Last updated: May 7, 2025
1. Introduction
This Privacy Notice (“Notice”) describes how Dmitry Dubnitskiy as an individual entrepreneur (“Author” or “we”) collects, uses, and processes your personal data when you access mobile applications (“Application”) NYMF for iOS or Android or, website NYMF (“Website”), which is available https://nymf.com (jointly Application and Website – “Platform” or “NYMF”).
By using the Platform, you acknowledge and agree to the practices described in this Notice. If you do not agree to this Notice, you must discontinue using the Platform.
This Notice applies to all personal data collected through your use of the Platform, whether collected directly from you, through automated means, or from third parties authorized to share your information with us.
2. Important Information and Who We Are
Purpose of this Privacy Notice
This Privacy Notice aims to provide you with information on how NYMF collects, processes, and protects your personal data. It explains the types of data we collect, how we use it, your rights concerning your data, and how you can contact us if you have any questions or concerns.
Controller
NYMF is operated by Dmitry Dubnitskiy as an individual entrepreneur.
Name of Controller | Name: Dmitry Dubnitskiy, individual entrepreneur Registration number: 2824318437 Registered address: Ukraine, Dnipro, Kosmichna str 9 apt. 16, 49100 | ||
[email protected] – for general inquiries | |||
[email protected] – for privacy inquiries | |||
Name of Controller’s representative in European Union (for purposes of compliance with obligations under article 27 of GDPR) | Name: RomanSoft OÜ Registration number: 17053868 Registered address: Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Kopli tn 27, 10412 Email: [email protected] |
3. The Data We Collect About You
We collect various types of personal data through our mobile application and websites. The information we collect depends on how you interact with the Platform and the permissions you grant us.
Personal Data You Provide Directly:
– Identity Data: Name, email address.
– Device Tokens: Device token, account token, push notification token.
– Support Tickets Data: Data you provide when contacting our support team or submitting a support ticket.
– Subscription Data: Information related to your subscriptions, including status, type, and duration.
Automatically Collected Data:
– Device Information: Device ID, operating system, device type, model, language, and other related technical data.
– Analytics Data: Anonymous data collected through third-party analytics services (such as Firebase, Appsflyer, Crashlytics, Apple Analytics, Google Analytics).
– Cookies: Data collected via cookies and similar tracking technologies on our websites. This includes browsing data, preferences, and interaction history.
– Advertising Identifiers: Provided by your device if you have granted permission (e.g., Apple IDFA or Google Advertising ID).
– Push Notification Token: Used for sending personalized notifications and updates.
– IP Addresses: Collected for technical, security, and analytics purposes.
– Web Request Headers: Collected to ensure the proper functioning of the Platform.
– Favorites and Preferences: Information related to your saved favorites, personalized settings, and anonymized usage preferences.
– Content Viewing History: Anonymized data about content you have viewed or saved on the Platform.
Data Collected Through Third-Party Services:
We use several analytics and tracking tools to improve our services, understand user interactions, and optimize our content. These include:
– Firebase: User engagement tracking, analytics, crash reporting data. Privacy Policy: Firebase Privacy Policy.
– Appsflyer: Mobile attribution and marketing analytics data. Privacy Policy: Appsflyer Privacy Policy.
– Crashlytics: Application performance monitoring and crash reporting data. Privacy Policy: Crashlytics Privacy Policy.
– Apple Analytics: Application performance and user engagement analytics data. Privacy Policy: Apple Privacy Policy.
– Google Analytics: Website and Application analytics for visitor interaction analysis data. Privacy Policy: Google Privacy Policy.
– Google reCAPTCHA: IP-address and data on user interaction with Website and Application. Privacy Policy: Google Privacy Policy.
– Meta Pixel: Website and Application analytics for visitor interaction analysis data. Privacy Policy: Meta Privacy Policy.
– IPinfo: geolocation based on your IP-address. Privacy Policy: Privacy Policy.
Also:
- we receive marketing information and NYMF analytics from RomanSoft OÜ;
- we receive Payment Data from third party payment processors (regarding payments connected with Website – through RomanSoft OÜ), such as Stripe, PayPal, Google Pay, Apple Pay: Payment details provided when making purchases/payment for subscriptions through the Website or Application (such as transaction ID, payment method, but not full credit card details, which are handled by third-party payment processors).
We would like to put your attention to the fact that we never collect following types of data:
– Passwords: We do not collect or store your passwords. Authentication and login are handled through secure third-party systems.
– Search History: We do not store explicit search histories linked to individual users. Data is anonymized and used for analytics purposes only.
4. How We Use Your Personal Data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
– Where it is necessary to perform the contract we are about to enter into or have entered into with you (such as providing access to the NYMF Platform, managing your subscriptions, and delivering purchased content).
– Where you have provided your consent for us to use your personal data for specific purposes (such as marketing communications).
– Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
– Where we need to comply with a legal obligation (such as data retention requirements, responding to lawful requests by public authorities, and fulfilling regulatory obligations).
Purposes for Which We Will Use Your Personal Data
To process your personal data, we rely on the following lawful bases:
- performance of the contract — for the processing of personal data necessary for the negotiating on, conclusion, and performance of a contract (mainly, the Terms of Service) with you;
- legitimate interest — for the processing necessary for the development of our services, taking into consideration your interests, rights, and expectations;
- legal obligation — for the processing as required by applicable laws (for example, to comply with tax or KYC/AML regulations) or if requested by a law enforcement agency, court, supervisory authority, or another state-authorised public body;
- consent — for additional specific purposes.
If we collect personal data on the basis of legitimate interest or performance of the contract, we can use it for another purpose after checking that the new purpose is compatible with the original purpose.
When your data processing is based on a legal obligation or performance of the contract, you are obliged to provide your personal data. We need this data to comply with legal requirements or to properly provide you with our services. The failure to provide such data may have negative consequences, such as tax liability, inability to enter into a contract or provide services to you, etc.
We have set out below a description of all the ways we plan to use your personal data, and the legal bases we rely on to do so. Where appropriate, we have also identified what our legitimate interests are.
Purpose/Activity | Type of Data | Lawful Basis for Processing |
To register you as a new user | Identity Data, Device Tokens | Performance of a contract with you |
To provide and manage our services and Platform | Identity Data, Device Tokens, Analytics Data, IP Addresses, Web Request Headers, Payment Data, Essential cookies | Performance of a contract with you; Legitimate interest (improvement and maintenance of Platform functionality) |
To process your purchases, subscriptions, and transactions | Payment Data, Subscription Data | Performance of a contract with you |
To provide customer support and resolve issues | Identity Data, Support Tickets Data, Device Information | Performance of a contract with you; Legitimate interest (user satisfaction) |
To personalize your user experience | Favorites and Preferences, Push Tokens, Device Information, Content viewing story, Analytics Data | Legitimate interest (enhancing user experience) |
To provide targeted advertising and promotions | Advertising Identifiers, Analytics Data | Legitimate interest (marketing and revenue generation) |
To collect feedback and conduct research | Identity Data, Support Tickets Data, Favorites and Preferences | Legitimate interest (improving our Platform) |
To improve our Platform, products, services, and marketing strategies | Analytics Data, Device Information | Legitimate interest (enhancement of Platform) |
To comply with legal and regulatory obligations | All applicable data categories | Compliance with a legal obligation |
To detect, prevent, and respond to fraud, abuse, or security issues | All applicable data categories | Legitimate interest (protecting the Platform and its users) |
To display relevant advertisements based on your interests, enhance your user experience on our website and applications, to improve NYMF | Analytical, advertising, functional cookies | Consent |
5. Disclosures of Your Personal Data
We do not sell or trade your personal data. However, we may share your personal data with third parties for the purposes described in this Notice.
Sharing with Service Providers
We use the following trusted third-party service providers to share with them and process your personal data by them on our behalf:
– Firebase (Google LLC): Analytics, crash reporting, authentication services.
– Privacy Policy: Firebase Privacy Policy
– Appsflyer: Mobile attribution and marketing analytics.
– Privacy Policy: Appsflyer Privacy Policy
– Crashlytics (Google LLC): Application performance monitoring and crash reporting.
– Privacy Policy: Crashlytics Privacy Policy
– Apple Analytics: Application performance and user engagement analytics.
– Privacy Policy: Apple Privacy Policy
– Google Analytics: Website analytics for visitor interaction analysis.
– Privacy Policy: Google Privacy Policy
– IPinfo: receiving geolocation data based on your IP-address.
– Privacy Policy: Privacy Policy.
– SendPulse: email automation platform.
– Privacy Policy: Privacy Policy.
– CloudFlare: cloud services.
– Privacy Policy: Privacy Policy.
– Facebook: analytics and advertisement.
– Privacy Policy: Privacy Policy.
– RomanSoft OÜ: Responsible for marketing, payment processing for payments connected with Website.
Sharing for Legal Reasons
We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (such as court orders or subpoenas). This includes sharing data to:
• Comply with applicable laws, regulations, and legal processes.
• Enforce our user agreement and other agreements, including investigation of potential violations.
• Protect the rights, property, or safety of NYMF, its users, or others.
Third-Party Links
Our Platform may contain links to third-party websites, plugins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Platform, we encourage you to read the privacy policy of every website you visit.
6. International Transfers
Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. This may include transferring your data to third parties that operate in countries outside the European Economic Area (EEA), the United States, or other jurisdictions with differing data protection standards.
Data Transfers Outside of the EEA
If you are located within the EEA, your personal data may be transferred to third-party service providers in countries outside the EEA. Where we transfer your personal data to a third party in a country that is not subject to an adequacy decision by the European Commission, we implement appropriate safeguards to ensure your personal data remains protected in accordance with this Privacy Notice.
These safeguards may include Standard Contractual Clauses (SCCs) in order to ensure that the third party is bound by contractual obligations to protect your data to the same standard as required within the EEA.
7. Data Security
We are committed to ensuring the security of your personal data. We use appropriate technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction.
Security Measures Implemented
– Encryption: We use encryption technologies (such as SSL/TLS) to protect your data during transmission between your device and our servers.
– Access Control: Only authorized employees, contractors, and agents who need to know personal data to operate, develop, or improve our services are given access to your data.
– Data Minimization: We limit the collection of personal data to what is necessary for the purposes described in this Privacy Notice.
– Regular Security Assessments: We conduct periodic security reviews and tests to ensure our infrastructure and systems are secure and functioning correctly.
– Anonymization & Pseudonymization: Where possible, we anonymize or pseudonymize personal data to reduce the risk to your privacy.
– Backup & Recovery: We maintain data backups and disaster recovery plans to protect against data loss.
Despite our efforts to maintain a high level of security, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we strive to protect your data as effectively as possible.
8. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Retention Periods
Type of Data | Retention Period |
Account Information (Name, Email, Device Tokens) | Retained as long as your account remains active. If your account is deleted, we will retain your personal data for a period of up to 5 years to comply with legal obligations and for legitimate business purposes. |
Advertising Identifiers, Analytics Data | Retained for up to 2 years for improving our services and understanding user preferences. Aggregated data that does not identify a specific individual may be retained indefinitely. |
Support Tickets | Retained for 5 years to assist with customer inquiries and maintain accurate records of user interactions. |
Subscription and Payment Data | Retained for the duration of the subscription period and up to 7 years thereafter to comply with tax and legal obligations. |
IP Addresses and Web Request Headers | Retained for up to 1 year for security and troubleshooting purposes. |
Cookies | Retention period varies based on the type of cookie (session or persistent). Persistent cookies are typically retained for up to 2 years unless deleted by the user. |
In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
If you choose to delete your account, we will delete or anonymize your personal data unless we are required by law to retain certain information or have a legitimate business interest to do so (such as resolving disputes or enforcing our agreements as mentioned herein).
9. Accessing and Correcting Your Personal Data
We are committed to providing you with control over your personal data. You have the right to access, update, and delete your personal data at any time.
Your Rights
Depending on your jurisdiction, you may have the following rights:
1. Right of Access: You can request a copy of your personal data that we hold.
2. Right to Rectification: You can request correction of any inaccurate or incomplete personal data.
3. Right to Erasure: You can request the deletion of your personal data, subject to certain exceptions (e.g., ongoing legitimate business needs or legal requirements).
4. Right to Restrict Processing: You can request that we suspend the processing of your personal data in certain scenarios.
5. Right to Data Portability: You can request the transfer of your personal data to you or a third party in a structured, commonly used, and machine-readable format.
6. Right to Object: You can object to the processing of your personal data for specific purposes, such as direct marketing.
7. Right to Withdraw Consent: Where we rely on your consent to process your data, you can withdraw it at any time.
How to Exercise Your Rights
You can exercise your rights by contacting us at:
Email: [email protected]
We will respond to your request within one month of receiving it. In some cases, it may take us longer if your request is particularly complex or if you have made multiple requests. In such a case, we will notify you and keep you updated on the progress.
Identity Verification
To protect your privacy and ensure security, we may need to request specific information from you to confirm your identity before we process your request. This is a security measure to ensure that personal data is not disclosed to any unauthorized person.
10. Withdrawing Your Consent
If you have provided your consent for the processing of your personal data, you have the right to withdraw your consent at any time. However, please note that withdrawing your consent will not affect the legality of any processing conducted prior to your withdrawal.
How to Withdraw Your Consent
You can withdraw your consent by contacting us at:
Email: [email protected]
Upon receipt of your request, we will stop processing your personal data for the specific purpose(s) you initially agreed to, unless we have another legal basis for continuing the processing (such as legal obligations or legitimate business interests).
Please note that withdrawing your consent may result in limited functionality of certain features of the NYMF platform or may prevent you from accessing specific services altogether.
11. Your United States of America resident’s RightsYour rights vary depending on the state of your residency, as indicated below.
Right | Description | Area | |
Right to access | You can request an explanation of the processing of your personal data. |
|
|
Right to correct | You can change the data if it is inaccurate or incomplete. |
|
|
Right to delete | You can send us a request to delete your personal data from our systems. |
|
|
Right to portability | You can request all the data you provided to us and request to transfer data to another controller. |
|
|
Right to opt out of sales | The right to opt out of the sale of personal data to third parties. |
|
|
Right to opt out of certain purposes | The right to opt-out of processing for profiling/targeted advertising purposes. |
|
|
Right to opt out of processing of sensitive data | The right to opt-out of processing of sensitive data. |
| |
Right to opt in for sensitive data processing | The right to opt in before processing of sensitive data. |
|
|
Right against automated decision-making | A prohibition against a business making decisions about a consumer based solely on an automated process without human input |
|
|
Private right of action | The right to seek civil damages from a controller for violations of a statute. |
| |
To exercise your rights, contact us | |||
We will answer your request within 30 to 60 days, depending on the state and legislative requirements. If your complaint is not satisfied, you can submit a complaint with the Federal Trade Commission. | |||
Please note! Some states do not have privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us. |
Do not sell my personal information
California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out of the “sale” of their personal information by a company governed by CCPA.
We do not sell your personal information to anyone nor use your data as a business model.
However, we support CCPA by allowing California residents to opt out of any future sale of their personal information. If you would like to record your preference that we will not sell your data in the future, please contact us.
Do-not-track requests
California residents visiting the Platform may request that we do not automatically gather and track information about their online browsing movements across the Internet.
Such requests are typically made through web browser settings that control signals or other mechanisms that allow consumers to exercise choice regarding collecting personal data about an individual consumer’s online activities over time and across third-party websites or online services.
We currently do not have the ability to honor these requests. We may modify this Privacy Notice as our abilities change.
12. Your Resident’s of Ukraine Rights
Right | Description |
The right to be informed | You have the right to know about the sources of collection, location of your personal data, the purpose of their processing, the location of the owner or the place of residence of the owner or manager of personal data, or to give an appropriate order to receive this information. |
The right to request information on the terms of disclosure | Upon request, you have the right to receive information about the conditions for granting access to personal data, including information about third parties to whom your personal data is transferred. |
Right to access | You can request access to and receive all of your personal data that we store. |
The right for reply | You have the right to receive a response on whether your personal data is processed and the content of such data. We provide such a response no later than thirty calendar days from the date of receipt of your request. |
Right to object processing | You can send us a reasoned request to object to the processing of your personal data. |
The right to change or delete | You may send us a request with a reasoned request to change or delete your personal data if this data is processed unlawfully or is inaccurate. |
The right to data protection | You have the right to protect your personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision, as well as to protect against the provision of information that is inaccurate or discrediting to your honor, dignity and business reputation. |
The right to complain | You can file a complaint regarding the processing of your personal data with the Ukrainian Parliament Commissioner for Human Rights by e-mailing [email protected] or in court. |
The right to apply for legal remedies | You can protect your personal data by means of protections provided by law. |
The right to make reservations | You may make reservations regarding the restriction of the right to process your personal data when providing consent. |
The right to withdraw consent | You may withdraw your consent to the processing of personal data at any time. You may also make reservations regarding the restriction of the right to process your personal data when providing consent. |
The right to know the mechanism of automatic processing | You can send us an inquiry about whether we use automatic processing of personal data. |
The right to be protected from an automated decision that has legal consequences for you | You can send us a request to appeal the results of an automated decision that has legal consequences for you. |
Please note! We may ask you to verify your identity before responding to your request. We will process your request and respond to you within 30 days of receiving it. |
13. Your EEA/UK Legal Rights
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), you have rights under the General Data Protection Regulation (GDPR) and the UK GDPR. These rights include:
Your Rights Under GDPR
1. Right to Access: You can request a copy of your personal data that we hold and verify how we are using it.
2. Right to Rectification: You can request that we correct any inaccuracies or complete any incomplete data.
3. Right to Erasure (Right to be Forgotten): You can request that we delete your personal data, subject to certain legal obligations.
4. Right to Restrict Processing: You can request that we limit the processing of your personal data in specific circumstances.
5. Right to Data Portability: You can request the transfer of your personal data to you or another organization in a structured, commonly used, and machine-readable format.
6. Right to Object: You can object to the processing of your personal data if you believe your rights outweigh our legitimate interests.
7. Right to Withdraw Consent: If we rely on your consent to process your data, you can withdraw it at any time.
8. Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, particularly in your country of residence or where an alleged infringement of data protection laws occurred.
Submitting Requests
You can exercise your GDPR rights by contacting us at:
Email: [email protected]
We will respond to your request within one month of receiving it. If your request is particularly complex or if you have made multiple requests, we may need more time (up to two additional months). We will notify you if this is the case and provide a reason for the delay.
14. Your Brazilian Privacy Rights
Under the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados – LGPD), users in Brazil have the following rights:
1. Right to Access: You have the right to confirm the existence of data processing and access your personal data.
2. Right to Rectification: You can request the correction of incomplete, inaccurate, or outdated data.
3. Right to Anonymization, Blocking, or Deletion: You can request anonymization, blocking, or deletion of unnecessary or excessive data.
4. Right to Data Portability: You can request the transfer of your personal data to another service provider.
5. Right to Information: You have the right to know which entities your personal data has been shared with.
6. Right to Revoke Consent: You can withdraw your consent at any time for the processing of your personal data.
7. Right to Complain: You have the right to submit a complaint to the National Data Protection Authority (ANPD) if you believe your data rights have been violated.
Submitting Requests
To exercise your LGPD rights, please contact us at:
Email: [email protected]
We will respond to your request within 15 days of receiving it.
15. Your Turkish Privacy Rights
Under the Personal Data Protection Act No. 6698 (“DPL”) of Turkey, data subjects located in Turkey have the following rights:
Your Rights Under DPL
1. Right to Be Informed: You have the right to be informed about how your personal data is processed.
2. Right to Access: You can request information about whether your personal data has been processed and obtain a copy of your personal data.
3. Right to Rectification: You can request the correction of inaccurate or incomplete personal data.
4. Right to Erasure: You can request the deletion or destruction of your personal data under certain conditions.
5. Right to Restriction: You can request that we restrict the processing of your personal data in certain situations.
6. Right to Data Portability: You can request the transfer of your personal data to another data controller.
7. Right to Object: You can object to the processing of your personal data, particularly if processed for direct marketing purposes or based on legitimate interests.
8. Right to Complain: You have the right to lodge a complaint with the Personal Data Protection Authority (KVKK) if you believe your data rights have been violated.
Submitting Requests
You can exercise your DPL rights by contacting us at:
Email: [email protected]
We will respond to your request within 30 days of receiving it. If we require more time, we will inform you of the reason for the delay.
16. Your Canadian Privacy Rights
Under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), users in Canada have the following rights:
Your Rights Under PIPEDA
1. Right to Access: You can request to access the personal data we hold about you.
2. Right to Correction: You can request that we correct any inaccuracies or update your personal data.
3. Right to Withdraw Consent: You can withdraw your consent for the processing of your personal data at any time.
4. Right to File a Complaint: You have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) if you believe your data rights have been violated.
5. Right to Know: You have the right to know how your personal data is collected, used, or disclosed.
Submitting Requests
You can exercise your PIPEDA rights by contacting us at:
Email: [email protected]
We will respond to your request within 30 days of receiving it. If we need more time, we will inform you and provide an explanation for the delay.
17. Other Jurisdictions
If you are located in a jurisdiction not explicitly mentioned above, you may still have rights under applicable local privacy laws. We will endeavor to comply with those rights in accordance with the relevant laws and regulations.
Submitting Requests
Please contact us via:
Email: [email protected]
We will respond to your request as required by applicable law.
18. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect information about your activity on our website and mobile applications. Cookies are small text files that are placed on your device to collect information about your interactions with our services.
Types of Cookies We Use
1. Essential Cookies: Necessary for the operation of our website and services. These cookies do not collect personal data and cannot be disabled.
2. Analytical Cookies: Used to collect information about how you use our services, allowing us to improve user experience and optimize our Platform. These include tools such as:
– Google Analytics (Privacy Policy)
– Facebook Analytics (Privacy Policy)
– Appsflyer (Privacy Policy)
3. Advertising Cookies: Used to display relevant advertisements based on your interests. These cookies are only placed if you provide explicit consent.
4. Functional Cookies: Remember your preferences and enhance your user experience on our website and applications.
Managing Cookies
You can control or disable cookies through your browser settings. However, disabling essential cookies may affect the functionality of our services.
If you want to turn off cookies, you can find instructions for managing your browser settings at these links:
19. Changes to This Privacy Notice
This Privacy Notice is developed according to the General Data Protection Regulation, California Consumer Privacy Act (CCPA), US privacy legislation, Canada, Brazil, Turkey, Ukraine privacy legislation, other applicable privacy laws, and best privacy practices.
We keep our Privacy Notice under regular review. You are encouraged to review this Notice periodically to stay informed of our practices. Continued use of the Platform following the posting of updates constitutes your acceptance of the changes.
If there are material changes to the Privacy Notice or NYMF that affect your data privacy rights, we will notify you by displaying information on the Website / Application and, if necessary, ask for your consent.