Dated: 12 October 2018
For the purpose of the relevant data protection regulations, Fintelum OÜ is the “data controller” of your information, having address at Harju maakond, Tallinn, Lasnamäe linnaosa, Valukoja tn 8-110, 11415, Estonia. If you have any questions about how we protect or use your data, please email us at firstname.lastname@example.org.
I. Protection of your personal information
1. Fintelum is serious about guarding the security of your personal information and use a secure server to store your personal information. All information you provide to us is stored on our secure servers. Any data provided via our Website will be encrypted using Transport Layer Security technology.
2. Although we will do our best to protect your personal data, we cannot guarantee the security of your data during transmission from you to us over the Internet. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
3. We restrict access of your personal information to those employees of Fintelum who have a business reason for knowing such information. We continuously educate and train our employees about the importance of confidentiality and privacy of customer information. We maintain physical, electronic and procedural safeguards that comply with the relevant laws and regulations to protect your personal information from unauthorised access.
II. Information we may collect
We may collect and use the following data about you:
4. Information you give to us.
(a) You may give us information about you when you sign up to use our Service, e.g. when you provide us with your personal details, such as your name, email address and telephone number. This also includes information you provide through your continued use of our Services, participate in discussion boards or other social media functions on our Website, enter a promotion or survey, and when you report a problem with our Services. The information you give us may include your name, address, e-mail address, phone number, financial information (including cryptocurrency wallet or bank account information), payment reason, geographical location, national identification number, personal description and photograph.
(b) We may also need additional financial and/or identification information from you to comply with our “know your customer” and anti-money laundering obligations under applicable law, e.g. documents confirming your source of funds, a copy of your passport or ID card, etc.
5. Information we collect about you. With regard to your use of our Services we may automatically collect the following information:
(a) details of the transactions you carry out when using our Services, including geographic location from which you initiate the transaction and cryptocurrency wallet address;
(b) technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
(c) information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers), and methods used to browse away from the page.
6. Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties and may receive information about you from them. For example:
(a) business partners like token sale organisers may provide us with your name and
contact information, as well as financial information;
(b) advertising networks, analytics providers and search information providers may provide us with pseudonymised information about you, such as confirming how you found our website;
(c) identity verification and “name check” service providers may be used to confirm the information you have already provided to us.
III. Usage of cookies
8. We use the following cookies:
(a) Strictly necessary cookies. These are cookies that are required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website.
(b) Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
(c) Functionality cookies. These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
(d) Targeting cookies. These cookies record your visit to our Website or our partner websites, the pages you have visited and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests, reward you or your referral agent about your visit or usage of our Services. We may also share this information with third parties for this purpose.
10. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Website.
11. Except for essential cookies, all cookies will expire after 1 year.
IV. Use of the information
12. We use your information in the following ways:
(a) to carry out our obligations relating to your legal relationship with us and to provide you with the information, products and services;
(b) to comply with any applicable legal and/or regulatory requirements;
(c) to notify you about changes to our Services;
(d) as part of our efforts to keep our Services safe and secure;
(e) to administer our Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
(f) to improve our Services and to ensure that they are presented in the most effective manner;
(g) to measure or understand the effectiveness of advertising we serve and to deliver relevant advertising to you;
(h) to allow you to participate in interactive features of our Services, when you choose to do so;
(i) to provide you with information about other similar goods and services we offer;
(j) to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you; or
(k) to combine information we receive from other sources with the information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
V. Disclosure of your information
13. We may share or disclose or share your information with selected third parties including:
(a) token sale organisers where you have expressed an interest in a token sale;
(b) affiliates, business partners, suppliers and sub-contractors for the performance and execution of any contract we enter into with them or you;
(c) advertisers and advertising networks solely to select and serve relevant adverts to you and others;
(d) analytics and search engine providers that assist us in the improvement and optimisation of our Website;
(e) our group entities or subsidiaries;
(f) if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Services terms and other applicable agreements; or to protect the rights, property, or safety of Fintelum, its employees, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
(g) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
(h) to assist us in conducting or co-operating in investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so;
(i) to prevent and detect fraud or crime;
(j) in response to a subpoena, warrant, court order, or as otherwise required by law;
(k) to assess financial and insurance risks;
(l) to recover debt or in relation to your insolvency; and
(m) to develop customer relationships, services and systems.
14. We do not have a published list of all of the third parties with whom we share your data with, as this would be heavily dependent on your specific use of our Services. However, if you would like further information about who we have shared your data with, or to be provided with a list specific to You, you can request this by writing to email@example.com.
VI. Storage of your personal data
VII. Sharing your data outside of the EEA
16. In order to provide our Services to you, it is sometimes necessary for us to transfer your data to the third parties outlined in Clause 13 that are based outside of the EEA. In these cases, we ensure that both ourselves and our partners take adequate and appropriate technical, physical and organisational security measures to protect your data. We also try to ensure we have appropriate contractual protections in place with these third parties.
VIII. Processing data of minors
17. We do not knowingly request to collect personal data from any person under the age of 18. If a user submitting personal data is suspected of being younger than 18 years of age, we will require the user to close his or her account and will not allow the user to continue using the Services. We will also take steps to delete the personal data as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent their access to our Services.
IX. Profiling and Automated Decision Making
18. We may use some instances of your data in order to customise our Services and the information we provide to you, and to address your needs – such as your country of address and transaction history. When we do this, we take all necessary measures to ensure that your privacy and security are protected – and we only use pseudonymised data where ever possible.
19. As part of being a highly technical and innovative company, we may use automated decision making in order to improve your experience, or to help fight financial crime. For example, so that we can provide you with a fast and efficient service, we may use automated decision making to verify your identity documents, or to confirm the accuracy of the information you have provided to us.
X. Data Retention
20. As a licensed institution for AML purposes, Fintelum is required by law to store some of your personal and transactional data beyond the closure of your account with us. Your data is only accessed internally on a need to know basis, and it will only be accessed or processed if absolutely necessary.
21. We will always delete data that is no longer required by a relevant law in jurisdiction in which we operate. Data retention periods may vary in different jurisdictions we operate.
XI. Your rights and access to information
22. You have the right to ask us not to contact you for marketing purposes by contacting us at firstname.lastname@example.org, or by adjusting your notification preferences in your account page.
23. You have the right to correct any personal information we hold on you that is inaccurate, incorrect, or outdated.
24. You have the right to ask us to delete your data when it is no longer necessary, or no longer subject to a legal obligation to which Fintelum is subject to.
25. Subject to applicable laws, you have the right to access information we hold about you. Your right of access can be exercised in accordance with the relevant data protection regulations.
26. Our Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility for them. Please check these policies before you submit any personal data to these websites.
28. If you feel that we have not addressed your questions or concerns adequately, you may file a complaint with the Estonian Data Protection Inspectorate.