Valid from: 2020-10-07
The virtual currency exchange platform SpectroCoin, available on the website www.spectrocoin.com, our mobile apps or application programming interfaces ("API") ("SpectroCoin"), the "Platform", the “Website”) offers a range of services, provided according to the Platform Terms and Conditions and all documents incorporated therein (the "Services"). The Services on the Platform may be provided by Spectro Finance Limited (a limited liability company, company number 2022454, registered at Craigmuir Chambers, Road Town, Tortola, VG1110, the British Virgin Islands or Spectro Finance Systems Limited (a limited liability company, company number 2027522, registered at Craigmuir Chambers, Road Town, Tortola, VG1110, the British Virgin Islands) (any of the aforementioned companies further may be referred to as the "Company", "we" or "us") depending on the country you access the Platform or use the Services from and subject you conclude the agreement with when accepting General Terms and Conditions and other related documents of the Platform.
- In order to provide Services through the Platform, we may process personal data of our customers, their clients or representative, other related persons, such as family members, beneficial owners, transaction senders, etc. (all together hereinafter referred to as "Customer" or "you"). Any personal data we gather, use or share about you is processed in accordance with applicable laws. The Company takes all the necessary measures to protect your personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. This includes legal, organizational, technical, and physical security measures.
- This Policy applies if you use of the Platform and any of the Services, available through it and indicates how your personal data is being processed by the Company, which in such a case, acts as a personal data controller and your Service provider. The Policy explains how we process your personal data through any relationship we have, whether it would be a call through the phone, use of the Services on the Platform, a message via e-mail or any other possible mean. In case you provide information about other natural persons to the Company, you undertake to make this Policy known to them before the disclosure of such information to the Company.
- By using this Platform and the Services you confirm you have read, understood and agree with this Policy. The Company reserves the right to make changes to this Policy. An up-to-date version of the Policy is posted on the Website.
Personal Data Management Principles
- The Company undertakes to ensure your personal data is:
- processed lawfully, fairly, and in a transparent manner in relation to you;
- collected for specified, explicit and legitimate purposes (e.g. prevention of money laundering and terrorist financing, performance of Services, etc.), and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date;
- kept in a form which permits your identification for no longer than is necessary for the purposes for which the personal data are processed;
- processed in a manner that ensures appropriate security of your personal data.
- The Company follows the above indicated principles strictly during the processing of your personal data and requests the same from the data processors which it may use to process personal data on behalf of the Company.
Lawfulness of Personal Data Processing
- Your personal data will be processed if:
- you have given consent to the processing of your personal data for one or more specific purposes; and/or
- processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract; and/or
- processing is necessary for compliance with a legal obligation to which we are subject; and/or
- processing is necessary for the purposes of the legitimate interests pursued by us or the third party.
- The Company may subject its Customers to decisions based solely on automated processing, including profiling, only if it is necessary for the conclusion of a contract between you and the Company or due to the provision of the Services under such contract, it is authorized by the law or you have expressed explicit consent to such processing.
Purposes for Which Your Personal Data is Being Processed
- Your personal data is being processed for the purposes of:
- account establishment;
- performance of the Services (such as transactions of sale and purchase, withdrawal, deposit, exchange);
- prevention of money laundering and terrorist financing (implementation of the principle "Know Your Customer");
- crime prevention;
- implementation of international sanctions;
- Services support;
- quality assurance;
- direct marketing;
- use of the Company's social networks accounts;
- proper and secure operation of the Platform.
- The processing of your personal data is necessary for the implementation of the above indicated purpose(s), therefore, if you fail to provide the requested data, the Company may not be able to provide your requested Services.
Methods how your Personal Data is Being Collected
- The Company collects your personal data directly from you or from the third parties when:
- you use or view the Platform;
- you register to the Platform;
- you use our Services;
- you request Services support;
- we execute Customer’s due diligence or ongoing due diligence;
- we monitor your transactions;
- we check whether you are not related to fraudulent activities;
- we receive requests, orders, decisions or etc. from the third parties regarding you.
- The Company may also collect your personal data from other SpectroCoin companies, as they are defined in General Terms and Conditions of the Platform, upon the change of the SpectroCoin company as your service provider.
Categories of The Processed Personal Data
- The scope of the Customer's personal data indicated below which could be requested by the Company and further processed in order to provide the Services for the purposes indicated in article 4 of this Policy may vary depending on the type of Services chosen particularly by the Customer and Company's applied verification procedures to execute it, as well as legal requirements applied for such provision of Services in order to prevent possible risks and various crimes.
- In order to provide the Services, we may process your personal data categories, such as (including but not limited to):
- General identification data: first name, middle name, former name, aliases, surname, gender, date of birth, residential address, e-mail, phone number, selfie (with the identity document), real-time video;
- Identity document data: ID Type (Passport/Identity Card/Residence permit), its copy, MRZ, document number, date of issue, date of expiry;
- Other Customer's profile information: profile type, member ID, referral code, login status, email confirmed status, phone confirmed status, secret questions information;
- Social network data: social sign in type, social network profile photo, name, surname, your comments, emotions and other actions expressed via our social network account, other your social network profile information provided by you;
- Information about Customer's occupation and income sources: specific occupation, main sectors of Customer's occupation, source of wealth and funds in Customer's account, source of fixed income, information on the percentage of turnover in aforementioned Customer's activity handled in cash;
- Account opening information:
- the purpose of the account opening;
- explanation of the business for which the account is being opened;
- Services which the client plans to use;
- size and volume of the business for which the account is being opened;
- expected nature and level of the transaction sought;
- countries from which the funds will be received and transferred;
- Information about Politically Exposed Person ("PEP"):
- Information whether the Customer is PEP itself or has an immediate relationship with PEP;
- General PEP's identification data: relation, name, surname, country, PEP's position;
- Information about Beneficial Owner ("UBO"):
- Information whether the Customer is the UBO of the account and the funds in the account or acts as a representative;
- Financial data:
- information about linked or pre-paid card(s) if such services are available;
- accounts, wallets related to the Customer's accounts on the Platform (used for receiving/sending funds);
- information about other Customers' cryptocurrencies accounts and all operational information within;
- information about used SpectroCoin merchant services;
- transactions information: transaction ID, method, type, status, sender, recipient (ID), QR code/wallet address, time and date register, order ID, amount, currency (code), coupon code;
- Data obtained and/or created while performing legal obligation: inquiries, requests, notifications, orders, courts decisions or other data related to the specific Customer(s) which may be received by or provided to the police, courts, investigative bodies, notaries, tax administrator, courts, bailiffs and other institutions;
- Communication data: date, time, correspondence, video and voice calls, chats;
- Information related to electronic devices: IP address(es); time zone; log-in and log-out register; browser information; electronic device‘s operational system information; location data (country (code), city); internet service provider (ISP); selected language; information regarding Customer‘s actions within Website;
- History data: Customer's experience using the Website, the register of all Customer's actions performed on the Platform (i.e. operations, such as funds transactions, linking cards, log-in and log-out register, register of reset passwords, separately expressed Customer's consents for personal data processing (i.e. for direct marketing);
- Other data which may be requested or gathered by the Company or provided by the Customer herself/himself or any third party.
Personal Data Recipients
- Your personal data indicated in article 6 of this Policy may be provided by the Company itself or upon respective request to the below indicated categories of personal data recipients:
- Virtual currency services providers;
- Payment service providers, as well as intermediary services providers if relative Services are available and offered and such Services are related with these service providers;
- credit, financial, payment and (or) electronic money institutions if relative Services are available and offered and any of the Services are related with these service providers;
- authorities (i.e. supervising institutions, law enforcement institutions, courts);
- auditors, legal and financial consultants;
- IT providers;
- marketing services providers;
- fraud detection services providers;
- data processors;
- other SpectroCoin companies, as they are defined in General Terms and Conditions of the Platform, in order to ensure smooth provision of the Services on the Platform upon change of the SpectroCoin company as your Service provider;
- other Partners of SpectroCoin, as they are defined in annexes of General Terms and Conditions of the Platform, in order to ensure smooth and easy delivery of the Services;
- other service providers which services may include, or which are engaged in personal data processing executed by the Company.
- Personal data may also be provided to other recipients if:
- the Company has to comply with a legal obligation to which it is a subject; or
- such requested personal data is necessary for the concrete data recipient to carry out a particular inquiry in the general interest; or
- the data requesting party has a legitimate interest to request for such information.
- The Company maintains strong cooperation with local and international authorities and institutions, therefore, upon request of such party substantiated under article 7.2 of this Policy, your personal data may be provided to the requested party without permission to notify you.
Personal Data Storage
- The Company processes personal data so that it could achieve the purposes indicated in article 4 of this Policy.
- In order to set the below indicated data retention periods, the Company has referred to the legal acts and public recommendations such as compliance with legit limitation periods, as well as a current business practice.
- Depending on the category of personal data and the purpose it is being processed your data retention period applied within the Company as it is required by the law or business practice to ensure smooth delivery of the Services is:
- for the purposes indicated in articles 4.1.1- 4.1.5 of this Policy we process your personal data throughout the term of our contractual relationship and store it after this relationship ends until it is no longer necessary for us to keep it for the indicated purposes (for example, due to the nature of our business it may be necessary to store such data for additional 8 years). In case you are able to use our Services without entering into contractual relationship with us, your personal data will be processed for a period of 3 years since you created an account on the Platform. The personal data processing for such period is based on the necessity to execute Customer's due diligence, conduct ongoing monitoring, collect supporting evidence and records of transactions. In the event contractual relationship has not been established based on reasons not related with prevention of money laundering and terrorist financing (e.g. you decided not to finish application or verification procedure due to your own personal reasons) your personal data will be stored for 3 years since the last actual contact with you or action from your side;
- for the purposes indicated in articles 4.1.6 - 4.1.7 we process your personal data throughout the term of our contractual relationship or collected via correspondence with you throughout the term of our contractual relationship and store it after this relationship ends until it is no longer necessary for us to keep it for the indicated purposes (for example, due to the nature of our business it may be necessary to store such data for additional 5 years). The same storage principle applies for your personal data processed for the aforementioned purposes and collected when you call to our support services, or communicate with us when you have not established or has already terminated contractual relationship with us (for example, due to the nature of our business it may be necessary to store such data for the period of 3 years since the day of execution of voice call record or our last contact with each other via other communication means). The personal data processing for such periods is based on the necessity to keep records of communicati on with you;
- for the purpose indicated in article 4.1.8 we may process your personal data throughout the term of our contractual relationship or throughout the term your consent is valid (up to 3 years, if not renewed) and after the day of termination of a contractual relationship or expiration date/revocation of the consent we store it for an additional period of time due to possible claims (for example, it may be necessary to store such data for additional 3 years) although newsletters will not be sent during this period;
- for the purposes indicated in article 4.1.9 we process your personal data until your social network account or Company's social network account is deleted - whichever comes first;
- for the purposes indicated in article 4.1.10 we process your personal data throughout the term we support the Platform.
- Upon the end of the retention period indicated above your personal data is erased.
- In order to provide you generic or personalized up-to-date news about SpectroCoin products, Services and proposals, your email address and/or telephone number might be processed by the Company for direct marketing purposes.
- You may receive generic direct marketing newsletters based on Company’s legitimate interest according to the applicable law and/or personalized direct marketing newsletters based on your explicitly expressed consent.
- In order to select and send you the news which is likely to be most interesting and relevant to you, the Company may profile you based on meaningful factors, such as your location, the day of your last sign-in to the Platform, the history of your use of the Services, etc. Kindly note that your profile will be segmented only if you have explicitly agreed to receive personalized direct marketing news.
- In order to send you the newsletters we may use third party services and share your email address and/or telephone number with it.
- Your contact details, indicated in article 9.1., will be processed for the period indicated in article 8.3.3 of this Policy. Together with your email address and/or telephone number your personal data, such as IP address and the date when you gave a consent and or you have renewed it (and later on also the day of termination of Services or expiration/revocation date of the consent), will be processed for the aforementioned period.
- You have a right to object to processing of your personal data for direct marketing purposes or revoke your present consent for receiving personalized news at any time by withdrawing your consent in your profile settings or by clicking on the withdrawal link provided in the received newsletters, or by sending us a request at the contacts provided in the Platform.
- The Company takes various security ensuring technologies and procedures in order to protect your personal data against unauthorized or unlawful processing, accidental loss, misuse, unauthorized access, illegal usage, destruction, disclosure, damage and etc. This includes legal, organisational, technical, and physical security measures, such as the latest security systems, passwords, ability to detect cyber security attacks and other threats to the integrity of the Platform, working only with trustworthy service providers, etc. However, no transmission of information via e-mail or other telecommunication channels or your access to the Platform or the Services through the internet could be fully secured. Therefore, you should take due care when you are accessing the Platform or using the Services via the internet or sharing confidential information via e-mail or other telecommunication channels.
Your Rights Regarding the Processing of Your Personal Data
- You have certain legal rights in relation to the processing of your personal data, including:
- the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information regarding its processing;
- the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, taking into account the purpose of the processing, the right to have incomplete personal information completed;
- the right to obtain from us the erasure of personal data concerning you without undue delay if it is possible;
- the right to obtain from us restriction of processing if it is possible;
- the right to data portability if it is possible;
- the right to object at any time to processing of your personal data if it is possible;
- the right not to be subject to an automated individual decision-making, including profiling if it is possible.
- This Policy does not deprive you of any other legal rights you may enforce under the applicable law.
- The Customer may exercise his/her rights only after the Company has successfully identified him/her. If the Company is not sure about the identity of the person sending data request, the Company may not provide the requested information to him/her, unless the Customer's identity is confirmed. Therefore, if you like to address a request towards the Company regarding the execution of your rights, we suggest you to do it through Live Chat once you are logged in to your account on the Platform (so that we could identify you). In case you decide to use other communication channels, such as sending a request via email, we kindly ask you to indicate in the e-mail your name, surname, your date of birth and the last four digits of your identity document number which you used when entering into a business relationship with the Company (if you have provided it before). In addition, the Company keeps the right to decide if the other or additional legitimate mean of identification proof should be requested, such as a selfie with your ID document, a certified copy of your ID document, video or voice call, or any other additional document or method which could let to determine your identity.
- The Customer is provided with information related to the exercise of his/her rights free of charge. However, the Customer's request for the exercise of the rights may be waived or may be subject to an appropriate fee if the request is manifestly unfounded or excessive, in particular, because of their repetitive character.
- The Company shall provide the Customer with information on the actions taken upon receipt of the Customer's request for the exercise of his rights or the reasons for the inaction no later than within 1 month from the receipt of the request. The period for submitting the requested information may be extended, if necessary, for 2 more months, depending on the complexity and number of requests. When the Customer submits the request by electronic means, the information shall also be provided by electronic means.
- If the Customer considers that his/her personal data is being processed in violation of his/her rights and legitimate interests in accordance with the applicable law, the Customer shall have the right to file a complaint against the processing of personal data to the respective authority in the British Virgin Islands.
- You confirm that you have provided correct data about yourself in every required form and that afterwards, when changing or adding any data at the Platform, you will enter only correct data. The Company will not tolerate invalid, false or otherwise incorrect data and will pursue actions in accordance with its legal obligations. You shall bear any losses that occur with regard to the submission of invalid, false or otherwise incorrect data.
- You are responsible for maintaining adequate security and control of every identification number, password, and/or any other code that you use to access the Platform. If you have not complied with this obligation and/or could, but have not prevented it and/or performed it on purpose or due to own negligence, you assume the losses and undertake to reimburse the losses of other persons incurred as a result of your (in)action.
- In the event of loss of any password by yourself or if the password(s) are disclosed not due to your or the Company‘s fault, or in case of a real threat that has occurred or may occur to your account, you undertake to change the password(s) immediately or, if you do not have a possibility to do that, not later than within 1 calendar day notify the Company. The Company shall not be liable for consequences that have originated due to the notification failure.
- After the Company receives the notification from you as indicated above, the Company shall immediately suspend access to your account and provision of the Company's Services until a new password is provided/created for you.
- The Company draws your attention to the fact that an email address and any other contact information you have chosen to link to your account are used for your identification and communication. You undertake the responsibility to protect these instruments and logins to them. You are responsible for password disclosure and for all operations performed after you use the password for a relevant account. We recommend to memorize your passwords and not to write them down or enter anywhere where they may be seen by other persons.
- If you have any questions regarding this Policy or your personal data protection or if you want to withdraw your consent, or execute your rights you may contact us via [email protected].
- The Platform and Services may contain links to our partners or other third-party websites. If you use the services of our partners or other third-parties, their own privacy policies apply, and you will be covered by such respective policies.