UAB WallexCUSTODY(collectively “Company”, “we”, “our” and “us”) respect individual privacy and values the confidentiality of our customers and others with whom we do business. Company strives to process personal data (as defined below) in a manner consistent with the data protection laws of the countries in which we do business.
1. For the purposes of this Policy, the following definitions shall apply:
“EEA” shall mean the European Economic Area;
“EU” shall mean the European Union;
“personal data” shall mean any information or set of information, whether alone or in combination with other personal data, that is sufficient to identify an individual;
“processing” shall mean any operation that is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, disclosure, use, transfer or otherwise making available and the verb “to process” shall be construed accordingly;
“data protection laws” shall mean The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR") and other applicable laws of the countries in which we do business;
2.1 We generally collect the following types of personal data:
(a) Identification Information.Your name, identification number, passport/ identification card number, date of birth, telephone number, mailing address, email address, Company account, password, copies of any documents you have provided for identification purposes, such as your image in photo or video (provided for Know-Your-Client (“KYC”) or other regulatory purposes), user identification, information from the public databases about you collected due to regulatory requirements and any other information relating to you which you have provided to us in any forms that you may have submitted to us, or in other forms of interaction with you.
(b) Usage Information. Information about your use of our website and services, including cookies, internet protocol address, computer and connection information, device type and unique device identification numbers, bandwidth, statistics on page views, and traffic to and from our websites and the Company’s mobile application (“App”), and other technical data collected through cookies and other similar technologies that uniquely identifies your browser.
(c)Transaction Information. Transaction information as you use our services, including deposit snapshots, account balances, trade history, order activity and distribution history.(d)Employment Information. Your employment history, education background and income levels.(e)Financial Information. Your bank account information, credit card information (including the card number, expiry date and CVC), tax identification number, transaction history and trading data.
(f) Correspondence. Responses to promotions and initiatives on our website or the App, and interactions with our support team and customer service officers via email or other communication channels.
3.1 Information you provide to us. We request for personal data from you in the course of your use of our websites and/or services in the following manner:
(a) when you register for an account with us on websites owned or operated by us or the App or when you use services on such websites or the App;
(b) when you respond to our promotions, surveys and other initiatives (including through social media platforms like Facebook, Instagram, Twitter or our mobile applications);
(c) when you interact with our customer service officers;
(d) when you request to be included in an email or other mailing list;
(e) when you submit a job or internship application;
(f) when you fill any of our forms;
(g)when you request that we contact you.
3.2 Information we collect automatically.
We may collect personal data from you automatically when you access the App or our website and services where we may automatically receive and record usage information (see above) on our server logs.
3.3 Information collected from third party sources.
We may collect personal data from third party sources as follows:
(a) public databases, credit bureaus and identity verification partners in the course of verifying your identity and conducting relevant due diligence checks when opening an account or when employing you;
(b) public blockchain data where we collect data for ongoing transaction monitoring and transaction trend analysis;
(c) marketing and other business partners who may share information about you via a referral program or for our better understanding of which of our services may be of interest to you;
(d) advertising networks and analytics providers who may provide us with anonymized information about how you found our websites or the App and how you interact with theApp or our websites and services.
3.4 Anonymized and aggregated data.
Anonymization is a data processing technique that modifies personal information so that it cannot be associated with a specific individual. Except for this section, none of the other provisions of this Policy applies to anonymized or aggregated data. We may use such data for the following purposes:
(a) to better understand customer needs and behaviors;
(b) improve our products and services;
(c) conduct business intelligence and marketing; and
(d) detect security threats.
We may perform our own analytics on anonymized data or enable analytics provided by third parties. Types of data we may anonymize include, transaction data, click-stream data, performance metrics, and fraud indicators.
4.1 To provide our services.
We process your personal data to provide services to you. For example, when you wish to open an account and store digital currencies on our platform, we require information such as your identification, contact information and payment information, without which we cannot provide any services to you.
4.2 Legal and regulatory compliance.
Most of our services are subject to laws and regulations requiring us to process your personal data in certain way. For example, we have to identify and verify persons using our services to comply with anti-money laundering laws. This involves using third party service providers to verify your identity with third party databases and public records. We also may disclose your personal data to comply with any applicable legal or regulatory requirements (e.g. prevention of money laundering and terrorist financing, implementation of KYC procedures and international sanctions).
4.3 Enforce our terms of service and other agreements.
Our terms of service prohibit illegal and other restricted activities in respect of the user of our websites and services. We also collect fees based on your use of our services. We collect information on your usage and monitor your interactions with our websites and services for purposes of monitoring whether there is any breach of such terms and obligations and for enforcement of our legal rights.
4.4 Service communications.
We send administrative or account-related information to you to keep you updated about our services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our services. You may not opt-out of receiving critical service communications, such as emails or mobile notifications sent for legal or security purposes.
4.5 Quality control.
We process your personal information for quality control and staff training to make sure we continuously improve our services.If we do not process personal information for quality control purposes, you may experience issues on the services such as inaccurate transaction records or other interruptions.
4.6 Enhance user experience.
To conduct data analytics activities, using your personal data in an anonymized manner, to predict and understand user needs, and provide targeted/relevant information based on aggregated information obtained from your activities on our websites and platforms and to improve the content and ability to navigate of our websites and applications.
Based on your communication preferences, we may send you marketing communications (e.g. emails or mobile notifications) to inform you about our events or our partner events; to deliver targeted marketing; to provide you with promotional offers; and to ask your opinion about our products or services which can be opted out at any time.
4.8 Network and information security.
We process your personal information to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our services. Without processing your personal information, we may not be able to ensure the security of our services.
4.9 Facilitate corporate acquisitions, mergers or transactions.
We may process any information regarding your account and use of our services as is necessary in the context of any corporate acquisition, mergers or other corporate transactions that we are or may be involved in.
4.10 Employment purposes.
We may process your personal data when you submit an application to us as a candidate for employment by us for pre-recruitment checks, obtaining employee references, and for employees, for assessing your performance, ongoing training, administering benefits and payroll, and providing you with tools to facilitate you doing your job.
4.11 For any other purpose.
We may process your personal data for any other purpose you consent to.
5.1 Direct marketing.
We would like to send you information about our products and services that we think you might like. Such marketing communications may be provided to you via social media channels, emails, or such other reasonable means that we choose. We do not transfer any of your personal information to other organizations outside Company without your permission, which can be opted out at any time.
5.2 Right to opt out.
You may ask to stop sending you marketing information and/or further processing your personal data for purposes of direct marketing, at any time and free of charge (for further details please refer to Clause 9.3). Upon receipt of such information, we will not contact you further for the purpose of direct marketing.
6.1 We may disclose and transfer personal data to the following parties:
(a) service providers who help with parts of our business operations, such as:
• identity verification;
• cloud storage;
• payment processing;
• transaction monitoring;
• internet and communication service providers;
• IT security;
• customer service providers;
• custodial services for digital currencies.
(b) our professional advisors who provide, banking, legal, compliance or other consulting services in order to complete any financial, technical, legal or compliance audits or to otherwise comply with our legal and regulatory obligations;
(c) any relevant party when compelled to do so under any applicable law or regulation (e.g. fraud prevention agencies);
(d) companies or other entities that we plan to merge with or be acquired by or companies or other entities that purchase our assets.
6.2 We require that parties to whom we transfer personal data, and service providers only process personal data strictly for purposes for which we engage them for and consistent with the purposes that we have described in this Policy or with other purposes for which consent has been sought and obtained.
6.3 Our website or the App may contain links to websites operated by third parties which are not controlled by us and not covered by this Policy. Some of these third-party websites may be co-branded with our logo or trademark even though they are not managed or operated by us. Please review the privacy policies of such websites before disclosing your personal data to such third party.
7.1 We maintain appropriate physical, technical and administrative safeguards to protect the security and confidentiality of the personal information you entrust to us.
7.2 For example, we use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorize access to personal information only for those employees who require it to fulfil their job responsibilities. Some personal data may be obtained by other personal data controllers as result of provision of services (e.g. compliance service providers). They are responsible for proper personal data processing and shall ensure the personal data security is as required under applicable personal data protection legislation.
7.3 We cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own personal information. When registering with our services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.
7.4 However, even with the existing protection measures in place to protect your personal data, you should be aware that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
We store client identification data and verification data securely throughout the life of your account and for 6 (six) years after our business relationship with you ends. We keep other your personal data for 1 (one) year after our business relationship with you ends. In exceptional cases the data retention period may be longer. However, we will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. Thereafter, we will delete or where deletion is impracticable, restrict access to data which can be associated with you.
In case, some additional/excessive personal information is requested for particular purpose and/or task, it shall be retained for that particular purpose and/or task and shall be deleted after 14 days.
9.1 Access and Rectification.
You may request for access to any personal data that you provide to us or make corrections (including update) to such information by sending your request to the contact details provided below.
You have the right to request for the erasure of your personal data where you no longer think we need to hold it or you think we have obtained it or processed it without your consent (when it is required) at any time. Please note that we may have an obligation to keep the certain personal data about you and therefore in specific cases we may not be able to agree with your request. Generally, even after termination of your account we will keep certain information for a period of time for legal and business purposes (such as defense against any potential claims, prevention of fraud, and assisting law enforcement). If you close your account, your personal data will not be used by us for any further purposes nor shared with third parties, except as necessary for the purposes mentioned and in accordance with this Policy.
9.3 Withdrawal of consent.
You are entitled to withdraw your consent at any time. If you wish to withdraw your consent, please send your request to the contact details provided below. The processing that we have already done will not be affected, but we will not continue processing your personal data if we do not have other grounds for the processing. Please note that the withdrawal of your consent may result in us not being able to provide services (functionalities) to you, and shall, in such circumstances, notify you before completing the processing of your request. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same.
9.4 Restriction of processing.
You may ask us to suspend the processing of your personal data if you want us to establish the data’s accuracy or where our use of the data is unlawful but you do not want us to erase it or where you want us to hold your personal data to establish, exercise or defend legal claims even if we no longer need it or where you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it. Please note that the restriction of processing may result in us not being able to provide services to you, and shall, in such circumstances, notify you before completing the processing of your request. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same.
9.5 Objection to processing.
You have the right to object to our processing of your personal data for direct marketing purposes or when our legal basis for processing your personal data is 'legitimate interests' and you disagree with us processing it. Please note that if we have an overriding reason why we need to use your personal data, we have the right to reject your request.
You have right to request us to forward the personal data you provided (in case it is on the basis of consent or contract, and if they are processed by automated means) to another data controller or transferred to you in a structured, commonly used and computer-readable format, if it is technically possible.
9.7 Automated individual decision-making, including profiling.
We rely on automated tools to help determine whether a transaction or a customer account presents a fraud or legal risk. You have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.
9.8 Complaint and compensation.
You have a right to (i) lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that our processing of your personal data has infringed relevant data protection laws; and (ii) if you have suffered damage as a result of our infringement of relevant data protection laws you shall have the right to receive compensation from us for the damage suffered.
9.9 Contact details.
If you wish to exercise any of your rights at any time, please contact us on the details contained at the end of this Policy in the first instance. We will require you to verify your identity to us before we provide any personal data and reserve the right to ask you to specify the types of personal data to which your request relates. We will try to respond to your legitimate requests within 30 days. Occasionally it may take us longer than 30 days if request is complex or you have made a number of requests.
9.10 Administrative fee.
Where you wish to exercise any of your rights, they may be subject to payment of a nominal administration fee (to cover our costs incurred in processing your request) and any clarificationwe may reasonably require in relation to your request. Such fees may be charged only where we consider (acting reasonably) that your request is excessive, unfounded or repetitive.
10.1 If you authorize one or more third party applications to access your account or services with us then the personal data that you have provided to us may be shared with those third parties. Unless you provide further consents, we will not authorize such third parties to use such personal data for any purpose other than to facilitate your transactions with us.
10.2 Please note that these third parties you interact with may have their own privacy policies and we are not responsible for their operations or the use of the personal data they collect. Please review the privacy policies of such parties to learn how they handle your personal data.
11.1 To facilitate our global operations, we may transfer, store, and process your information within our family of companies, partners, and service providers based throughout the world, including third parties and possibly other countries. We contractually obligate recipients of your personal information to agree to at least the same level of privacy safeguards as required under applicable data protection laws.
11.2 If we transfer your personal data to recipients in a country outside of the EU/EEA we only do this in accordance with applicable law.
12.1. We reserve the right to amend this Policy at any time and without prior notice to you. The latest version of this Policy is always available on our website. Please review this Policy from time to time so you are aware of any changes or updates to this Policy. By continuing to use our services or purchasing products from us or by your continued engagement with us following the change or revision to this Policy, you will be deemed to have agreed to and accepted such amendments.
13.1 You confirm that you have provided correct data about yourself in every required form and that afterwards, when changing or adding any data to be provided to us, you will enter only correct data. We will not tolerate invalid, false or otherwise incorrect data and will pursue actions in accordance with its legal obligations. You shall bear any losses that occur with regard to the submission of invalid, false or otherwise incorrect data.
13.2 We draw your attention to the fact that your email address and any other contact information you have chosen to link to your account are used for your identification and communication. You undertake responsibility to protect these instruments and logins to them.
You are responsible for password disclosure and for all operations performed after you use the password for a relevant account. We recommend that you take necessary precautions to protect your account and passwords.
15.1. If you have questions or concerns regarding this Policy or about how we use your personal data, wish to make any request, or if you have a complaint, please contact us email@example.com