- 1. IMPORTANT INFORMATION
We do not intend to collect personal data of children or persons under the age of 18 (thirteen) years old.
Accordingly, the purpose of this Policy is to set out the basis on which we will process your Personal data when:
- You visit and use any page of our Website Platform, regardless of where you visit or use them from;
- You apply for, receive, pay and/or use any of our Services.
- You communicate with us or leave a query;
- You subscribe to our newsletters/updates;
- We need to share your personal data with the authorized third-parties to provide the services, especially for conducting KYC and AML procedure; and
- We measure or analyze the Website’s traffic.
- 2. COLLECTED CATEGORIES OF PERSONAL DATA AND WHY WE NEED IT
Depending on the type of Service you use, we might collect the following categories of personal data:
- your identification information necessary for your identification such as name, address, etc.;
- your phone number for authentication purposes;
- documents and information necessary for compliance with KYC and AML rules such as copies of your identification documents (passport, ID card, driving license or other documents for the compliance) and information from external sources such as public databases, credit bureaus, ID verification partners, resellers and channel partners, joint marketing partners, and social media platforms;
- data that identifies you such as your IP address, language, country, browser type, and version, time zone setting, browser plug-in types, some location information about where you might be, operating system and version;
- data on how you use the Website such as your URL clickstreams (the path you take through the Website), page response times, download errors, how long you stay on web pages, what you do on those pages, how often, and other actions;
- other personal data you share with us or personal data that we may legally obtain from some sources.
We never collect sensitive data. We do not use automated decision making or any kind of automated profiling. The recipients of the collected data are
- (1) the highest management level of our Company for whom it is necessary to process personal data for the functionality of the company and
- (2) third-party service providers
- 3. THIRD PARTY SERVICE PROVIDERS
We have third party service providers which are indicated below. Depending on the Service you use, you might interact or your data might be shared with the following third part services providers:
- Sum&Substance: https://sumsub.com for KYC/AML verification;
- Twilio: https://www.twilio.com/ for phone authentication;
- Powercash21: https://powercash21.com/ card payment service provider;
- Globitex: https://globitex.com/ for SEPA payment;
- Maxmind: https://www.maxmind.com/ services providing fraud-preventing and risk modeling tools;
- website analytics companies to analyze data and improve our services and the Website such as Google Analytics which is a part of the EU-U.S. Privacy Shield Frameworks which allow to transfer personal data outside the EU;
- advertising companies for marketing purposes such as Google AdWords;
- social media companies to promote and be present in social media such as Facebook, Instagram, LinkedIn, Twitter, YouTube, Telegram, GitHub, Discord, Medium, Reddit;
Please familiarize yourself with these providers and their privacy and liability policies. If you find any of these may not work for you, please do not access any of the Websites and do not use any of our Services.
- 4. LEGAL GROUNDS FOR THE PROCESSING
There are legal grounds necessary for the processing of personal data and we count on them to process your personal data. When we process personal data, we have obligations according to the applicable laws. We act as a data controller when we determine the purposes and means of the processing of your personal data. We use the main four grounds to process your personal data: consent, contract, legal obligation, and legitimate interests.
Consent – the freely given, informed, and unambiguous indication of your wishes to the processing of your personal data for a specific purpose which signifies agreement to the processing of personal data.
Contract – a legal ground for the processing of your personal data necessary for us to perform a contract or terms and conditions to which you are a party or in order to take steps at your request prior to entering into the contract or terms and conditions.
Legal obligations – a legal ground for the processing of your personal data when it is necessary for compliance with a legal obligation to which we are subject;
Legitimate Interests – a legal ground for the processing of your personal data when it is based on our legitimate interests or the legitimate interests of a third party, provided that those interests are not outweighed by your rights and interests and those interests have a specific purpose, they are necessary, and they are balanced.
- 5. PURPOSES AND LEGAL BASIS FOR THE PROCESSING
We process the data for:
- 6. You can exercise the following rights by contacting us.
- You have the right to access information about you, especially:
- the categories of data;
- the purposes of data processing;
- third parties to whom the data disclosed;
- how long the data will be retained and the criteria used to determine that period;
- other rights regarding the use of your data.
- You have the right to make us correct any inaccurate personal data about you.
- You can object to using your personal data for profiling you or making automated decisions about you. We may use your data to determine whether we should let you know the information that might be relevant to you.
- You have the right to the data portability of your data to another service or website. We will give you a copy of your data in a readable format so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you.
- You have the right to be “forgotten”. You may ask us to erase any personal data about you if it is no longer necessary for us to store the data for purposes of your use of the Website. Please note that we cannot grant this request if the data was collected for regulatory purposes for example AML/CFT purposes.
- You have the right to lodge a complaint regarding the use of your data by us. You can address a complaint to your national regulator (the list of the regulators are accessible via https://edpb.europa.eu/about-edpb/board/members_en.
Once we receive any of your requests we will consider and decide on it within one month unless there is a justified requirement to provide such information faster. This term may be extended according to the applicable law. We may request specific information from you to confirm your identity when necessary and reasonable. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. You do not need to pay a fee to access information or other rights but we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or refuse to comply with your request in these circumstances.
- You have the right to access information about you, especially:
- 7. RETENTION POLICY
We store personal data as long as we need it and the retention practice depends on the type of data we collect, regulatory burden, and how we use the personal data.
The retention period is based on criteria that include legally mandated retention periods, pending or potential litigation, tax and accounting laws, intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving.
In some circumstances, we may anonymize your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you. For the purposes of the KYC/AML, we will store and process your personal data for 5 (five) years.
- 8. SECURITY
We have security and organizational measures and procedures to secure the data collected and stored and to prevent it from being accidentally lost, used, altered, disclosed, or accessed without authorization. We allow disclosure of your personal data only to those employees and companies who have a business need to know such data. They will process the personal data on our instructions and they are obliged to do it confidentially.
You acknowledge that no data transmission is guaranteed to be 100% secure and there may be risks. You are responsible for your login information and password. You shall keep them.
- 9. CONTACT INFORMATION