Company is the controller, processors and responsible for your personal data. Being the controller, the Company independently determines the personal data processing purposes and means.
This Policy is drafted in accordance with the provisions of GDPR Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) and other applicable laws and regulations
We will provide notice of any amendment to this Policy by posting any revised document to the Website and updating the “Last updated” field above accordingly and we will notify you prior to such an amendment come into effect. We are not obligated to provide notice in any other method beyond these. Any change to this Policy will be effective immediately upon such notice and apply to any ongoing or subsequent use of the Website and Services.
The processing of your personal data in relation to your use of Website and/or use of Services, will be subject to this policy. If you disagree with any part, of this Policy then you may not access the Website and/or use Services. Should you disagree with any provision of this Policy you shall cease using the Website or any Services immediately. If you are using the Website, Services in your own name or on behalf of any entity, you acknowledge this Policy on your or such entity’s behalf (when applicable).
The processing means any operation or set of operations which is performed on personal data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, examination, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, sampling, erasure or destruction.
The agreement means any agreement between you and Company, including License to use Services and Website, an any other agreements concluded between you and Company while using Services and/or Website.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Personal data means any information relating to you as an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
- General Provisions
- Data Protection Officer. Being the controller, Company appoints a data protection officer (DPO), who is responsible for overseeing questions in relation to your data protection. If you have any questions in relation to this Policy, you are entitled to contact using the details set out below: firstname.lastname@example.org. Users, being a citizens or residents of European Union, have the right to make a complaint at any time to applicable to you Data Protection Authority and can find contact details of their National Data Protection Authority online at: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
- In You Fail to Provide Your Personal Data. Company needs to collect and process your personal data under terms of this Policy and agreement(-s) we have with you and if you fail to provide that data when requested, Company may not be able to perform the agreement(-s) we have or are trying to enter into with you. In this case, Company may have to terminate any License and/or Service and/or refuse your usage of Website, but you will be notified if this is the case at the time.
- Collecting and Using of Data
Company may use different methods to collect data from and about you by its own or with engage of third parties include through:
- Direct interactions. You may give to the Company your identity and contact data by filling in online forms provided on the Website or while usage of our Services. This includes personal data you provide when you create an account on Website, submit your information for identity verification, use Website or Services.
When you are using the Website and/or Services, you may provide your personal data and information, including but not limited to your name, email address, mobile phone data, passport, ID or other government-issued ID, residency, date of birth, physical address, bank account information, payment card (debit/credit card) information and another information required to use our Website and/or Services.
- Third parties or publicly available sources. Company may receive personal data about you from various third parties, namely technical data (like usage data, and other information automatically collected from your browser or mobile device; this information may include your IP address; browser type and version; preferred language; geographic location using IP address or the GPS, wireless, or Bluetooth technology on your device; operating system and computer platform) from analytics providers such as Google Analytics, Yandex.Metrika and any other service providers. This allows Company to record and analyse how you use Website and Services. Company uses this data on the basis of its legitimate interest as a business in improving our understanding of your needs and preferences in order to constantly enhance our services and improve our Website and Services. You may at any time disable collection of your data by these analytics providers, as described on their profile websites.
- Do Not Track. Our Services and Website currently does not respond to "Do Not Track" signals and operates as described in this Policy whether or not a Do Not Track signal is received. If we do so in the future, we will describe how we do so in this Policy.
- Aggregated Data. Company also may collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, Company may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if Company combines or connects aggregated data with your personal data so that it can directly or indirectly identify you, Company treats the combined data as personal data which will be used in accordance with this Policy.
In this Policy, we will provide multiple examples of how personal data we collect may be used and why it is important. For example, when you use our Website and Services, we must collect your name, email address, proof of identity, proof of residence, source of funds information and another information required to complete the agreement. Some of the reasons that we collect personal Information include to:
- Provide our products and services, including our Apps and this Site, and improve them over time;
- Allow you to download and purchase products and services;
- Personalize and manage our relationship with you, including introducing you to products or services that may be of interest to you or to provide customer support;
- Investigate, respond to, and manage inquiries or events;
- Work with and respond to law enforcement and regulators; and
- Research matters relating to our business such as security threats and vulnerabilities.
- Bases for Data Processing. The data we collect and the data you provide to us is processed:
- for the performance of the agreement between you and us and/or taking steps, at your request, to enter into such a contract;
- for our legitimate interests, namely the proper administration of our business, the monitoring and improving of our Website and Services, and the protection and assertion of our legal rights, your legal rights and the legal rights of others; and
- in limited circumstances, further to your consent.
- Automated Decision Making. We use automated processes to check Know-Your-Client (KYC) and Anti-Money Laundering (AML) data you provide to us in order to assess whether you are located in a banned country and, therefore, whether or not we are legally able to allow you to use our Services. However, those automated process support a decision-making process that, in most cases, is conducted by humans, who will review any red flag issues raised by the automated processes. In some cases, decisions related to KYC data (and which are necessary to establish whether or not we can enter into a contract for Services with you) will be entirely automated.
- Period of your personal data processing:
- If you are a citizen of a European Union country, your personal data processing period ends in 5 (five) years from the termination of interaction between you and company under the agreement. The personal data storage period may be extended from 5 (five) to 7 (seven) years upon the competent authority request.
- If you are not a citizen of a European Union country, your personal data processing period ends in 10 (ten) years from the termination of interaction between you and company under the agreement.
In some circumstances you can ask us to delete your data. Please note that if personal data is erased at your request, we will only retain such copies of the information as are necessary to protect our or third-party legitimate interests, comply with governmental orders, resolve disputes, troubleshoot problems, or enforce any agreement you have entered into with us. In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform the Agreement with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us.
- Data Security. Company has put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, Company limits access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on instructions of Company and they are subject to a duty of confidentiality.
Company has put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Numerous studies have established that data stored in the cloud is less likely to be lost, deleted or leaked than data stored on a personal computer. All Company’s data is fully encrypted at rest and in transit, and Company employs state-of-the-art firewall and back-up technology. All Company’s data is continuously backed up in several high security access-controlled data centers in different locations.
- Sharing Data.We may share your information as follows:
- If we've aggregated or de-identified the information, so that it cannot reasonably be used to identify you;
- With third party service providers who we use in delivering our Services and Website, including certain advertising, referral, operations, financial services and technology services (such as hosting providers, identity verification, support, payment, and email service providers);
- If required by applicable law or legal process, or if we believe it is in accordance with applicable law or legal process;
- To protect the rights, property and safety of Etelarantа, our users and the public, including, for example, in connection with court proceedings, or to detect or prevent criminal activity, fraud, material misrepresentation, or to establish our rights or defend against legal claims; or
- In connection with selling, merging, transferring, or reorganizing all or parts of our business.
- Email Communications. If you opted-in to receive information about our products, updates and offers, we will use your name and email address to send this information to you. If you no longer wish to receive these communications, you can unsubscribe by following the instructions contained in the emails you receive or on our Website. Please note that we may send you transactional and relationship messages, even if you have unsubscribed from our marketing communications. For instance, if our Services/Website are going to be temporarily suspended for maintenance, we might send you an email to update you.
- Data Transfers. Company is headquartered in Malta, and we have operations, entities, and service providers throughout the world. As such, we, our entities and our service providers may transfer your personal information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it. If you are located in the European Economic Area, we provide adequate protection for the transfer of personal Information to countries outside of the EEA through a series of intercompany agreements based on the Standard Contractual Clauses authorized under the Article 46 of the General Data Protection Regulation.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive. A cookie enables the Website to remember your actions and preferences ‒ such as login, language, font size and other display preferences ‒ over a period, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our Website and Services. They include, for example, cookies that enable you to log into secure areas of our Website;
- Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website and Services works, for example, by ensuring that users are finding what they are looking for easily;
- Functionality cookies. These are used to recognize you when you return to our Website and Services. This enables us to personalize our content for you and remember your preferences (for example, your choice of language or region);
- Security cookies. They are used to ensure and improve security of our Website and Services and your warrant your secure access to the Website and Services.
You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. But if you do this you may have to manually adjust some preferences every time you visit the Website or use the Services, while some services and functionalities may not work.
Except for essential cookies, all cookies will expire after a short term (a day, a week or a month), though in some cases they may remain valid for up to a year.
- To keep your personal data accurate, current, and complete, please contact us. We will take reasonable steps to update or correct personal Information in our possession that you have previously submitted using our Services. Please also feel free to contact us if you have any questions about our Policy.