Dated: October 4, 2021
As used herein, “Digital Asset” means a virtual currency, such as bitcoin or ether, which is based on the cryptographic protocol of a computer network that may be (i) centralized or decentralized, (ii) closed or open-source, and (iii) used as a medium of exchange and/or store of value.
As used herein, “Personal Data” means any information relating to an identified or identifiable natural person, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, economic, cultural or social identity of you as a natural person.
When you access or use the Service or any part thereof, or communicate with us or any of our officers, employees, or agents, whether through written, published or electronic means, the telephone or otherwise, We may collect or receive personal or non-personal information or data about, in connection with, or from you, including, without limitation, through cookies, pixel tags, website and data analytics, and other technologies, in accordance with the Personal Data Protection Act (“PDPA”).
Personal information or data may include, without limitation, your name, contact information, user profile, national identity information, and information about your financial status. Non-personal information or data may include, without limitation, your browser information, internet protocol address, how you use the Service or any part thereof, and aggregated information. We will, as far as possible, inform you at each collection point as to what information is required and what information is optional.
III. WHAT PERSONAL DATA WE COLLECT
We collect, process, and store Personal Data collected from you via your use of the Service or where you have given your consent. This Personal Data may include contact details, copies of identification documentation provided by you or derived from publicly accessible databases, your government identification number as well as information relating to your device or internet service (such as an IP address and a MAC number).
We collect information you provide during the onboarding process, which may be a completed, incomplete, or abandoned process. We collect, use, store, and transfer your Personal Data, which may include the following:
Legal entities and individuals who act as businesses (e.g., sole trader):
We need to collect certain types of information for compliance with legal requirements relating to our anti-fraud, anti-money-laundering, counter-financing-of-terrorism and know-your-customer obligations. If this information is not provided, we may not be able to enter into the business relationship with you and provide our services to you. Your Personal Data may also be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of legal claims. We will not delete Personal Data if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.
IV. COLLECTION AND TRANSFER OF DATA OUTSIDE OF THE EEA
To facilitate the services we provide to customers located in the EEA, you give us your explicit consent for the transfer of Personal Data from the EEA to outside of the EEA. If you are an individual located in the EEA and you decline to consent to such transfer, you will no longer be able to use the Service. You will have the ability to withdraw your digital assets; however, all other functionalities will be disabled.
Such transfers are undertaken in accordance with our legal and regulatory obligations, and appropriate safeguards under Estonian Law will be implemented, such as standard data protection clauses, with data recipients or processors approved by competent authorities. A copy may be requested at [email protected]
V. HOW WE USE YOUR PERSONAL DATA
We use Personal Data to communicate with you and to administer, deliver, improve, and personalize the Service. We might also generate generic data out of any Personal Data we collect and use it for our own purposes. We may also use such data to communicate with you in relation to other products or services offered by us and/or our partners. We do not share your Personal Data with third parties (other than partners in connection with their services to us) except where you have given your consent and further detailed below.
There are certain circumstances where we may transfer your Personal Data to employees, contractors and to other parties:
We may also share your information with certain contractors or service providers. They may process your Personal Data for us, for example, if we use a marketing agency. Other recipients/service providers include advertising agencies, IT specialists, database providers, backup and disaster recovery specialists, email providers or outsourced call centres. Our suppliers and Service providers are required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in relation to the performance of their function;
We may also share your information with certain other third parties. We will do this either when we receive your consent or because we need them to see your information to provide products or Services to you. These include credit reference agencies, anti-fraud databases, screening agencies and other partners we do business with.
In addition to above mentioned circumstances, we share your Personal Data with third parties under the following exceptions:
if we think that sharing it is necessary to enforce our Terms of Service;
to comply with government agencies, including regulators, law enforcement and/or justice departments;
to third parties that we are associated with, its legal successors and when transferring a part of our activity to third parties;
to the assignee of the Service if the rights and obligations to operate the Service are fully or partially assigned to a third party;
if we are defending a legal claim, your information may be transferred as required in relation to defending such claim;
to third parties who provide services to us (such as providers of KYC/AML verification, administrative services, technical services, customer support services, etc.);
to banks, E-money institutions, financial institutions, payment card processors, acquirers, cryptocurrency exchanges, and similar organizations that we are in partnership with or have a contractual relationship with;
in connection with the sale or transfer of our business or any part thereof.
VI. HOW WE STORE YOUR PERSONAL DATA
The data that we collect from you may be transferred to, and stored at, a destination outside of your country. It may also be processed by staff operating outside of Europe who work for us or for one of our suppliers or service providers. By submitting your personal data, you agree to this transfer, storing or processing, except customers located in the EEA, as detailed above. All information you provide to us is stored on our and/or third party cloud servers.
VII. ACCESS, CORRECTION, AND DELETION OF YOUR PERSONAL DATA
You have the right to obtain a copy of your Personal Data upon request and ascertain whether the information we hold about you is accurate and up-to-date. If any of your Personal Data is inaccurate, you may request to update your information. You may also request to delete your Personal Data, with exception that we may refuse your deletion request in certain circumstances, such as compliance with law or legal purposes. For data access, correction, or deletion requests, please contact [email protected] with the subject “DATA INQUIRY”.
In response to data access, correction, or deletion request, we will verify the requesting party’s identity to ensure that he or she is legally entitled to make such a request. While we aim to respond to these requests free of charge, we reserve the right to charge you a reasonable fee should your request be repetitive or onerous.
Customers can opt out from these marketing communications at any moment. If you do not want to receive these communications, please send an email to [email protected]
For product related communications, such as policy/terms updates and operational notifications, you will not be able to opt out of receiving such information.
IX. COOKIE USAGE
While you access the Service, we may use the industry practice of placing a small amount of data that will be saved by your browser (Cookies). This information can be placed on your computer or other devices used to visit pay.limitlex.com and associated websites. This information helps us recognize you as a customer, collect information about your use of the Service to better customize our services and better your experience. We may also use the information collected to ensure compliance with our compliance program, and to ensure your account security has not been compromised by detecting irregular or suspicious account activities.
Most browsers are set up to accept cookies automatically. Some Cookies expire when you finalize the session and other Cookies remain on your computer or other devices until deleted or expired. You have the option to decline the use of our Cookies, but this may affect the functionality of our services or your user experience.
Some cookies are needed to run the website. For example, when you log in, cookies help to recognise you and keep you logged in as you browse the website. We call these strictly necessary cookies.
We also use the following types of cookies:
Functionality/Preference cookies: We use these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
Cloudflare cookies: We use these cookies to maximize network resources, manage traffic, and protect our websites from malicious traffic.
Security cookies: We use security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorized parties.
X. INFORMATION SECURITY
We endeavor to protect the Service and you from unauthorized access, alteration, disclosure, or destruction of Personal Data we collect and store. We take various measures to ensure information security, periodic review of our Personal Data collection, storage, and processing practices; and restricted access to your Personal Data on a need-to-know basis for our employees and contractors who are subject to contractual confidentiality obligations.
XI. CONTACTING US ABOUT PRIVACY QUESTIONS OR CONCERNS
XII. STATUTORY RIGHTS
You have certain rights concerning your Personal Data under Estonian Law, as mentioned below, and can exercise them by contacting us at [email protected]
Access: you are entitled to ask us if we are processing your information and, if we are, you can request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold on you. We process a large quantity of information and can thus request that, before the information is delivered, you specify the information or processing activities to which your request relates.
Correction: you are entitled to request that any incomplete or inaccurate Personal Data we hold about you is corrected.
Erasure: you are entitled to ask us to delete or remove Personal Data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure; for example, where the Personal Data is required for compliance with law or in connection with claims.
Restriction: you are entitled to ask us to suspend the processing of certain parts of your Personal Data; for example, if you want us to establish its accuracy or disclose the reason for processing it.
Transfer: you may request the transfer of a certain part of your Personal Data to another party.
Objection: where we are processing your Personal Data based on a legitimate interest (or that of a third-party) you may challenge this. However, we may be entitled to continue processing your information based on our legitimate interests or where this is relevant to legal claims. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
Automated decisions: you may contest any automated decision made about you where this has a legally or similarly significant effect and ask for it to be reconsidered.
XIII. RETENTION OF PERSONAL DATA
whether there are contractual or legal obligations that exist that require us to retain the data for a certain period of time;
whether there is any ongoing legal or financial claim that relates to your relationship with us;
whether any applicable law, statute or regulation allows for a specific retention period; and
what the expectation for retention was at the time the data was provided to us.
In accordance with our record-keeping obligations, we will retain Account and other Personal Data for at least five years (in some cases up to ten years, as required by applicable law) after an Account is closed.
XIV. THE RIGHT TO WITHDRAW THE CONSENT
XV. THE RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
You have the right to lodge a complaint with a supervisory authority in regard to your data protection. Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Estonian Data Protection Inspectorate at: [email protected]