(in force since in 20th of January 2021)
Every day we make sure that the use of our platform is comfortable and safe for you. For this reason, we provide you with important information about how the data collected during your registration and use of the platform is processed.
Table of contents:
II. Who is the administrator and the data protection officer of your personal data.
III. How and why we collect your data?
IV. On what basis we process your data?
V. What are the consequences of not providing us with your personal data?
VI. Which of your data and how we share with other entities?
VII. How long do we keep your data?
VIII. Your rights.
XI. How do we secure your data?
a) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (“GDPR”),
b) National regulations of Republic of Seychelles.
3. In order to ensure the security of your personal data, we have ensured that all our employees are properly trained in the processing of personal data. In addition, we guarantee that our Company has adequate technical security and organizational measures to properly secure your data.
4. Personal data we collect is processed in accordance with the law, only for specified, legally permitted purposes.
5. In addition, we put our effort to make sure that the data collected by us is substantively correct and adequate in relation to the purposes for which it is processed and stored in a form that allows identification of persons to whom it relates, no longer than it is necessary to achieve the purpose of processing. We also maintain the security and confidentiality of the personal data collected.
6. The data collected by us is processed, stored and may be transferred to any country within European Union – where all our servers and IT infrastructure is located.
7. If you feel that the processing of your personal data by us violates the law, you can file a complaint to the supervisory body that deals with the protection of personal data. As we established dedicated representative for GDPR issues in Cyprus you may contact:
Office of the Commissioner for Personal Data Protection
Office address: Iasonos 1, 1082 Nicosia, Cyprus
Postal address: P.O.Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22818456; Fax: +357 22304565
II. WHO IS THE ADMINISTRATOR AND THE DATA PROTECTION OFFICER OF YOUR PERSONAL DATA
1. The Administrator of your personal data is DeFi Services Ltd [further also referred to as the Administrator] – a company established in Republic of Seychelles, bearing registration number: 225862 with registered seat at Crystal Offices, OT Centre, Victoria, Mahe, Seychelles.
2. If you have any questions, requests or complaints regarding the processing of your personal data by us, you can also contact us in writing at the address: Crystal Offices, OT Centre, Victoria, Mahe, Seychelles. You can contact the Administrator via mail sending a letter to the address, via e-mail at firstname.lastname@example.org.
3. Questions, applications and complaints referred to in the preceding paragraphs should, in particular include:
a) data relating to the person or persons concerned by the inquiry or request,
b) the event which is the reason for sending a message to us,
c) requests and legal grounds for demanding request,
d) the expected manner of handling the matter.
III. HOW AND WHY WE COLLECT YOUR DATA?
1. Visiting and using our Website is associated with the need to collect and process your personal data.
2. Please note, we process your personal data, in particular the data you provide us with directly when setting up your account on our Website (this is the data you enter on the forms provided by us) and the data you generate using services offered by our Website.
3. We need to collect such information not only to be able to provide our services “technically”, but also to fulfil the binding legal provisions regarding the obligation to to monitor, combat and assess the risks of fraud, money laundering, financing of terrorism. Therefore, if you do not provide the data requested during the registration, or if the data proves to be false, or if you object to its processing, we will not be able to continue to provide you with our services.
4. Due to the above-described obligations, in order to verify the accuracy of the data provided by you and to assess the risk of fraud, we also monitor your transaction history by analysing the course, volume, currency and type of transactions.
5. If you express a wish to use additional services offered by us, we will process your data which we collected in order to provide our services, in compliance with their description contained in the Terms and Conditions or provided to you separately. These services may include among others: newsletter, contests, etc.
7. As part of the operation of our Website, you may be asked to provide us with the following personal data:
a) phone number – in order to gain full access to your user account, you may be asked to provide your phone number and its direct verification, after providing your phone number we will send you an activation code, if you have become a subscriber of our newsletter distributed by phone, we will also send you commercial information once, twice a month, this is of course a voluntary option and at any time you can resign from it.
b) e-mail address – in order to create an user account on our Website, we will ask you to provide your e-mail address, what is more, your e-mail address will be used when you contact us with an inquiry via a contact form or chat window located on our Website, in addition, if you become a subscriber to our newsletter, we will send you information related to our Website once/twice a week – this is a voluntary option and you resign at any time, your e-mail address will also be used when you decide to participate in our affiliate program.
c) IP address (Internet Protocol) of your device – it is an unique number, assigned to devices on a computer network, such data may be used for technical, demographic (region from which the connection is made) statistical purposes, and to verify that you use our services in accordance with the Terms and Conditions (i.e. that the connection does not come from a country in which we do not provide our services),
d) other data such as: request URL, domain name, device ID, browser type, browser language, number of clicks, amount of time spent on individual pages, date and time of using the Website, type and version of the operating system, screen resolution, data collected in the server logs, and other similar information to develop statistical data for the optimization of services rendered, including displaying content that complies with your preferences.
8. Providing your personal data indicated in the preceding point is necessary in the following cases:
a) to create a user account on our Website, which is voluntary, and to use the full functionality of it;
b) in order to provide the newsletter service, if you want to be informed on an ongoing basis what is up to date with us and what news we have prepared for you, you can become a subscriber to our newsletter, subscription is voluntary and you can unsubscribe from it at any time.
9. Personal data are processed by our Company primarily in order to provide you with our services you order and any additional issues features within our Website. However, we would like to emphasize that as an Administrator we take care to observe the principle of minimizing and process only those categories of personal data that are necessary for us to achieve these goals.
11. When you contact us in order to perform various activities or to obtain information (e.g. to submit a complaint) using the Website, telephone or e-mail, we will again require you to provide us with your personal data to confirm your identity and the possibility of return contact. This applies to the same personal information you previously provided. However, it may happen that due to the nature of your request, we will have to collect other data from you. Provision of the above data is not mandatory, but it is necessary to perform activities or obtain information that interests you. We will process the above-mentioned data in order to perform the actions requested by you or to provide you with the information that you requested – depending on which situation takes place.
IV. ON WHAT BASIS WE PROCESS YOUR DATA?
1. Your personal data is always processed on one of the following legal basis:
a) your consent – in the scope resulting from this consent e.g. newsletter subscription, consent is voluntary and the consent to the processing of personal data can be withdrawn at any time, we enforce this basis if other grounds for the processing of your personal data do not apply, e.g. concluded contract or legal obligation;
b) an agreement concluded between us (regarding keeping an account on our Website, performing a purchase / sale transaction, settlements, sending a Newsletter, mailing) – in the scope necessary for its implementation;
c) taking action on request, before concluding a contract – if you asked us a question before creating a user account, we do not need additional consent to contact you back and answer your questions;
d) legal obligation, i.e. an obligation arising from legal acts – in the scope necessary to comply with the binding provisions;
e) our legally legitimate interest.
2. If we process your personal data on the basis of the consent referred to in point 1 a) above, the data you provide is used only for the purposes covered by your consent. On this basis, we will primarily carry out information and marketing campaigns. Remember that at any time you can change your mind and withdraw your consent – just send us an e-mail. Please note, however, that this does not always involve the deletion of your personal data. We may still process your personal data if it is necessary, e.g. if we have another legal basis for processing your personal data (concluded contract) or if we have a legitimate legal obligation to do so.
3. We will also process your data to execute the agreement we entered into with you (primarily as a result of registration on and acceptance of the Terms and Conditions for an account on our Website) to be able to properly provide you with the services you want.
4. Whether you have given us your consent for the processing of your personal data or we are bound with you by a contract, we will also have to process your data due to the need to comply with our legal obligations. These will be situations in which, for example, we must store data resulting from transactions made for tax and accounting reasons; as well as situations where we are obliged to verify and analyse your data (including your actions taken on the Website) in accordance with applicable anti-money laundering and terrorist financing regulations.
5. Please, remember that although you did not give us your express consent, we are obliged to make your personal data available to state authorities, i.e. tax authorities, law enforcement authorities and other entities properly authorized to do so in accordance with applicable law.
6. Based on our legitimate interest, we will process your data for the purpose of claiming our rights and defending ourselves against claims, for evidentiary and archival purposes. On the same basis, we will also process your personal data collected automatically on the Website in order to ensure the security of the session, quality of the session and provide you with all the functions of the Website. On this basis, we will also process your personal data for analytical purposes, which will involve the examination and analysis of traffic on our Website.
V. WHAT ARE THE CONSEQUENCES OF NOT PROVIDING US WITH YOUR DATA?
1. In the case of registration and verification of an account, we process only the data without which the agreement concluded with you cannot be executed for “technical” reasons or for legal reasons. Not providing us with the required data will result in the fact that we will not be able to set up or keep your account, let alone carry out transactions within it.
2. Giving us your consent to the processing of your personal data is voluntary. If you do not give us your consent (or withdraw it), then we will not take any actions that a given consent applies to.
VI. WHICH OF YOUR DATA AND HOW WE SHARE WITH OTHER ENTITIES?
1. You should be aware that as long as we do not share your personal data without your express consent, your personal data may be entrusted to other entities for processing. This is because without such entrustment of your personal data, our company would not be able to conduct its business and provide services to you through our Website.
2. Processing entities means companies we cooperate with in running our business activity.
3. First of all, we entrust your personal data for processing to such entities as:
a) entities involved in the sending messages and SMS messages – to send messages for which you have given your consent by phone or e-mail;
b) entities providing hosting services for the Website – so that you can use our Website, create a user account, contact us in case of any questions;
c) entities providing IT services for the website where our Website is located – if necessary, thanks to which our Website, and first of all your user account, can function efficiently, in this way we also remove all types of failures, defects, technical interruptions in the functioning of our Website;
d) postal, courier and freight service providers – for the delivery of parcels – if you choose to participate in our contest or affiliate program, it is necessary for you to receive the prize;
e) entities providing accounting services – in order to keep the accounting books of our company;
f) entities assessing the risk of fraud – in order to assess that risk;
g) entities that provide other services to us that are necessary for the day-to-day operation of the Website.
4. Sharing your personal data we make sure that the entities we cooperate with ensure the implementation of technical and organizational measures and process them in accordance with applicable regulations, including the provisions of the GDPR.
6. Your personal data will not be transferred to third countries or international organizations in the meaning of GDPR regulations. In that case, you will be informed in advance and the Administrator undertakes to apply appropriate security measures in accordance with the GDPR.
7. Entities providing services to us have servers located in the countries within the European Union and they ensure proper protection of your data in accordance with EU regulations.
VII. HOW LONG DO WE KEEP YOUR DATA?
1. We store and process your data only as long as it is necessary for the purpose for which it was obtained.
2. You should be aware that your personal data may be processed by us for a longer period than indicated above. This is due to the obligations imposed on us and specific legal provisions.
3. If the basis for processing your data is:
a) your consent – this period lasts until you withdraw your consent or until the expiry of your consent (e.g. when the consent concerned a service that we no longer provide), if further processing of your personal data does not impose any obligation on us or does not result from specific legal regulations;
b) the need to execute an agreement – Please remember that not always the period of processing your data lasts as long as the parties are bound by the concluded contract, due to the obligations imposed on us by specific legal provisions, e.g. the obligation to keep accounting books and records may be extended accordingly.
c) legal obligation – Your personal data will be processed for as long as we are under a legal obligation to do so in accordance with specific legal provisions;
d) pursuit of a legitimate interest – until the interest persists.
4. Please, note that the basis for processing your personal data for a certain period of time is primarily due to special regulations. Therefore, even though you withdraw your consent, the contract that linked us will be terminated or simply expire, in some cases we are still required to process your personal data.
5. For example:
a) data provided for account registration on the Website will be stored for as long as your account will be kept – that is, until you do not cancel it or request it to be closed, unless further processing of your personal data is necessary to comply with a legal obligation;
b) data provided for the Newsletter or other mailing to be sent will be kept until your consent for their delivery is valid;
c) if you gave consent to our other information activities about our offer – your data necessary for performing such activities will be kept until you withdraw your consent.
6. Due to the fact that our services, among others are subject to AML / KYC regulations, we are obliged to keep for at least five years from the end of our economic relations with you (i.e. from the final closing and settlement of the account), including evidence confirming transaction and transaction records necessary to identify transactions.
7. The retention period of your data required by law may be subject to change as the applicable law changes.
8. After the indicated time periods expire, your personal data will be deleted or anonymized in a way that prevents the data from being attributed to you.
VIII. YOUR RIGHTS
a) data of the person or persons concerned by the request or question,
b) the event which is the reason for sending a message to us,
c) your requests and the legal basis for its requests,
d) the expected manner of handling the matter.
This will help us to respond more efficiently to your questions and requests.
2. Due to the processing of your data by us, you have:
b) the right to request access to your personal data – both the data you shared with us and which we are processing, as well as the data generated in the course of our cooperation (e.g. history of transactions);
c) the right to request immediate correction or upgrading of your personal data by us, if it is incorrect;
d) the right to complete incomplete personal data, including through presentation of an additional statement (considering the purposes of processing);
e) the right to immediately delete your data (“the right to be forgotten”); – in such a case we will delete your data immediately (however, we will keep the data we must keep in compliance with the law);
f) the right to request processing restrictions;
g) the right to receive data you provided to us in a structured commonly used format suitable for machine reading and to send it to another administrator;
h) the right to the right to transfer your personal data – you may demand that we transfer your data to another administrator of your choice, we may satisfy your request if you have given us your consent to the processing of your personal data,
i) the right to object to the processing of your personal data for the needs of direct marketing which causes that we will cease to process your data for the purposes of direct marketing;
j) the right to object due to causes related to your particular situation, if your personal data is processed based on a legally justified interest. However, we will keep processing your personal data in the necessary scope if there is a particular justified reason for that for us – we will inform you about this in such a case;
k) if the basis for the processing of your personal data is your consent, you will have the right to withdraw such consent at any time. Withdrawal of your consent does not affect compliance with the law of processing of your personal data by us carried our based on the consent before its withdrawal.
l) Filing a complaint to the supervisory body – If you feel that the processing of your personal data by us violates the law, you can file a complaint to the supervisory body that deals with the protection of personal data.
3. You can submit a statement regarding the exercise of any of your rights mentioned above, write to us: DeFi Services Ltd., address: Crystal Offices, OT Centre, Victoria, Mahe, Seychelles, e-mail address: email@example.com.
4. Withdrawing your consent or objecting to the processing of data, if you do not formulate any other objections, will affect all our services and Websites and the entities entrusted with the processing of your data.
1. Profiling involves automated processing of personal data allowing the assessment of personal factors of a natural person, and in particular analysing or forecasting aspects related to the economic situation, personal preferences or interests, credibility or behaviour of the data subject.
2. On our Website we process your personal data, including your activities on the Website, to assess the possibility of offering you our services. Our profiling boils down to two aspects:
a) determining your preferences and needs in order to better adapt the Website to your needs;
b) verifying the accuracy of the information provided by you and estimating the risk of money laundering or terrorist financing in order to fulfil our legal the obligations.
3. Based on our profiling, in accordance with our internal procedures for estimating the risk of money laundering or terrorist financing, we evaluate which transactions you have commissioned we can carry out, and what information we are forced to obtain from you to fulfil our obligations of due diligence in the prevention of fraud in accordance with the law.
4. Each time the results of profiling are analysed by our employees or external entities from the AML/CTF sector before deciding whether we can provide you with a given service and it is up to them to make the final decision on this matter.
2. Cookies are small text information in the form of text files, sent by the server and saved on a device of the person visiting the Website (e.g. on the hard drive of the computer, laptop or on the smartphone’s memory card – depending on which device you use). Detailed information about cookies as well as the history of their creation can be found among others here.
3. The Administrator may process data contained in Cookies when users use the Website for the following purposes:
a) identification of users as logged in to the Website and showing that they are logged in;
b) remembering data from completed forms, surveys or login data to the Website;
c) adjusting the content of the Website to individual preferences of users (e.g. regarding colours, font size, page layout) and optimization of the use of the Website;
d) keeping anonymous statistics presenting how the Website is used;
e) displaying individualized advertisements for the Website user, according to preferences;
f) better optimization of the functioning of the Website.
4. By saving cookies, the device records the activity of the Website user and it is thanks to this that the Website, displayed by the user is individualized, according to his preferences.
5. As a standard, most web browsers available on the market accept cookies by default. Everyone has the possibility to define the terms of using cookies through their own browser’s settings. This means that you can, for example, partially restrict (e.g. temporarily) or completely disable the option of saving cookies – in the latter case, however, it may affect some of the Website’s functionalities (for example, it may not be possible to pass the sales offer path due the failure to remember data during the subsequent stapes of submitting offers).
6. Detailed information on changing cookies settings and their removal in the most popular web browsers is available in the help section of the web browser and on the following pages (just click on the link):
c) Internet Explorer
7. The Administrator also processes anonymized operational data related to the use of the Website (so-called logs, domain) to generate statistics helpful in administering the Website. For this purpose, we use services of third parties. Data processed by these entities is aggregate and anonymous, i.e. it does not contain features identifying visitors of the Website.
XI. HOW DO WE SECURE YOUR DATA?
1. We ensure an optimal range of organizational measures in a manner that ensures its proper protection, in particular:
a) secure the possibility of collecting, copying and disclosing personal data to unauthorized persons;
b) protect personal data, databases and devices on which personal data are processed from loss, damage or destruction.
2. We store, use and transmit your data in a manner that ensures its proper protection, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical and organizational measures.
3. We have implemented a number of security measures to ensure that your information will not be lost, used or changed. Our data security measures include, among others: PCI scanning, encryption, pseudonymization, data backup, regular testing, measuring and assessing the effectiveness of security measures used, restrictions on access to internal data and strict physical controls of access to buildings and files.
4. Access to data processed by us is carried out through an internal network, secured by our certificates and keys, thus excluding third party access “from outside” as well as “our” unauthorized persons.
5. In order to secure your data, we have developed and are constantly improving our own original script that encrypts data.
6. When we store your data on internal servers, we do it through entities that guarantee security of the infrastructure offered (PCI-DSS certification, ISO / IEC 27001 certification, SOC 1 TYPE II and SOC 2 TYPE II certificates, etc.), who have a good opinion, and their services are used by other entities processing personal data of special importance. For this reason, the servers used by us are located in different places in European Union.
7. Regardless of the above, please remember that it is impossible to guarantee 100% secure data transmission over the Internet or electronic data storage methods. Therefore, we ask that you also take reasonable precautions to protect your personal data. If you suspect that your personal information has been compromised, in particular the account or password information has been disclosed, contact us immediately.
8. Detailed IT solutions protecting your data are confidential, making it difficult to break them.