Last update: 19th day of September, 2023
The Policy establishes terms and conditions regarding:
- Personal Data Collected by the Company and What it is Used for
- Sharing of Personal Data with Third Parties
- International Transfers of Personal Data
- Client’s Rights in regards to Personal Data
- Security of Client’s Personal Data
- Personal Data Storage and Retention
- Information from Publicly Available Sources and Third Parties
- Links to third-party websites, plug-ins and applications
- Questions, requests and/or complaints
Data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
Personal Data means any information relating to an identified or identifiable natural person or legal entity (the Client);
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future;
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to the Client, in particular to analyze or predict aspects concerning that Client’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
Data Protection Officer
Personal Data Collected by the Company
When the Client Registers in the System
In the course of registration in the Company’s System, the Company collects the following information about you:
Date of birth;
Country of Residence;
For legal entities:
Date of Incorporation;
Country of Incorporation;
Director’s full name;
Names of all shareholders;
Name of all UBOs;
In order to verify the information provided by Client (Customer Due Diligence) Company may request the following documents and information from the Client:
Copy of a government-issued ID (e.g. national ID, passport);
Proof of address (e.g. bank statement, phone bill);
Liveness identification data (e.g. face image);
For legal entities:
Extracts from official registers and/or Certificates of Incorporation, Good Standing, Incumbency, Directors and Shareholders;
Memorandum and Articles of Association;
Proof of funds (e.g. bank statement)
Proof of address (e.g. office lease agreement)
Identification documents and liveness identification data (e.g. face image) for the Client’s directors, shareholders and UBOs;
When the Client enters the Website and Logs in to the Account
The Company collects:
- Log Data, i.e. information collected by the Company’s servers when the Client accesses the website. This includes IP address, log in data (username and password), referral URLs, type of browser and its settings, timezone and location, date and time of entry, language settings, viewed pages, cookie data
- Device Data, i.e. information about the Client’s device used to access the website and the Company’s services. This includes device type and model, operating system, application IDs, unique device IDs, mobile network information and crash data.
This data is collected and processed in order to detect and prevent fraud or violation of anti-money laundering policies and regulations, and to improve Company’s service.
When the Client Contacts the Company
When the Client contacts the Company through a support manager, a form on the website or in the System or any other means of communication, the Company collects the following Client’s data: name, surname, telephone number, email address, other relevant information provided by the Client in a communication form.
The Personal Data mentioned in this section is collected and processed in order to communicate with the Client and process his requests, questions and/or claims.
When the Client Signs Up for Updates
The Company may use Personal Data to send informational and/or promotional materials to the Client upon the Client’s express consent. The Client may withdraw the consent by communicating this to the Company; if applicable, by going through an “Unsubscribe” link in the bottom of an email sent by the Company; or by other means indicated in the provided materials.
The Company collects Cookie files in order to understand Client’s behavior when he/she visits the website and to improve Client’s experience. You can learn more about Cookie files and how the Company uses them in the Cookies Policy.
Sharing of Personal Data with Third Parties
The Company does not sell Client’s Personal Data, but may share it with third parties for the purpose of providing services, operating the website, processing Client’s requests, questions and/or claims.
The Company shares Personal Data only with third parties that were assessed by the Company in terms of compliance with applicable laws and regulation on Personal Data processing. Third parties that receive Personal Data will act in accordance with the Company’s instructions. Still, the Company is not liable for any acts or omissions made by third parties.
Third parties may be presented by:
- Company’s subsidiaries, mother entities or other affiliated entities
- Service providers (may include IT, web and SMS service providers, security and storage service providers, analyticts service providers, Customer Due Dilligence (KYC/KYB) service providers, virtual currency exchanges).
- Business partners (may include agents, auditors, legal counsels, financial institutions, professional advisors)
- Public authorities (this may be done in order to comply with local compliance requirements and authorities’ requests, prevent fraud and protect consumer rights).
Under this section, Client’s Personal Data may be provided to third parties in order to improve Company’s services, provide the Client with Company’s services in full and to comply with applicable regulatory requirements.
International Transfers of Personal Data
The Company may transfer Client’s Personal Data outside of the European Economic Area (EEA). The Company will make all reasonable efforts to ensure that the Personal Data is transferred in compliance with applicable regulation. In this sense, the Company may implement contractual safeguards (e.g. concluding Standard Contractual Clauses with third parties), technical and organizational measures, etc. The company may be exempt from the requirement to ensure that the Personal Data is transferred in compliance with applicable regulations, if Personal Data is transferred to a country that is considered by the European Commission as a country that provides adequate level of protection of Personal Data.
Client’s Rights in regards to Personal Data
Right to access.
The Client has the right to access to the Personal Data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the Company rectification or erasure of personal data or restriction of processing of personal data concerning the Client or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the Client, any available information as to their source;
- the existence of automated decision-making, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Client.
Right to rectify.
The Client has the right to correct and complete the provided Personal Data.
Right to erasure (“right to be forgotten”).
The Client may request the Company to delete Client’s Personal Data maintained by the Company. This right may be subject to exclusions in accordance with applicable laws and regulation.
Right to restriction of processing.
The Client may require the Company to restrict the processing of Personal Data if such request meets requirements of applicable data protection regulations. If the Client requests restriction of processing, Client’s Personal Data, with the exception of storage, will only be processed with the Client’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the relevant state.
Right to Data Portability.
The Client may require to provide the Personal Data concerning him or her, which the Client has provided to the Company, in a structured, commonly used and machine-readable format. The Company will provide Personal Data within reasonable time. If the Company is not available to provide Personal Data within reasonable time, the Company will notify the Client about that.
Right to object.
The Client has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. In particular, where the Client objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Right to avoid automated decision-making.
The Client has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Security of Client’s Personal Data
In order to protect the collected Personal Data, the Company implements comprehensive security measures that include physical, technical and administrative safeguards. Those measures are regularly tested and updated. Additionally, the Company conducts training on Personal Data processing for employees that interact with the Client’s Personal Data.
Personal Data Storage and Retention
The Company keeps Client’s Personal Data for a period of 5 years, starting from the date of the termination of the Client's relationship with the Company. Personal Data is stored for this period in order to comply with applicable Anti-Money Laundering requirements and to be able to respond to public authorities’ requests.
Information from Publicly Available Sources and Third Parties
The Company may obtain and use information from publicly available sources and third parties. This may include, but not limited to information from public registers, public court documents, sanction lists, lists of politically exposed persons (PEP), anti-fraud databases, social media platforms, websites, online search engines (for example Google), etc.
Links to third-party websites, plug-ins and applications
The Company’s website may contain links to third-party websites, plug-ins and applications. The Company does not control these third parties and their websites, plug-ins and applications.
Those sources may collect, process and/or share Client’s Personal Data. For this reason, the Company encourages the Client check Privacy Policies of third-party websites, plug-ins, applications and every website the Client visits.
The Company does not provide services to individuals that are under 18 years old (minors) and the Website should not be used by minors. If the Company finds that minors use the Website, the Company may block access to the Website for them.
Questions, requests and/or complaints