Privacy Policy

Back to Terms & Conditions
Valid from: 2024-05-16

Privacy Policy (for EU)

  1. General Provisions

    1. The virtual currency exchange platform SpectroCoin, available on the website, our mobile apps or application programming interfaces ("API") ("SpectroCoin", the "Platform", the "Website") offers a range of services, provided according to the Platform Terms and Conditions and all documents incorporated therein (the "Services"). The Services on the Platform may be provided by Spectro Finance OÜ (a limited liability company, company number 14608294, registered at Narva mnt 7b-509 Tallinn 10117, Estonia), Spectro Finance Limited (a limited liability company, company number 2022454, registered at Craigmuir Chambers, Road Town, Tortola, VG 1110, British Virgin Islands) or Spectro Finance Systems LLC (a limited liability company, company number 2904 LLC 2023, registered at Euro House, Richmond Hill Road, Kingstown, Saint Vincent and the Grenadines) (any of the aforementioned companies further may be referred to as the "Company", "we" or "us") depending on the country you access the Platform or use the Services from and subject you conclude the agreement with when accepting General Terms and Conditions and other related documents of the Platform.
      Kindly be advised that this Privacy Policy (the "Policy") is applicable to Spectro Finance Limited and Spectro Finance Systems LLC only if you are a citizen of the European Union (the "EU") or reside there and any of them acts as your Service provider.
    2. In order to provide Services through the Platform we may process personal data of our customers, their clients or representative, other related persons, such as family members, beneficial owners, transaction senders, etc. (all together referred to as "Customer" or "you"). Any personal data we gather, use or share about you is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR") and other applicable laws.
    3. This Policy applies if you use the Platform and any of the Services, available through it and indicates how your personal data is being processed by any Company, which in such a case, acts as a personal data controller. The Policy explains how we process your personal data through any relationship we have, whether it would be a call through the phone, use of the Services on the Platform, a message via email or any other possible mean. In case you provide information about other natural persons to the Company, you undertake to make this Policy known to them before the disclosure of such information to the Company.
    4. By using the Platform or any of the Services offered through it you confirm you have read, understood and agreed with this Policy. The Company reserves the right to make changes to this Policy from time to time. An up-to-date version of the Policy is posted on the Platform, therefore, please do review it regularly.
  2. Personal Data Management Principles

    1. The Company undertakes to ensure your personal data is:
      1. processed lawfully, fairly, and in a transparent manner in relation to you;
      2. collected for specified, explicit and legitimate purposes (e.g. prevention of money laundering and terrorist financing, performance of Services, etc.), and not further processed in a manner that is incompatible with those purposes;
      3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
      4. accurate and, where necessary, kept up to date;
      5. kept in a form which permits your identification for no longer than is necessary for the purposes for which the personal data are processed;
      6. processed in a manner that ensures appropriate security of your personal data.
    2. The Company follows the above indicated principles strictly during the processing of your personal data and request the same from the data processors which it may use to process personal data on behalf of the Company.
  3. Lawfulness of Personal Data Processing

    1. Your personal data will be processed if:
      1. you have given consent to the processing of your personal data for one or more specific purposes; and/or
      2. processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract; and/or
      3. processing is necessary for compliance with a legal obligation to which we are subject; and/or
      4. processing is necessary for the purposes of the legitimate interests pursued by us or the third party;
      5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
    2. The Company may subject its Customers to decisions based solely on automated processing, including profiling, only if it is necessary for conclusion of a contract between you and the Company or due to provision of the Services under such contract, it is authorised by the law or you have expressed an explicit consent to such processing.
  4. Purposes for Which Your Personal Data Is Being Processed

    1. Your personal data is being processed for the purposes of:
      1. account establishment;
      2. performance of the Services (sale and purchase, transfers of funds, payment collection, etc.);
      3. prevention of money laundering and terrorist financing (implementation of the principle "Know Your Customer");
      4. crime prevention;
      5. implementation of international sanctions;
      6. Services support;
      7. quality assurance;
      8. direct marketing;
      9. call recording;
      10. use of the Company's social networks accounts;
      11. proper and secure operation of the Platform.
    2. The processing of your personal data is necessary for the implementation of the above indicated purpose(s), therefore, if you fail to provide the requested data the Company may not be able to provide your requested Services.
  5. Methods of How Your Personal Data Is Being Collected

    1. The Company collects your personal data directly from you or from the third parties when:
      1. you use or view the Platform;
      2. you register to the Platform;
      3. you use our Services;
      4. you request Services support;
      5. we execute Customer's due diligence or ongoing due diligence;
      6. we monitor your transactions;
      7. we check whether you are not related to fraudulent activities;
      8. your personal data has been provided by the authorized third party;
      9. we receive requests, orders, decisions or etc. from the third parties regarding you;
      10. you consent to the call being recorded.
    2. The Company may also collect your personal data from other SpectroCoin companies, as they are defined in General Terms and Conditions of the Platform, upon the change of the SpectroCoin company as your service provider.
  6. Categories of The Processed Personal Data

    1. The scope of the Customer's personal data indicated below which could be requested by the Company and further processed in order to provide the Services for the purposes indicated in article 4 of this Policy may vary depending on the type of Services chosen particularly by the Customer and Company's applied verification procedures to execute it, as well as, legal requirements applied for such provision of Services in order to prevent possible risks and various crimes.
    2. In order to provide the Services, we may process your personal data categories, such as (including but not limited):
      1. General data: name, surname, personal code, date of birth, citizenship(s), place of birth (city, country), country of residence for tax purpose, taxpayer identification number (TIN), address, city/town, postal code, phone number, email, networks account information (i.e. Facebook, Google, Skype) signature, selfie with the identity document, video, data about Customer which may be provided in double-checking systems;
      2. Other Customer's profile information: profile type, unique character sequence assigned to the Customer for identification, executed Customer’s assessment (evaluation) results, 2FA information, member ID, user ID, user PIN, referral code, referral ID, session ID, login status, social sign on type, email confirmed status, phone confirmed status, secret questions information, compliance officer comments;
      3. Social network data: social sign on type, social network profile photo, name, surname, your comments, emotions and other actions expressed via our social network account, other your social network profile information provided by you;
      4. Identity document data: ID Type (Passport/Identity Card/Residence permit), its copy, MRZ, document number, date of issue, date of expiry;
      5. Data obtained and/or created while performing legal obligation: inquiries, requests, notifications, orders, courts decisions or other data related to the specific Customer(s) which may be received by or provided to the police, courts, investigative bodies, notaries, tax administrator, courts, bailiffs and other institutions;
      6. Information about Customer‘s occupation and income sources:
        1. Specific occupation: paid employee/owner of legal entity (company name)/registered self-employee/student/retired/unemployed;
        2. Main sectors of customer's occupation, individual or business activity;
        3. Information regarding countries in which customer is employed, carries out individual activity or business: countries, whereas activity or business is conducted or registered in preferential tax zone, percentage of turnover in cash for such activity or business, percentage of turnover in individual or business activity is handled in cryptocurrency;
      7. Account opening information:
        1. Services which the client plans to use;
        2. Source of funds in Customers account;
        3. Monthly planned account turnover in EUR; countries from which the funds will be received or transferred;
      8. Information about Politically Exposed Person ("PEP"):
        1. Information whether the Customer is PEP itself or has an immediate relationship with PEP;
        2. General information regarding PEP: relation, name, surname, country, PEP's position;
      9. Information about Beneficial Owner ("UBO"):
        1. Information whether the Customer is the UBO of the account and the funds in the account;
        2. General UBO's identification data: name, surname, date of birth, citizenship, country of residence for tax purposes, tax identification number (TIN), place of birth (city, country), registered residential address, share of benefit;
      10. Financial data:
        1. information about linked card(s) (i.e. currency, partial card number, validity date, card's owner name and surname, CVV/CVV2);
        2. information about pre-paid card(s);
        3. accounts related to the Customer's account on the Platform (used for receiving/sending funds);
        4. information about accounts in other financial institutions (i.e. name of institution, country, account number);
        5. information about other Customer's cryptocurrencies;
        6. information about used SpectroCoin merchant services;
        7. transactions information: transaction ID, method, type (credit, deposit, withdrawal, exchange), status, sender, recipient (ID), QR code/wallet/fiat account number, payment provider's information, time and date register, order ID, amount, currency (code), coupon code;
      11. Communication data: date, time, correspondence, video and voice calls, chats, etc.
      12. Information related to electronic devices: IP address(es); time zone; log-in and log-out register; browser information; electronic device's operational system information; location data (country (code), city), internet service provider (ISP); selected language; information regarding Customer's actions within Website;
      13. History data: customer's experience using the Website, the register of all Customer's actions performed on the Platform (i.e. operations, such as funds transactions, linking cards, log-in and log-out register, register of reset passwords, separately expressed Customer's consents for personal data processing (i.e. for direct marketing);
      14. Call recording data: the record of the call, including the representation of the agent and the caller, as well as, all information discussed during the call, data and time of the call, caller’s telephone number, agent number;
      15. Other data which may be requested or gathered by the Company or provided by the Customer herself/himself or any third party.
  7. Personal Data Recipients

    1. Your personal data indicated in article 6 of this Policy may be provided by the Company itself or upon respective request to the below indicated categories of personal data recipients:
      1. credit, financial, payment and (or) electronic money institutions;
      2. payment services providers, as well as intermediary services providers;
      3. cards providers;
      4. authorities (i.e. supervising institutions, law enforcement institutions, courts);
      5. auditors, legal and financial consultants;
      6. IT providers;
      7. marketing services providers;
      8. telecommunication and call recording service providers;
      9. fraud detection services providers;
      10. data processors;
      11. any of the Companies, in order to ensure smooth provision of the Services on the Platform upon change of the Company as your Service provider;
      12. other Partners of SpectroCoin, as they are defined in annexes of General Terms and Conditions of the Platform, in order to ensure smooth and easy delivery of the Services;
      13. other service providers which services may include, or which are engaged in personal data processing executed by the Company.
    2. Personal data may also be provided to other recipients if:
      1. the Company has to comply with a legal obligation to which it is a subject; or
      2. such requested personal data is necessary for the concrete data recipient to carry out a particular inquiry in the general interest, in accordance with the European Union or Member State law; or
      3. the data requesting party has a legitimate interest to request for such information;
      4. other grounds indicated in Article 6 of GDPR are applied.
    3. The Company maintains strong cooperation with local and international authorities and institutions, therefore, upon request of such party substantiated under article 7.2 of this Policy, your personal data may be provided to the requested party without permission to notify you.
    4. In general, the Company process your personal data within the EU or the European Economic Area (the "EEA"), however, there might be some cases when the Company cooperates with the recipients outside EU or EEA. In such cases the Company makes all reasonable efforts to ensure that at least one of the following GDPR requirements is complied:
      1. the recipient is located in the territory which is acknowledged by the European Commission as ensuring the adequate level of personal data protection;
      2. the Company and the recipient have concluded the Standard contractual clauses regarding personal data transferring which were approved by the European Commission;
      3. the Codes of conduct or other measures indicated in Chapter V of GDPR have been been complied.
  8. Personal Data Storage

    1. The Company processes personal data so that it could achieve the purposes indicated in article 4 of this Policy.
    2. In order to set the below indicated data retention periods the Company has referred to the legal acts and public recommendations applicable in the European Union and locally such as compliance with legit limitation periods, as well as current business practice.
    3. Depending of the category of personal data and the purpose it is being processed your data retention period applied within the Company as it is required by the law or business practice to ensure smooth delivery of the Services is:
      1. for the purposes indicated in articles 4.1.1- 4.1.5 of this Policy we process your personal data throughout the term of our contractual relationship and store it after this relationship ends for as many years as it is required by law (for example, it may be required to store such data for additional 8 years). The personal data processing for such period is based on necessity to execute Customer's due diligence, conduct ongoing monitoring, collect supporting evidence and records of transactions. In case the contractual relationship has not been established based on reasons not related with prevention of money laundering and terrorist financing (e.g. you decided not to finish application or verification procedure due to your own personal reasons) your personal data will be stored for 3 years since the last contact with you or action from your side;
      2. for the purposes indicated in article 4.1.6 - 4.1.7 we process your personal data collected via correspondence with you throughout the term of our contractual relationship and store it after this relationship ends for as many years as it is required by law (for example, it may be required to store such data for additional 5 years). The same storage principle applies to your personal data processed for the aforementioned purposes and collected if we communicate when you have not established or have already terminated a contractual relationship with us (for example, due to the nature of our business, it may be necessary to store such data for 3 years since the day of our last contact with each other via available communication means). The personal data processing for such periods is based on necessity to keep records of communication with you;
      3. for the purpose indicated in article 4.1.8 we may process your personal data throughout the term you are registered to use the Services and/or have contractual relationship with us, or throughout the term your consent is valid (up to 3 years, if not renewed), except in cases when you have objected to such processing, terminated the contractual relationship, requested erasure of your personal data or other provisions for data erasure have been applied, and after the day of termination of relationship or expiration date/ revocation of the consent we store it for additional period of time due to possible claims (for example, possible prescription period for claims can be 3 years) although newsletters will not be sent during this period;
      4. the purpose indicated in article 4.1.9 your personal data will be processed for 6 months since the date the record of the call has been made;
      5. for the purposes indicated in article 4.1.10 we process your personal data until your social network account or Company’s social network account is deleted – whichever comes first;
      6. for the purposes indicated in article 4.1.11 we process your personal data throughout the term we support the Platform.
    4. Upon the end of retention period, indicated above, your personal data is erased or anonymized irreversibly.
  9. Direct Marketing

    1. In order to provide you generic or personalized up-to-date news about SpectroCoin products, Services and proposals and/or ask your opinion about the Services, your email address and/or telephone number might be processed by the Company for direct marketing purpose.
    2. We process your personal data for direct marketing purpose based on your explicitly expressed consent. We may also send personalized direct marketing material based on Company’s legitimate interest according to the applicable laws and regulations and categorization of your profile information (such as customer’s type, last login, last transaction time, Services being ordered/used, source used for accessing the Services, customer’s verification status, residing country, transaction information (amount, number, etc.), use of referral code/link) in order to inform you about the news that may be mostly interesting and relevant to you and/or ask your opinion about the specific Services.
    3. In order to send you the direct marketing material we may use third party services and share your email address and/or telephone number with it.
    4. Your contact details, indicated in article 9.1, will be processed for the period indicated in article 8.3.3 of this Policy. Together with your email address and/or telephone number your personal data, such as IP address and the date when you gave a consent and or you have renewed it (and later on also the day of termination of Services or expiration/revocation date of the consent), will be processed for the aforementioned period.
    5. You shall have a right to object at any time to processing of your personal data for the purpose of direct marketing, which includes profiling to the extent that is related to such direct marketing, by changing the settings in your profile, clicking on the withdrawal link provided in the received newsletters or by sending us a request at the contacts provided in the Platform.
  10. Information Security

    1. The Company takes various security ensuring technologies and procedures in order to protect your personal data against unauthorised or unlawful processing, accidental loss, misuse, unauthorized access, illegal usage, destruction, disclosure, damage and etc. This includes legal, organisational, technical, and physical security measures, such as latest security systems, two-factor authentication and passwords, ability to detect cyber security attacks and other threats to the integrity of the Platform, working only with trustworthy service providers, etc. However, no transmission of information via email or other telecommunication channels or your access to the Platform or the Services through the internet could be fully secured. Therefore, you should take due care when you are accessing the Platform or using the Services via internet or sharing confidential information via email or other telecommunication channels.
  11. Cookies

    1. Cookies are small information files found in the Platform you visit and stored in your computer or mobile device. In order to get to know more about cookies, please read Cookie Policy on the Platform.
  12. Your Rights Regarding the Processing of Your Personal Data

    1. You have certain legal rights in relation to the processing of your personal data, including:
      1. the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information regarding its processing;
      2. the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, taking into account the purpose of the processing, the right to have incomplete personal information completed;
      3. the right to obtain from us the erasure of personal data concerning you without undue delay if one of the grounds set out in article 17 of the GDPR applies;
      4. the right to obtain from us restriction of processing where one of the grounds set out in article 18 of the GDPR applies;
      5. the right to data portability in accordance with article 20 of the GDPR;
      6. the right to object at any time to processing of your personal data in accordance with article 21 of the GDPR;
      7. the right not to be subject to an automated individual decision-making, including profiling in accordance with article 22 of the GDPR.
    2. This Policy does not deprive you of any other legal rights you may enforce under the applicable law.
    3. The Customer may exercise his/her rights only after the Company has successfully identified him/her. If the Company is not sure about the identity of the person sending data request, the Company may not provide the requested information to him/her, unless the Customer's identity is confirmed. Therefore, if you like to address a request towards the company regarding execution of your rights, we suggest you to do it through Live Chat once you are logged in to your account on the Platform (so that we could identify you). In case you decide to use other communication channels, such as sending a request via email, kindly ask you to indicate in the email your name, surname, your date of birth and the last four digitals of your identity document number which you used when entering into business relationship with the company (if you have provided it before). In addition, the Company keeps the right to decide if the other or additional legitimate mean of identification proof should be requested, such as a selfie with your ID document, certified copy of your ID document, video or voice call, or any other additional document or method which could let to determine your identity.
    4. The Customer is provided with information related to the exercise of their rights free of charge. However, the Customer's request for the exercise of rights may be waived or may be subject to an appropriate fee if the request is manifestly unfounded or excessive, in particular because of their repetitive character.
    5. The Company shall provide the Customer with information on the actions taken upon receipt of the Customer's request for the exercise of his rights or the reasons for the inaction no later than within 1 month from the receipt of the request. The period for submitting the requested information may be extended, if necessary, for 2 more months, depending on the complexity and number of requests. When the Customer submits the request by electronic means, the information shall also be provided by electronic means.
    6. If the Customer considers that his/her personal data is being processed in violation of his/her rights and legitimate interests in accordance with applicable law, the Customer shall have the right to file a complaint against the processing of personal data to the State Data Protection Inspectorate located in the country where your data controller is incorporated.
  13. Your Responsibilities

    1. You confirm that you have provided correct data about yourself in every required form and that afterwards, when changing or adding any data at the Platform, you will enter only correct data. The Company will not tolerate invalid, false or otherwise incorrect data and will pursue actions in accordance with its legal obligations. You shall bear any losses that occur with regard to the submission of invalid, false or otherwise incorrect data.
    2. You are responsible for maintaining adequate security and control of every identification number, password, and/or any other code that you use to access the Platform. If you have not complied with this obligation and/or could, but have not prevented it and/or performed it on purpose or due to own negligence, you assume the losses and undertake to reimburse the losses of other persons incurred as a result of your (in)action.
    3. In the event of loss of any password by yourself or if the password(s) are disclosed not due to your or Company's fault, or in case of a real threat that has occurred or may occur to your account, you undertake to change the password(s) immediately or, if you do not have a possibility to do that, not later than within 1 calendar day notify the Company. The Company shall not be liable for consequences that have originated due to the notification failure.
    4. After the Company receives the notification from you as indicated above, the Company shall immediately suspend access to your account and provision of the Company’s Services until a new password is provided/created for you.
    5. The Company draws your attention to the fact that email address and any other contact information you have chosen to link to your account are used for your identification and communication. You undertake responsibility to protect these instruments and logins to them. You are responsible for password disclosure and for all operations performed after you use the password for a relevant account. We recommend to memorize your passwords and not to write them down or enter anywhere where they may be seen by other persons.
  14. Contact Details

    1. In case your Services provider is Spectro Finance Limited or Spectro Finance Systems LLC, the designated representative in EU of the aforementioned Companies is Spectro Finance OÜ, Narva mnt 7b-509 Tallinn 10117, Estonia, contact email: [email protected].
    2. If you have any questions regarding this Policy or your personal data protection or if you want to withdraw your consent, or execute your rights you may contact our Data Protection Officer who monitors that your data processing executed by Company complies with the applicable data protection laws. You can reach our Data Protection Officer via email: [email protected] or mail via postal address: Spectro Finance OÜ, Narva mnt 7b-509 Tallinn 10117, Estonia with a notice "Data Protection Officer".
  15. Final Provisions

    1. This Policy shall be viewed and applied in accordance with the GDPR and other applicable laws.
    2. The Company may change, amend, delete any of the provisions contained in this Privacy Policy at any time and in its sole discretion. Any such changes will be effective upon the posting of the revised Policy on the Platform and you are solely responsible for reviewing it. Your continued use of the Platform and Services following any such revisions to the Policy will constitute your acceptance of such changes. If you do not agree to any such of such changes, do not continue to use our Services.
    3. The Platform and Services may contain links to our partners or other third-party websites. If you use the services of our partners or other third-parties, their own privacy policies apply, and you will be covered by such respective policies.
Back to top
Mobile wallet

Get your mobile wallet