or accidental blocking, modification, destruction, and disclosure.

5.2. A person is appointed in the Organization who is responsible for personal data processing.

5.3. The present document is published in the Organization that defines the Organizations policy in

terms of personal data processing. Local regulations are published in the Organization on issues of

personal data processing as well as regulations specifying procedures aimed at preventing and detecting

violations of the applicable law, elimination of consequences of such violations.

5.4. The Organization takes legal, organizational, and technical measures to ensure personal data

security.

5.5. The Organization performs the internal control to ensure that personal data processing conforms to

the applicable law in the field of personal data, the present Policy, and any other Organization’s local

regulations related to the issues of personal data processing.

5.6. The Organization estimates damage that can be caused to personal data owners in case of violation

of the applicable law, correlation of such damage and measures taken by the Organization that ensure

regulatory compliance in the field of personal data.

5.7. All Organization's employees, directly involved in personal data processing, are made aware of the

provisions of the applicable law on personal data processing, the present document, and any other local

regulations of the Organization taken on issues of personal data processing.

6. Final provisions

6.1. The current version of the Policy is stored in paper records at the address and location of the sole

executive body of the Organization.

6.2. In the event of any changes made to the title of the Policy, the date of approval of the current

version of the Policy is specified. The users who continue applying the Application after this date are

considered to be notified on the coming into force of a new version of the current Policy.