BestChange platform privacy policy
For the purposes of this Privacy Policy the following definitions shall have the following meanings:
"BestChange Platform" (the "Platform") means, collectively, the following online resources developed and managed by the Operator: (i) Platform's website available online over the Internet via URL www.bestchange.com and (ii) the interactive application for the iOS and/or Android mobile platform(s) available via the official Apple Inc.'s App Store and/or Google's Google Play application store(s) if such application was released by the Operator on the Effective Date of this Privacy Policy.
"Data Processor" means Sum And Substance Ltd., a company duly incorporated and registered in England with company number 09688671, whose registered office is at 30 St. Mary Axe, London, England, EC3A 8BF. Data Proccessor is duly authorized by the Operator as the Data Controller under applicable law to collect and process Your Personal Data.
"Data Protection Officer" (DPO) means the officer employed or engaged by the Platform Operator as the Data Controller, whose contact details are given in the "Contacts" Section hereof.
"Personal Account" means the personalized section of the Platform closed for public access. Personal Account is accessed by entering authentication details on the Platform App login interface (for iOS and Android versions) or login web page (for web-version): login (Username) and password (access code).
"User" means a natural person that registered with the Platform as an Individual User or as a representative of SDO as it is defined in the Terms of Use.
"Platform Operator" means Agretis Software Design LLC, a company duly established and operating under the laws of the Emirate of Dubai, UAE, License No. 1078065, legal address: Office 84, FG-LHEU, Mana bin Khalifa bin Saeed Al Maktoum, Dubai, UAE, PO Box 214950 and its subsidiaries and affiliates.
"Your Data" means, collectively, your Personal Data and Automatically Collected Data.
INTRODUCTION AND GENERAL PROVISIONS
This Privacy Policy governs collection, processing, storing and use of your personally identifiable information (Personal Data) and Automatically Collected Data required for using and/or related to your use of the Platform as it is defined herein, which is developed, provided and operated by the Operator.
This Privacy Policy constitutes a legally binding agreement between the individual accepting this Privacy Policy ("You") and the Operator governing collection, processing, storing and use of Your Data required for you using and/or related to your use of the Platform, and its provisions may be enforced against you under applicable law. Please read and review this Privacy Policy before submitting any Personal Data to or with help of the Platform. By submitting any Personal Data to or with help of the Platform, or otherwise accessing or using the Platform, you acknowledge that you have read, understand and agree to be legally bound by this Privacy Policy without limitation.
This Privacy Policy is subject to change from time to time. Please review this Privacy Policy each time you access and/or use the Platform. By submitting any personal data to or with help of the Platform, or otherwise accessing or using the Platform, you shall be deemed as having accepted the most recent version of this Privacy Policy.
If you do not agree to the terms of collection, processing, storing and use of your Personal Data and/or Automatically Collected Data set forth in this Privacy Policy, you may not submit any Personal Data to or with help of the Platform, or otherwise access or use the Platform in any way.
COLLECTED AND PROCESSED DATA
In certain instances of use of the Platform listed below, you may be requested to provide information that may identify you (your "Personal Data"). Personal Data submitted by you through and with help of the Platform and collected from you via the Platform and/or via a special link to the Data Processor's portal, or otherwise, may include (but are not limited to) the following information:
- date of birth and place of residence;
- passport or other ID details;
- valid e-mail address;
- addresses of Your cryptocurrency wallets;
- Your usernames and addresses in instant messaging services (messengers) such as Whatsapp and Telegram;
- home phone or mobile phone number; and
- other information from which You as an individual may be personally identified that may be required by the Operator and prompted for submitting from time to time via the Platform or by the Data Processor for the purposes of providing the Platform and its functionality to you.
- You acknowledge that the Operator may collect your Personal Data or Personal Data of third parties (for example, when you register a Personal Account on behalf of third parties) in certain instances, including, but not limited to:
- when you register your Personal Account within the Platform;
- when you make purchases such as purchase of paid functionality in the Platform;
- when you contact the Operator or other Users;
- when you otherwise use the functionality of the Platform.
You agree that all Personal Data you provide must and will be correct, truthful, current, and complete. Providing false information about your or third parties' identity is forbidden. If the Operator believes that the Personal Data you provide is not correct, current, or complete, or is false or misleading, the Operator has the right to refuse, suspend or terminate your access to the Platform or any of its resources and to suspend or delete your Personal Account at any time. This provision does not extend to instances when provision by you of Personal Data is not mandatory and you are free to provide any information (for example, when choosing the nickname).
You hereby acknowledge that if you do not want the Operator and/or its designated Personal Data Processor (if and when applicable) to collect, process, store and/or use your Personal Data necessary for the performance of the Terms of Use between You and the Platform Operator, you may not or will not be able to use certain functionality of the Platform, inter alia, paid functionality, or you may be denied registration of your Personal Profile in the Platform.
In addition to your Personal Data, when you download, access, and/or use the Platform the Operator and/or its designated third parties, to the extent permitted under applicable law, such as whenever you interact with Platform the Operator may automatically or passively collect, store and process certain types of information about you, your device(s), and your Internet and Platform use using automatic data collection technologies, including but not limited to first- and third-party cookies, log files, web beacons, pixels and other similar technologies (the "Automatically Collected Data"). This information may include but is not limited to:
- the broad location of your device (e.g. country, state or region level location);
- information about your Internet service provider;
- your device's operating system (including but not limited to information about its programming language and version) and device from which you access and use the Platform, including type and serial number of your mobile device (where applicable), your mobile device ID and call information, device event information (such as crashes, system activity and hardware settings, the date and time of your request and referral URL);
- programming language, type and build of the Internet browser with which you access and use the Platform;
- Internet protocol address from which you access and use the Platform;
- mobile network, mobile operator, country codes and mobile operator prefixes;
- time zone;
- domain name and/or URL address from which you access the Platform;
- use and access log data;
- pages and areas of the Platform that you visited;
- Platform functionality you used;
- the date and time you accessed the Platform;
- information associated with your Apple iTunes or Google Play accounts or any other account used to download and access the Platform;
- information about the web pages you visit from the Platform or before you or after you use the Platform;
- information about your contacts list stored on your device for the purposes of sending invitations to use the Platform to your contacts and checking the use of the Platform by persons in your contacts list (i.e. checking that these persons are already using the Platform);
- information collected by third-party advertisements in the Platform, from third parties providing services to the Operator, and from third parties with whom the Operator advertises, including information from Operator's advertising partners; and
- other information about your device(s), web surfing preferences and interests that is not personally identifiable.
You hereby grant the Operator, all of its affiliates, subsidiaries and designees, including but not limited to the Operator's designated Data Processor Your express consent for collection, use and other processing of all such Automatically Collected Data described above in connection with your use of the Platform under the binding Terms of Use.
Any and all Automatically Collected Data collected and processed by the Operator and/or its designated third parties is used strictly for the purposes of improving the performance or functionally of the Platform, as well as for advertising and marketing purposes, addressing technical support issues, protection of the Users' Personal Accounts from fraud by detecting unauthorized access, providing You with a streamlined and personalized experience. You hereby agree that the Operator and/or its designated third parties are free to disclose any and all such Automatically Collected Data to third parties of their choice, including but not limited to third party advertisers and other parties.
You may withdraw Your Consent for the processing of Automatically Collected Data in part of certain information that is not required for the performance of the Terms of Use or other Associated Documents or for the pursuit of the Platform Operator's legitimate interests as it detailed herein below.
SOCIAL NETWORK DATA AND GEOLOCATION
The Platform utilizes, among others, the technology of Personal Profiles registration via accounts created with third-parties resources and applications (e.g. in social networks). If you choose the option of registering your Personal Profile using your account in a social network but at the same time do not want the Operator to use the details of that account in that social network for Personal Profile registration purposes you may abstain from providing such details, however in this case you may be denied registration of your Personal Profile in the Platform.
The Platform utilizes GPS and other geolocation technologies to determine your current location in order to determine the country and city you are located within and display a location map with relevant content and advertisements within the Platform. If you do not want the Operator to use your location for these purposes, you should turn off the location services for the Platform in your mobile device settings and/or within the Platform.
PRINCIPLES OF PERSONAL DATA PROCESSING
The Operator and/or its designated Data Processor (when and if applicable) collect, process, store and use your Personal Data in accordance with the following general principles:
- your Personal Data is or will be at all times obtained solely from you and from you only, and not from any third party;
- your Personal Data are at all times collected, processed, stored and used lawfully, fairly and in transparent manner;
- your Personal Data are collected, processed, stored and used only in accordance with the purposes of Personal Data processing outlined in this Privacy Policy and Your express consents granted under this Privacy Policy;
- your Personal Data is at all times collected, processed, stored and used separately from anonymous or anonymized data that may be received from you in accordance with this Privacy Policy;
- Your Personal Data is at all times treated confidentially and processed, if and where applicable, only by or with assistance of personnel working with Personal Data that have signed non-disclosure agreements or other legal instruments ensuring confidentiality and security of Your Data;
- Your Personal Data will not be disclosed or transferred to any third party without your express consent to such disclosure or transfer, with the exception of circumstances where such disclosure or transfer is performed under consents given by you in accordance with this Privacy Policy, may be required by government authorities, such as courts or law enforcement agencies, or under law, as discussed further in this Privacy Policy;
- Your Personal Data is processed, stored and used only for the period set forth in this Privacy Policy;
- processing of your Personal Data by third parties, such as the Operator's designated Data Processor (if and where applicable) will at all times be processed with the same level of confidentiality, data security and in strict accordance with the principles and purposes outlined in this Privacy Policy;
- the scope of collected Personal Data does not and will not exceed the scope of purposes for which the Personal Data is collected, processed, stored and used in accordance with this Privacy Policy; and
- you are entitled to access your Personal Data at any time, and your Personal Data may be rectified or erased at any time upon your request in accordance with this Privacy Policy.
PURPOSES OF DATA PROCESSING
The Operator and/or its designated Personal Data Processor (if and where applicable) collect, process, store and use Your Data (including Personal Data) solely for the following purposes:
- registering You as a User of the Platform by registering your Personal Account in the Platform;
- performing biography check procedures known as "Know Your Customer", (KYC);
- performing business background check procedures known as "Know Your Business", (KYB);
- performing transaction history and funds origin check procedures known as "Anti-Money Laundering / Countering Financing Of Terrorism", (AML / CFT);
- audio- or video-interviewing You for clarification of certain information relating to the KYC / KYB / AML / CFT procedures;
- providing to You access to the Platform and its content, including paid or additional functionality of the Platform and support service to resolve any issues or disputes, collect license fees or to troubleshoot problems;
- enforcing Terms of Use, provisions of Associated Documents and other contracts between You and the Operator;
- engaging in marketing activities, including but not limited to sending you and displaying for You promotional and advertising materials or newsletters relating to new functionality and/or services of the Platform, as well as products and services of the Operator and/or its subsidiaries and affiliates and partners, including advertising partners, as well as sending you other information that you requested or agreed to receive;
- personalizing the content and features you access when you use the Platform and choose the relevant preferences;
- improving and upgrading the content and functionality of the Platform;
- tracking Users' demographics, interests, their total number and behaviors;
- providing to You service communications or notifications containing information related to Your Personal Account and to keep You informed about Your Personal Account, relevant security issues, events or updates, authorization status or settings modifications related to the security of Your Personal Account;
- performing statistical studies basing on the Personal Data provided by you and using information obtained from user surveys completed by you for implementation of Your preferences, improvements and enhancements of Your user experience with the Platform, its functionality and services;
- sending you notifications relating to the Platform and your use of the Platform;
- using your Personal Data for Operator's internal business purposes directly relating to the Platform including but not limited to measuring advertising and promotional effectiveness;
- Platform fraud and abuse detection, monitoring and prevention, ensuring network and information security of the Platform, combating spam or other malware or security risks and to comply with applicable security laws and regulations;
- for any other purposes with respect to which You provide Your express consent.
LEGAL GROUNDS FOR PROCESSING YOUR DATA
The Operator and its designated Data Processor rely on legal bases for processing Your Personal Data listed below, as established by the following legal acts (hereinafter collectively the "Personal Data Protection Legislation"):
- (i) the EU General Data Protection Regulation ("GDPR");
- (ii) the UAE Federal Decree Law No. 45 of 2021 on the Personal Data Protection ("PDPL") and accompanying Executive Regulations; and
- (iii) the Dubai International Finance Centre (DIFC) Data Protection Law No. 5 of 2020 ("2020 DPL") and accompanying Data Protection Regulations (the "DPRs").
The applicable legal basis in each instance will depend on Your Personal Data at issue, the specific context in the which it is collected and the purposes for which it is used. Below is a list of how Operator uses Your Personal Data, as described in the Sections above, with the corresponding legal bases for processing.
The Operator and its designated Data Processor generally only process Your Personal Data where:
- processing is necessary to perform the Terms of Use, Associated Documents and any other contracts between Platform Operator and You or to take pre-contractual measures at Your request to entering into contracts, including other contracts with the Platform Operator; or
- Platform Operator and/or the Data Processor have obtained Your consent to do so; or
- processing is in Platform Operator's or in its affiliates' legitimate interests to operate business and not overridden by Your fundamental rights and freedoms; or
- there is legal obligation compelling the Platform Operator to comply with, or processing is required to protect Your vital interests or those of another person.
PERSONAL DATA SHARING AND DISCLOSURE
Notwithstanding that the Operator, its affiliates, subsidiaries and designees, as well as its designated Data Processor (if and when applicable) treat your Personal Data in a strictly confidential manner and do not and will not disclose it to third parties without your prior written consent or not in accordance with your consents granted under this Privacy Policy, the Operator and mentioned parties reserve the right to disclose your Personal Data and, where applicable, the Automatically Collected Data to third parties at their sole discretion and without obtaining your prior consent and without notification to you in the following circumstances and to the following parties:
- as may be required by law and in the public interest, such as to comply with a subpoena, or similar legal process, inter alia, if such disclosure of your Personal Data is required under governmental or legal requests for information, including but not limited to under the request of any governmental authorities, including but not limited to local and international police authorities and courts conducting investigations;
- to the Operator's services providers who work on Platform Operator's behalf (e.g. network infrastructure, cloud storage, payment processing, cybersecurity, document repository services, customer support, internet service providers, data analytics, information technology, marketing), to the extent necessary to perform their tasks and duties in connection with the services they render to the Platform Operator, are not allowed to use Your Personal Data shared to them beyond Platform Operator's instructions, and have agreed to adhere to the data protection rules no less strict than set forth in this Privacy Policy;
- if the Platform Operator is involved in a merger, acquisition, or sale of all or a portion of its assets;
- if you are found to be, or the Platform Operator has reasonable grounds to believe, that you are violating any legal agreement or law relating to Your use of the Platform;
- if such disclosure of your Personal Data is required to fulfill Platform Operator's obligations under applicable law;
- if such disclosure of your Personal Data is required to respond to an emergency that endangers life, health or vital interest of another person; or
- when the Operator believes in good faith that such disclosure is necessary to protect the Operator's rights, protect your safety or the safety of other Users, or investigate fraud or abuse, or if such disclosure of your Personal Data is required otherwise to protect the rights, property or security of third parties, other users of the Platform or the general public in any jurisdiction whatsoever.
Further to the above, the Platform, in order to prevent fraud and the other illegal activities utilizes third-party services that may collect information that can be used to identify You. These third-party service providers may create derivative data based on your Personal Data that can be used in connection with the provision of identity verification services by comparing Personal Data you provide us to public records and other third-party databases. Below are the links to privacy policies of these third-party service providers used by the Platform, including the designated Data Processor:
- Sum + Substance (Data Processor): https://www.sumnsub.com/privacy-policy.
The Platform and the Operator disclose the Automatically Collected Data to the following third parties for advertising, data analytics, and marketing purposes, links to privacy policies of which are listed below:
- Google Analytics: https://policies.google.com/privacy?hl=en-US;
- Yandex.Metrica: https://metrica.yandex.com/about/info/privacy-policy;
- Facebook: https://www.facebook.com/privacy/policy/;
- VK: https://m.vk.com/privacy?api_view=1&lang=en;
- MyTarget: https://target.my.com/help/partners/mob/gdpr_compliant/en;
- TikTok: https://www.tiktok.com/legal/page/row/privacy-policy/en.
PERSONAL DATA OF CHILDREN AND TEENAGERS
Pursuant to the Terms of Use the Platform is intended for use and viewing solely by adult, fully legally capable individuals only. The Operator and/or its designated Data Processor (if applicable) do not knowingly or intentionally collect, process, store, use or disclose Personal Data (including persistent device identifiers) of individuals younger than 18 years of age.
To use the Platform and submit your Personal Data, you must be at least 18 (eighteen) years of age. Any use by you of the Platform shall be deemed to constitute your conformance with this requirement.
By accepting the terms of this Privacy Policy you acknowledge that the Operator may introduce restrictions with respect to accessing adults-only content. In addition, the Operator reserves the right to report attempts of use of the Platform by the minors to the appropriate authorities.
If the Operator has learned or has sufficient grounds to believe that Personal Data is submitted by a minor instead of an adult, the Operator reserves the right to suspend the Personal Account through which the Personal Data was submitted and request provision of an e-mail address of the parent or legal guardian of the submitting person so that the Operator can notify the parent or legal guardian that their child or teen has provided Personal Data through the Platform and provide an opportunity for the parent or legal guardian to request the deletion of that Personal Data from the relevant records. The Operator will contact the parent or legal guardian at the e-mail address provided and the parent or legal guardian will have 48 hours from delivery of the e-mail to advise who exactly submitted the Personal Data. If the parent or legal guardian fails to reply to the query sent to the provided e-mail address, the Operator will assume that the parent or legal guardian has not consented to collection and processing of the minor's Personal Data, after which the related Personal Account will be immediately terminated and the Personal Data in question will be purged from Operator's and/or its designated Data Processor's records.
YOUR CONSENTS TO PROCESSING AND DISCLOSURE OF PERSONAL DATA; USE OF PERSONAL DATA BY THIRD PARTIES
The Operator may from time to time engage third parties to perform certain functions on behalf of the Operator, such as:
- hosting (including but not limited to cloud and server hosting) and/or operating the Platform;
- User verification, KYC / KYB / AML / CFT checks;
- receiving and processing payments of fees made by you via the Platform;
- sending e-mail and instant messaging communications;
- carrying out user behavior analysis;
- creating and sending to You personalized advertising, and performing any other functions.
You hereby grant Your express consent to the Platform Operator and its designated Data Processor to share your Personal Data with such third parties in order for them to perform such functions and to disclose your Personal Data to such parties where and when required.
The Operator may from time to time require sharing your Personal Data with other entities affiliated with the Operator, such as (but not limited to) Operator's subsidiaries and controlling or controlled entities for internal business and operational purposes. You hereby grant your express consent to the Operator to share and disclose your Personal Data with such entities affiliated with the Operator and to disclose your Personal Data to such entities where and when required to perform the Terms of Use, this Privacy Policy and other Associated Documents between You and the Operator or meet the legitimate interests of the Operator.
The Operator, where and when applicable or desirable in relation to the performance of Operator's rights and obligations under the Terms of Use or other Associated Documents, may engage third parties, such as the Operator's designated Data Processor, to collect and process your Personal Data on Operator's behalf. You hereby acknowledge and agree that the Operator may share your Personal Data with such designated contractors, including but not limited to the Personal Data Processor where and when required or desirable, and that Your Personal Data may be initially collected and processed by that designated Data Processor as authorized by the Platform Operator as the Data Controller under the Personal Data Protection Legislation, whichever is applicable.
In certain instances, your Personal Data may be processed by Operator or parties designated by the Operator, such as payment services providers, to perform your payments made or received with help of the Platform, including but not limited to fees for use of the Platform. You hereby acknowledge that the Operator will process any Personal Data that may be received from you during such transactions, and share your Personal Data with third parties such as payment services providers and banks in order for them to be able to process your payment orders.
ADVERTISING AND SURVEYS
The Operator, Operator's advertising partners or third party advertisers may use Your Personal Data for sending you notifications and other informational and promotional materials about the new functionality and content available via the Platform or other services and products (including new services and products of the Operator or its affiliates), and the Platform may display online advertisements. You hereby grant your express consent to receive such informational and advertising materials and to use of Your Data for these purposes, and to use of Your Data for providing you personalized advertising. Your Data address will not be used for sending you unsolicited advertising messages ("spam").
The Operator may, from time to time, conduct Platform surveys with voluntary participation required to improve and enhance your user experience with the Platform, with its functionality and services. You hereby grant your express consent to receive offers of participating in such surveys. If and to the extent you participate in such surveys, you hereby grant the Operator your express consent to processing of your Personal Data that you may be required to submit when completing such surveys.
You have the right to refuse to receive information and advertising notifications and materials, to participate in surveys by sending an appropriate notification to e-mail info@bestchange.com or modifying settings of Your Personal Account or referring to a special link texted as "unsubscribe" or any other similar link in any such notifications and materials or by any other actions explicitly stated in the text of notifications and materials
DATA SECURITY
The Operator and Operator's designated Data Processor (when and if applicable) use commercially reasonable technical, organizational and administrative measures to ensure protection and security of your Personal Data. The Platform and the servers hosting the Platform, as well as servers of the Operator's designated Data Processor (when and if applicable) utilize certain electronic security measures designed to protect against the loss, misuse, and alteration of the information under Operator's and/or Operator's designated contractor's performing Personal Data processing (when and if applicable) control, including Personal Data, which measures fully correspond to requirements set forth under applicable law and best practices. As an example, all Personal Data after its collection is by design irrevocably hashed for the purposes of prevention of its potential decryption in the case of a hacker attack. However, you acknowledge and agree that no electronic data transmission or storage of information can be guaranteed to be fully secure, and while the Operator and Operator's designated Data Processor (when and if applicable) perform and will continue to perform the discussed measures to ensure protection and security of Platform-related network and systems and safety of your Personal Data, the Operator and Operator's designated Data Processor (when and if applicable) cannot and do not guarantee that security measures implemented in the Platform will prevent third-party hackers or other malefactors from illegally obtaining information about you, including your Personal Data.
The Operator does not guarantee that loss, misuse, unauthorized acquisition, or alteration of your Personal Data will not occur. By accepting this Privacy Policy, You recognize Your vital role in protecting Your Data. You acknowledge that when creating Personal Account with the Platform, it is important to choose a password of sufficient length and complexity. You further acknowledge to not reveal this password to any third-parties or any other credentials that are used by You to access Your Personal Account with the Platform, and to immediately notify the Operator if You become aware of any unauthorized access to or use of Your Account or Your Data breach.
Furthermore, the Operator cannot ensure or warrant the security or confidentiality of information You transmit to or receive from the Operator by Internet, fixed or wireless connection, including email, phone, or SMS, since the Operator has no way of protecting information once it leaves and until it reaches the Operator. If you have reason to believe that your data is no longer secure, please contact our DPO using the contact information provided in "Contacts" section herein below.
COOKIE POLICY
The technologies used in relation to the Platform may include cookie files. A "cookie" is a small data file that can be sent to and placed on or in your computer's or mobile device's hard drive and/or memory, whichever is applicable, when you access and use the Platform. The Operator may deploy cookie files to collect, store, and sometimes track information for statistical purposes to improve the Platform and the functionality and services it offers, as well as to store user preferences, to record session information, to record user-specific information on what pages you access or visit, to record past activity in the Platform to provide improved functionality when you return to the Platform, to ensure that you are not repeatedly sent the same advertising or notifications, and to collect other information that you send or that may be required for maintenance, improvement and enhancement of the Platform. The Operator may also deploy "web beacons" and similar technology to assist with delivery of the cookie to your computer or mobile device. Besides cookie files that are only used during a session and deleted after your visit of the website ("Session Cookies"), we may use cookies in order to save user configurations and other information for a certain time period not exceeding 10 (Ten) years ("Permanent Cookies"). You hereby expressly consent to the Operator placing the cookies on your computer's or other computing or mobile device's memory for the purposes set forth in this Section, including but not limited to Platform maintenance and improvement, and accessing and using certain functionality and services of the Platform. You can enable or disable categories of cookies, except strictly necessary cookies, by visiting our Cookie Consent Form, including both first party and third party cookies.
Notwithstanding the foregoing, you may configure your browser settings in a way that it rejects cookies, only saves them for one session or deletes them prematurely. Please note that blocking or rejecting cookies on your computer or other device may prohibit you from accessing and/or using certain functionality or services available in the Platform and/or impair Platform's functionality.
Some Internet browsers like Internet Explorer, Firefox, and Safari include the ability to transmit "Do Not Track" or "DNT" signals. Since uniform standards for "DNT" signals have not been adopted, Platfom's websites do not currently process or respond to "DNT" signals.
Additional information about the use of cookies and similar technologies, in particular the types of cookies used, each cookie's purpose and retention period, provider are contained in the Cookie Policy.
THIRD-PARTY WEBSITES
The Platform may contain hyperlinks to other websites or other Internet resources that are not maintained by, or related to, the Operator or its affiliates. It is your responsibility to review the privacy policies of those websites. This Privacy Policy applies only to the Platform.
RETENTION AND DELETING PERSONAL DATA
Your Personal Data is processed and stored by the Operator and/or its designated Data Processor (when and if applicable) for the total period required for providing you access to the Platform and the ability to use the Platform, namely throughout the life of Your Personal Account, providing you with notifications and sending you promotional materials, and using your Personal Data for other purposes set forth in this Privacy Policy but for no longer than 3 (Three) years as of termination of your use of the Platform for any reason, if you do not request the Personal Data to be deleted before the end of that term in accordance with this Section. If you decide to terminate your Personal Account within the Platform, the above term will apply to storage of Your Data and Your Data (both Personal Data and Automatically Collected Data) will remain in Operator's archives for that period subject to longer periods of mandatory data retention requirements established by applicable law.
The Operator is under no obligation to store your Personal Data indefinitely and hereby disclaims any liability arising out of, or related to, destruction of such Personal Data.
The Operator will only retain Your Personal Data for as long as necessary for the initial purposes and for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. While retention requirements vary by jurisdiction, information about typical retention periods for different aspects of Your Personal Data are described below:
- contact information such as your name, email address and telephone number for marketing purposes is retained on an ongoing basis until you delete Your Personal Account. Thereafter your contact information will be added to the suppression list to ensure we do not inadvertently market to You;
- information collected via technical means such as cookies, webpage counters and other analytics tools is kept for a period set in the Cookie Policy.
YOUR PRIVACY RIGHTS AND CHOICES
Under applicable law you may be able to enjoy certain rights related to Your Personal Data identified below. If any of the rights listed below are not provided under the law of Your residence, the Operator will provide You with the rights guaranteed by the GDPR. All Your requests shall be responded within 1 (one) calendar month.
You are always entitled to request information about any of Your Data that the Operator has stored, as well as their origin and recipients and the purpose it was collected, stored and processed for. Although, Your information rights and access to Personal Data are not absolute. Depending upon the applicable law, exercise of your rights under the applicable law may be denied or restricted:
- when denial of access is required or authorized by law;
- when granting access would have an adverse impact on another's privacy;
- to protect Operator's rights and properties;
- where the request is frivolous or vexatious, or for other reasons.
Access and portability. You may request that the Operator provide you a copy of your Personal Data. This information will be provided without undue delay (subject to a potential fee associated with gathering of the information in case of manifestly unfounded or excessive requests), unless such provision adversely affects the rights and freedoms of others. In certain circumstances, You may request to receive your Personal Data in a structured, commonly used and machine-readable format, and to have the Operator transfer Your Personal Data directly to another data controller.
Rectification of incomplete or inaccurate personal data. You may request the Operator to rectify or update any of Your Personal Data held by the Operator that is inaccurate or incomplete. You may do this at any time by logging in to Your Personal Account and filling the relevant forms in the "Settings" tab.
Erasure. You can stop all collection of Your Data by the Platform by uninstalling the Platform interactive application and by discontinuing usage of the Platform. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network. Hereby You acknowledge that deinstallation of the Platfrom from your Device does not lead to erasure of Your previously collected Personal Data. To erase the Personal Data collected in the period before the deletion of the Platform application, you must submit request to delete Your Personal Account. You may request to erase Your Personal Data using Platform's interface and functionality. Alternatively, You can also request to delete Your Personal Account via email listing@bestchange.com. If you delete your Personal Account on the Platform, your Personal Data will not be used by the Operator for any further purposes, nor shared with third parties, except as necessary to prevent fraud and assist law enforcement agencies, as required by law or for the establishment, exercise or defense of legal claims. Notwithstanding your request for erasure, You hereby acknowledge that the Operator will store your Data, including your request for deletion, to the extent necessary to comply with applicable mandatory data retention laws for the period of time established by applicable law.
Consent withdrawal. To the extent the processing of your Personal Data is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of processing based on consent before your withdrawal.
Restriction of processing. Applicable law entitles You to restrict or object to the Operator processing or transferring your Personal Data under certain circumstances. Operator may continue to process your Personal Data if it is necessary for the defense of legal claims, or for any other derogations permitted by applicable law.
Automated individual decision-making, including profiling. Operator relies on automated tools to help assess whether a SDO's Personal Account presents a fraud or legal risks. Any ultimate decisions affecting Users or producing any legal effects are taken with human intervention only.
Marketing communications. You can opt-out of receiving marketing communications from the Operator. Direct marketing includes any communications to you that are only based on advertising or promoting our products and services. Operator will only contact you by electronic means (e-mail, push-notifications in applications) based on your consent. If you do not want to receive marketing communications, please refer to your Personal Account Settings to opt-out or submit a request via e-mail.
You can make protection rights requests relating to your Personal Data by going to your Personal Account settings or, if you cannot access it, by contacting the Operator email. Your Personal Account Settings also allow you to set your communication preferences and make individual rights requests relating to your Personal Data. Operator strongly encourage you to submit any individual rights requests through Your Personal Account because it ensures that you have been authenticated already (based on the information you have provided to open your Personal Account and by providing the necessary login credentials). Otherwise, when the Operator receives an individual rights request via other intake methods, it will take steps to verify your identity before complying with the request to protect your privacy and security.
GOVERNING LAW; JURISDICTIONS
Except where prohibited by applicable law or provided otherwise herein, this Privacy Policy shall be governed by the laws of the Emirate of Dubai on a local level and the laws of the United Arab Emirates on a federal level. Accordingly, this Privacy Policy is intended to comply with applicable laws and regulations of the Emirate of Dubai and the United Arab Emirates, as well as the European Union and its constituting members-states. You understand and agree that other countries may have laws, regulatory requirements and business practices regarding Personal Data that differ from those established in the EEA. Nothing in this Policy shall be construed as undermining your rights under privacy and personal data protection laws of your abode.
OVERSEAS DATA TRANSFER; STORING DATA IN CERTAIN JURISDICTIONS
The processing and storage of Your Personal Data takes place in the United Kingdom, being the location of the Data Processor. However, in the context of the Operator's business activities and in line with the purposes of the data processing set out in this Privacy Policy, the Operator and/or its designated Data Processor may transfer Your Personal Data to third parties located outside of the United Kingdom, such as companies affiliated with the Data Processor. These parties may be located in European Union and European Economic Area or located in any country for which the European Commission adequacy decision was taken. In particular, You agree that your Personal Data may be transmitted to any country in which the Operator is represented by affiliates, branches or other offices as well as to other countries in the European Union, European Economic Area, the United States of America, Canada, the countries of the A-PAC region and every other country where Operator's affiliates and/or service providers are located. In cases of cross-border transfer of Your Data outside of the EEA, the Operator will take all appropriate safeguards including legally binding contracts with all recipients of personal data to ensure the protection of Your Data and enforcement of Your rights.
In addition to the above you acknowledge that, if the laws of your jurisdiction establish the requirement for storing Personal Data of its citizens within the territory of that jurisdiction, the Operator must conform to that requirement and will store Your Personal Data on servers located within the territory of that jurisdiction.
CHANGE OF OWNERSHIP
The disclosure to, and use by, a subsequent owner or operator of the Platform, of any information about you, including your Personal Data provided to the Operator in accordance with this Privacy Policy, in case the Operator assigns its rights and obligations regarding such information in connection with a merger, acquisition, or sale of all or some of the Operator's assets, or in connection with a merger, acquisition or sale of all or some assets related to the Platform, to a subsequent owner or operator are within the legitimate interest of the Operator. In the event of such a merger, acquisition, or sale, your continued use of the Platform signifies your agreement to be legally bound by the privacy policy of the Platform subsequent owner or operator, which policy may differ from this Privacy Policy. This provision shall remain in full force and effect notwithstanding any termination of your use of the Platform
CHANGES TO PRIVACY POLICY
To the fullest extent permitted under applicable law, the Operator reserves the right to modify, update, supplement, revise or otherwise change this Privacy Policy in order to comply with applicable new legislation and/or regulations and/or to improve the Platform, and to impose new or additional rules, policies, terms or conditions in relation to the Platform, collection, processing and storing Personal Data from time to time with or without notice to you. In addition, there may appear from time to time new, unanticipated uses of information collected through the Platform that were not previously governed by this Privacy Policy. The Operator may notify you of the amendments to this Privacy Policy by sending an email message to the email address provided during registration of your Personal Account and/or by posting the notice on the Platform. All amendments to this Privacy Policy will be effective immediately and incorporated into the Privacy Policy upon sending and/or posting of such notice. You are responsible for regularly reviewing this Privacy Policy. Your use of the Platform or any part thereof after any changes to this Privacy Policy are posted on the Platform or otherwise made available for review will be considered your acceptance of those changes and will constitute your agreement to be legally bound thereby. If you object to any such changes, your sole recourse to deny further processing of Your Personal Data will be to delete the Platform from your device and to delete your Personal Account, and request immediate erasure of your Personal Data via the e-mail address provided in the "Contacts" section hereof.
CONTACTS
If you have any comments or questions about this Privacy Policy or data protection, or if you wish to access, request data portability, correct, block or delete your Personal Account or any of your Personal Data, or if you would like, at any time, to revoke your granted consents regarding the use of Your Data, please contact the Operator using the following contact details:
For questions regarding the Privacy Policy and Personal Data processing: info@bestchange.com
To request update or deletion of your Personal Data: info@bestchange.com
In the UAE, the relevant data protection authority is Data Office.