Version: 1.0
Publication Date: 30.12.2025
Effective From: 30.12.2025
Service: Gatok (hereinafter referred to as "Service", "We", "Operator")
Website/Domain: gatokai.com
Contact for Personal Data Inquiries: hello.gatok@gmail.com
1. General Provisions
1.1. This Policy defines the procedure and conditions for the processing of personal data of users of the Gatok Service in accordance with applicable data protection legislation in Latin American (LATAM) countries, as well as other applicable regulations.
1.2. The operator of personal data is the administrator (owner) of the Gatok Service. As of the date of publication of this Policy, the Service may operate without the formation of a legal entity; in this case, the obligations of the personal data operator are fulfilled by a person who actually determines the purposes and means of processing personal data.
1.3. By using the Service and/or providing us with data, the user confirms that they have read the Policy and understand its terms.
2. Terms
2.1. Personal data (PD) — any information relating directly or indirectly to a specific or identifiable individual.
2.2. Processing of PD — any action (operation) or set of actions with PD, including collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer, anonymization, blocking, deletion, destruction.
2.3. User — an individual using the Service.
3. What Data We Process
3.1. We may process the following categories of PD (depending on what the user inputs and which functions of the Service are used):
- registration data: e-mail, phone number, nickname/ID in messenger;
- profile data: name/nickname, settings, preferences;
- data provided when contacting support: message text, attachments, technical information;
- technical data: IP address, cookies/identifiers, browser/device data, event logs, request metadata;
- payment data (if paid features are enabled): payment fact, tariff, receipt composition, transaction identifiers; we do not store bank card details if payment is made through a payment provider.
3.2. We do not aim to process special categories of PD (for example, health data) and biometric data. If the user uploads such information into content/input fields, they do so voluntarily and at their own risk; we process it as part of user content solely for the provision of the service (see section 4).
4. Purposes and Legal Grounds for Processing
4.1. Purposes of processing:
- providing Service functionality, registration, and account management;
- fulfilling user requests, feedback, and support;
- ensuring security, preventing abuse and fraud;
- improving Service quality (analytics, diagnostics, testing);
- fulfilling requirements of applicable LATAM legislation;
- sending service notifications (non-promotional) about the operation of the Service.
4.2. Legal grounds:
- conclusion and execution of a contract (user terms) at the user's initiative;
- user consent (in cases where it is required);
- legitimate interests of the Operator (for example, ensuring security and stable operation), while maintaining a balance of the rights and freedoms of the user.
4.3. If a separate consent is required by law in a specific case, we request it explicitly through the interface/checkbox/form.
5. Conditions of Processing and Data Localization
5.1. Processing of PD is carried out using automation tools and/or without them.
5.2. Localization when collecting PD of LATAM users: when collecting PD, the Operator ensures compliance with requirements for storing and processing databases on servers that meet the standards of Latin American countries.
5.3. Cross-border transfer: if foreign services/providers are used for certain functions, cross-border transfer is allowed only if the requirements of LATAM legislation are met and if there are necessary grounds/notifications/consents, when required.
6. Cookies and Analytics
6.1. The Service may use cookies and similar technologies for: authorization, saving settings, protection, measuring performance, and improving the product.
6.2. The user can limit cookies in their browser settings. Some functions of the Service may not work correctly when cookies are disabled.
7. Data Transfer to Third Parties
7.1. We do not sell PD.
7.2. Transfer is possible:
- to contractors who help ensure the operation of the Service (hosting, mailings, analytics, payments, support) — strictly to the extent necessary for providing services, and with contractual obligations regarding confidentiality/security;
- upon lawful request from authorized state bodies of LATAM countries.
8. Storage Period and Deletion
8.1. We store PD no longer than necessary for the purposes of processing unless a different period is established by law.
8.2. Upon user request and in the absence of legal grounds for continued processing, we cease processing and delete/anonymize PD within a reasonable time.
8.3. Backups may be retained for a limited time for recovery and security purposes.
9. User Rights
9.1. The user has the right to:
- receive information about the processing of their PD;
- request clarification, blocking, or destruction of PD if there are grounds;
- withdraw consent (when processing is based on consent);
- appeal the actions/failure to act of the Operator to the authorized data protection authority in their jurisdiction or to court.
9.2. To exercise their rights, the user sends a request to the contact in the "header" of the Policy. We may request reasonable information to confirm identity to avoid disclosing data to third parties.
10. Security Measures
10.1. We apply reasonable organizational and technical measures to protect PD (access control, encryption during transmission, logging, backup, rights limitation, data minimization).
10.2. Despite protective measures, absolute security on the internet is not guaranteed.
11. Processing of Data of Minors
11.1. The Service is primarily intended for individuals aged 18 and older.
11.2. If the user is under 18 years old, they must use the Service with the consent of a legal representative and provide data only with such consent.
12. Notification to the Authorized Data Protection Authority
12.1. In cases where the law requires notification of the commencement of PD processing, the Operator sends a notification to the authorized data protection authority or acts within the exceptions provided by law.
13. Changes to the Policy
13.1. We may update the Policy. The new version comes into effect upon publication unless otherwise specified.
13.2. The user is obliged to independently monitor the current version.