September 18, 2023
Personal Data: Personal data means any information that relates to an identified or identifiable natural person. This includes details like names, addresses, email addresses, identification numbers, and even things like IP addresses or cookie identifiers, as well as any information found online that may reveal your physical, genetic, mental, economic, cultural or social identity.
Data Subject: The data subject is the person who the personal data is about. In simpler terms, it’s you or any other individual whose personal information is being collected and processed.
Data Controller: The data controller is the one who determines the purposes and means of processing personal data. In other words, they're the boss when it comes to deciding why and how your data is used. In this case, it would be us.
Data Processor: The data processor, on the other hand, processes personal data on
behalf of the data controller. In our case, they are vendors and partners we collaborate with that process your personal data for purposes determined by us.
DATA PROTECTION OFFICER
INFORMATION WE COLLECT
In order to provide our Services and offer our Products, we need to gather information about you.
Information that You Provide This category covers content and details that you provide while using our Services and the App. We will never request information related to your racial or ethnic background, your personal life, sexual orientation, political views, philosophical or religious beliefs, biometric or genetic data, or trade union membership.
When you create your personal Account, we may request your contact information, including your full name, personal address, email address, and phone number. Additionally, for the purpose of verifying your identity in compliance with legislative requirements, we may collect the following personal information as outlined in the table below:
If you reach out to us directly, we may request additional information such as your name, email address, personal address, phone number, and other relevant personal details. Whenever we ask for this information during communication, we will clearly explain the reasons behind it.
Our Services enable users to select their preferred payment method for executing Orders and Transactions via third-party credit and financial institutions and payment service providers. Please note that we do not retain any of your financial account information; it is securely handled by the respective payment provider. Note that these vendors may, in turn, collect and process your personal information on their behalf and in accordance with their own purposes and obligations. To learn more about how third-party payment service providers and financial institutions collect, use and share your personal information, you are encouraged to read their privacy policies or notices provided on the official websites of the
respective service providers.
Information from Third Parties
In our continuous effort to provide you with seamless and comprehensive Services, we may obtain personal data from third-party partners and vendors. In case of such integration, the information collected by our partners is shared with us. We require our partners to have lawful purposes to collect, process and use your personal data before sharing it with us. These third-party partners and vendors play a vital role in enhancing the functionality and utility of our platform. Here's how personal data from these sources may be used:
We may collaborate with third-party Merchant VASPs to facilitate transactions with Fiat currencies. In such cases, we may receive information that you have shared with these Merchant VASPs as part of your transactions. This information may include transaction history, account details, and other relevant financial data. Our use of this data is governed by strict privacy and security standards to ensure the confidentiality and integrity of your financial information. You may find the list of our partner VASPs here.
To provide you with certain features and services, we may integrate with third-party APIs like Plaid and Chainlink. These integrations allow us to access and retrieve specific financial data with your explicit consent. The data obtained through such integrations may include bank account information, transaction history, account balances, and other financial details. We utilize this data to offer you enhanced features and allow you to purchase Crypto Funds in exchange for fiat currency before depositing it onto your account. Your consent is sought and obtained when accessing your financial data through API integrations, and you retain control over the scope of data shared.
We may obtain personal data from publicly available databases to enhance our Services and fulfill our legal and regulatory obligations. The information retrieved from these databases may include names, addresses, contact information, employment details, affiliations with restricted, sanctioned, or prohibited groups and associations (as defined by relevant legal acts) as well as other publicly accessible data. This data assists us in various functions, such as identity verification, fraud prevention, and compliance with relevant laws and regulations.
Identity Verification Partners
To ensure the security and integrity of our Services, we collaborate with identity verification partners who provide us with access to specific personal data required for identity verification purposes. This data may comprise full names, address information, identification document images and data, personal identification codes, identification document holder photos, date of birth, citizenship, place of birth and other relevant identity-related data.
Credit and Financial Institution
In compliance with the law and industry standards, we may obtain personal datafrom financial and credit institutions. This data can encompass financial transactionhistory, account balances, credit scores, account details as well as other financialinformation. This information is crucial for enabling financial transactions andensuring compliance with relevant regulations.
We may collect publicly available blockchain data to monitor and detect illegal activities, including those defined by applicable laws and regulations. This data may include blockchain transaction details, wallet addresses, and other relevant blockchain information.
Marketing Partners, Advertisers and Analytics In collaboration with marketing partners, we may collect personal data to better understand your interaction with our App and Services. This data aids us in refining our marketing strategies and offering you personalized recommendations. In turn, advertisers may provide us with personal data to assess the effectiveness of advertising campaigns and optimize ad targeting, while analytics partners help us gain insights into how you use and interact with our platform. The data shared with us by the aforementioned partners may include user preferences, interaction patterns, user behavior on our App, response to marketing campaigns, interest-based data, click-through rates, conversion data, session duractions, traffic sources, clickstream data as well as other relevant data.
HOW WE USE YOUR DATA
Lawful Basis and Legitimate Interest
Our collection, use, and sharing of your personal data are founded on various lawful bases, depending on the context. The following scenarios represent the circumstances in which we engage in data collection:
Consent: We process your personal data when you grant your explicit consent. This typically occurs when you have reviewed our data processing purposes and willingly agreed to them. Examples include subscribing to our marketing notifications and campaigns or permitting the use of your personal information to enhance your experience while using our App and Services.
Performance of a contract: We process your information when it is essential to perform a contract with you (for example, our Terms of Service). This encompasses situations where your data is required for processing and finalizing your orders or adhering to the terms of any other contractual agreement we have entered into with you. It also includes enforcing the terms of this Policy and other agreements, providing our Services, ensuring the quality of our Services, and offering customer service and support.
Legal Obligation: We use your data when there is a legal obligation that necessitates data disclosure. This occurs when compliance with legal requirements imposed by law or legal orders is mandatory.
Legitimate Interests: We may process your personal data when we have a legitimate interest that aligns with the operation and provision of our Services. This includes activities aimed at improving our App, maintaining proper security measures, and preventing illegal activities related to your data. Our legitimate interests are pursued only when they do not infringe upon your fundamental rights.
In the table below you will find the list of purposes for which we use your data, and what lawful bases we invoke for its use.
HOW WE SHARE YOUR DATA
We may share the information we collect with various third parties to support and enhance our business operations.
Please be aware that certain service providers operate outside of the EU/EEA area. For detailed information on how your data is handled when shared with third parties located outside of the EU/EEA, please refer to the section on Data Transfers Outside EU/EEA below. This section clarifies the types of third parties with whom we share information and highlights the presence of non-EU/EEA service providers for transparency regarding data handling practices.
Vendors and Service Providers
We collaborate with vendors and service providers who assist us in maintaining and optimizing our business. These service providers encompass a range of functions, including web and mobile analytics services, advertisers, IT partners, such as hosting and software providers as well as sales and marketing products.
Credit and Financial Institutions
In certain instances, we may share your personal information with third-party VASPs to facilitate the exchange of fiat currency to cryptocurrency as part of your transactions. Additionally, we collaborate with Metamask to enable the seamless connection of your wallet to your account for enhanced functionality.
For the purpose of completing the exchange of fiat currency to cryptocurrency as part of your transactions, we may share your relevant personal information with third-party Virtual Asset Service Providers (VASPs). These VASPs are integral to ensuring the successful execution of your cryptocurrency transactions. To understand how these VASPs collect, use, and protect your personal information, we recommend reviewing their respective privacy policies.
Identity Verification Services
To ensure compliance with legal requirements under relevant law and to uphold the safety, transparency, and lawfulness of your activities, we utilize third-party identity verification services. By using our verification partners' services, we cross-reference the personal information you provide, or that is provided by a third party, with the information available in our verification partners' databases and/or public records.
In our commitment to providing you with a seamless experience, we may share certain information with advertisers who play a role in enhancing our Services. These advertisers assist us in delivering relevant content and promotions tailored to your interests. The information shared with advertisers may include user preferences, interaction patterns, engagement with advertising campaigns, and interest-based data. Our collaboration with advertisers aims to provide you with advertisements that align with your preferences and interests.
To jointly deliver integrated services, promotions, or joint initiatives, we may share specific information with our trusted business partners in various fields. The data shared with business partners can encompass a variety of relevant information to support our shared objectives. Any information shared is handled in compliance with data protection laws and regulations, and it is used exclusively for the purposes of delivering the intended services and enhancing your overall experience.
In exceptional circumstances and as required by applicable laws and regulations, we may share your information with law enforcement agencies and competent authorities. This is done to support investigations, maintain legal compliance, and ensure the safety and security of our App and users. It may be necessary in the case of court proceedings, complying with a legal order or other legal process, as well as for the purposes of financial crime, money laundering and terrorism financing prevention, if we have strong grounds to believe any natural or legal person to be involved in or associated with the said forms of crime.
Transfers, Mergers and Acquisitions
In cases of our insolvency, bankruptcy, acquisition, transfer of ownership, sale of assets or succession, your personal information may be disclosed to the new owner, acquirer or successor of the company or other relevant third parties.
HOW YOUR DATA IS SECURED
At Remonoter, we consider the security of your personal information to be of paramount importance. We employ a range of technical, organizational, and administrative measures designed to safeguard your data against unauthorized access, disclosure, alteration, and destruction. These security measures include:
Data Encryption: We utilize industry-standard encryption protocols to protect data during transmission and storage. This ensures that your information remains confidential and secure.
Access Controls: Access to your personal information is restricted to authorized personnel who require access for legitimate business purposes. Access controls and authentication mechanisms are implemented to verify and restrict access.
Employee Training: Our team is trained in data security best practices to ensure they handle your information with care and adhere to strict data protection guidelines.
Data Backups: Regular data backups are performed to prevent data loss in case of unexpected events or system failures.
Incident Response: We have established incident response procedures to promptly address and mitigate any security incidents or breaches, should they occur.
Blockchain Technology: Our App operates on blockchain technology, which inherently provides transparency, immutability, and decentralization. This ensures that your transactional and personal data is stored securely across multiple nodes, reducing the risk of unauthorized alterations or data breaches.
User-Controlled Data: As an App User, you maintain control over your personal information through private keys and digital wallets. Your data is encrypted and accessible only by you, reducing the exposure to external threats.
Smart Contracts: We employ smart contracts, which are self-executing and tamper-proof agreements, to govern and automate transactions. These contracts enhance security by reducing the need for intermediary intervention and minimizing the risk of fraud.
Cryptography: Robust cryptographic protocols are utilized to secure data transmission and storage within our App. This ensures that your sensitive information remains confidential and protected from unauthorized access.
Regular Audits and Updates: Our team conducts regular security audits and updates to identify and mitigate potential vulnerabilities or weaknesses in our App's infrastructure. We remain committed to staying at the forefront of security best practices in the blockchain space.
Data Minimization: We collect and store only the minimum amount of personal information necessary to facilitate your transactions and provide our Services. Unnecessary data is not retained, reducing the potential impact of any security incidents.
User Education: We encourage users to educate themselves about blockchain security best practices and the responsible management of private keys and digital assets. We provide resources and guidance to help you protect your data effectively.
While we take extensive measures to protect your data, it's essential for users to also play a role in their data security. We encourage you to:
- Use strong, unique passwords for your Metamask and payment accounts connected to the App;
- Enable multi-factor authentication when available;
- Keep your login credentials confidential; and
- Regularly update your account information and review access permissions.
If you ever have concerns about the security of your data, suspect any unauthorized activity, or would like to know the specific measures undertaken to secure your personal data, please don't hesitate to contact us via Telegram or Discord.
Your personal information is held and stored securely for the duration of your active account with us. We are committed to retaining your personal information only for the period necessary to fulfill the specific purposes for which it was collected. The retention periods may vary depending on the type of personal information and the purposes for which it was initially gathered. Here's an outline of our data retention practices:
YOUR RIGHTS AS DATA SUBJECT
As a User of our Services and the App, you have certain rights regarding the personal data that we collect and use. These rights are designed to provide you with control and transparency over your data. The following are your rights as a data subject:
Right to Access: You have the right to request access to the personal data we hold about you. This includes the right to obtain confirmation of whether we are processing your personal data and, if so, access to specific details of that processing.
Right to Rectification: If you believe that the personal data we hold about you is inaccurate or incomplete, you have the right to request the correction or completion of such data.
Right to Erasure (Right to Be Forgotten): You have the right to request the deletion of your personal data under certain circumstances. This right is not absolute and may be subject to legal requirements or legitimate interests that override your request.
Right to Restriction of Processing: You can request the restriction of processing of your personal data in certain situations. This means that we will limit the way in which we use your data, but we may continue to store it.
Right to Data Portability: In some cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller.
Right to Object: You have the right to object to the processing of your personal data, including for direct marketing purposes or when we rely on legitimate interests as our legal basis for processing.
Rights Related to Automated Decision-Making and Profiling: We commit to transparent and fair automated decision-making processes. If you are subject to automated decision-making that produces legal effects or significantly affects you, you have the right to request human intervention and reconsideration of the decision.
Exercising Your Rights
To exercise any of the rights outlined above or if you have any questions or concerns regarding the processing of your personal data, please contact our Data Protection Officer (DPO) at [email protected]. Our DPO will assist you in addressing your data-related inquiries and ensuring that your rights as a data subject are respected and upheld.
You will not be charged a fee for accessing your personal data or exercising any of the rights outlined above. In the rare event that your request is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee. This fee, if applicable, will be based on the administrative costs associated with processing your request. Alternatively, we may choose to refuse to comply with your request in these exceptional circumstances. If such a situation arises, we will provide a clear and transparent explanation for our decision. Please note that we will always act in accordance with applicable data protection laws and regulations when assessing the reasonableness of any fees or the validity of requests.
Under the GDPR, we are committed to responding promptly to legitimate requests regarding your personal data. The statutory period for us to reply to such requests is one month from the date of receipt. However, in situations where the request is particularly complex or there is a high volume of requests, we may extend this period by up to two further months as necessary. This extension will be based on a careful consideration of the complexity and number of requests received.
DATA TRANSFERS OUTSIDE EU/EEA
As some of our business partners, vendors and service providers are located outside of the European Union or European Economic Area, we may need to transfer your personal data to countries outside of the EU/EEA zone.
We take stringent measures to ensure that such transfers are conducted in compliance with applicable data protection laws and that your data remains adequately protected.
Transfers to and from Processors in Countries with Adequacy Decisions Some of our data processing activities may involve transfers to and from data processors located in countries that have received adequacy decisions from the European Commission. Adequacy decisions confirm that these countries provide a level of data protection that is deemed equivalent to EU/EEA standards. When such transfers occur, your data is adequately protected by the recipient's legal framework.
Transfers from and to Other Countries
In cases where data is transferred to countries that do not have adequacy decisions or other recognized mechanisms, we utilize Standard Contractual Clauses (SCCs) as provided by the European Commission. SCCs are a set of contractual terms and conditions approved by the European Commission, providing a framework for the lawful transfer of personal data that impose data protection obligations on both parties involved in the data transfer and ensuring that your data remains protected according to EU/EEA standards. These clauses include provisions that require the recipient to provide an adequate level of data protection.
We are committed to ensuring that all international transfers of your personal data are conducted with the utmost care and in compliance with relevant data protection regulations.
If you have any questions or concerns about international data transfers or the mechanisms we employ to protect your data, please do not hesitate to contact our Data Protection Officer (DPO) at [email protected].
Elendil Capital sp. zo. o
22B Bartycka Street lok. 21A, 00-716 Warsaw
Registered Office Address: 22B Bartycka Street lok. 21A, 00-716 Warsaw Contact Email: [email protected]
Data Protection Officer (DPO): Luc Mikhail H Loja
DPO Contact Email: [email protected]
Official Twitter: https://twitter.com/OfframpXYZ
Official Discord: https://discord.gg/offrampxyz