"Data Processor" means Sum And Substance Ltd., a company duly incorporated and registered in England with company number 09688671, whose registered office is at 30 St. Mary Axe, London, England, EC3A 8BF. Data Proccessor is duly authorized by the Operator as the Data Controller under applicable law to collect and process Your Personal Data.
"Data Protection Officer" (DPO) means the officer employed or engaged by the Platform Operator as the Data Controller, whose contact details are given in the "Contacts" Section hereof.
"Personal Account" means the personalized section of the Platform closed for public access. Personal Account is accessed by entering authentication details on the Platform App login interface (for iOS and Android versions) or login web page (for web-version): login (Username) and password (access code).
"Platform Operator" means Agretis Software Design LLC, a company duly established and operating under the laws of the Emirate of Dubai, UAE, License No. 1078065, legal address: Office 84, FG-LHEU, Mana bin Khalifa bin Saeed Al Maktoum, Dubai, UAE, PO Box 214950 and its subsidiaries and affiliates.
"Your Data" means, collectively, your Personal Data and Automatically Collected Data.
INTRODUCTION AND GENERAL PROVISIONS
COLLECTED AND PROCESSED DATA
In certain instances of use of the Platform listed below, you may be requested to provide information that may identify you (your "Personal Data"). Personal Data submitted by you through and with help of the Platform and collected from you via the Platform and/or via a special link to the Data Processor's portal, or otherwise, may include (but are not limited to) the following information:
- date of birth and place of residence;
- passport or other ID details;
- valid e-mail address;
- addresses of Your cryptocurrency wallets;
- Your usernames and addresses in instant messaging services (messengers) such as Whatsapp and Telegram;
- home phone or mobile phone number; and
- other information from which You as an individual may be personally identified that may be required by the Operator and prompted for submitting from time to time via the Platform or by the Data Processor for the purposes of providing the Platform and its functionality to you.
- You acknowledge that the Operator may collect your Personal Data or Personal Data of third parties (for example, when you register a Personal Account on behalf of third parties) in certain instances, including, but not limited to:
- when you register your Personal Account within the Platform;
- when you make purchases such as purchase of paid functionality in the Platform;
- when you contact the Operator or other Users;
- when you otherwise use the functionality of the Platform.
You agree that all Personal Data you provide must and will be correct, truthful, current, and complete. Providing false information about your or third parties' identity is forbidden. If the Operator believes that the Personal Data you provide is not correct, current, or complete, or is false or misleading, the Operator has the right to refuse, suspend or terminate your access to the Platform or any of its resources and to suspend or delete your Personal Account at any time. This provision does not extend to instances when provision by you of Personal Data is not mandatory and you are free to provide any information (for example, when choosing the nickname).
In addition to your Personal Data, when you download, access, and/or use the Platform the Operator and/or its designated third parties, to the extent permitted under applicable law, such as whenever you interact with Platform the Operator may automatically or passively collect, store and process certain types of information about you, your device(s), and your Internet and Platform use using automatic data collection technologies, including but not limited to first- and third-party cookies, log files, web beacons, pixels and other similar technologies (the "Automatically Collected Data"). This information may include but is not limited to:
- the broad location of your device (e.g. country, state or region level location);
- information about your Internet service provider;
- your device's operating system (including but not limited to information about its programming language and version) and device from which you access and use the Platform, including type and serial number of your mobile device (where applicable), your mobile device ID and call information, device event information (such as crashes, system activity and hardware settings, the date and time of your request and referral URL);
- programming language, type and build of the Internet browser with which you access and use the Platform;
- Internet protocol address from which you access and use the Platform;
- mobile network, mobile operator, country codes and mobile operator prefixes;
- time zone;
- domain name and/or URL address from which you access the Platform;
- use and access log data;
- pages and areas of the Platform that you visited;
- Platform functionality you used;
- the date and time you accessed the Platform;
- information associated with your Apple iTunes or Google Play accounts or any other account used to download and access the Platform;
- information about the web pages you visit from the Platform or before you or after you use the Platform;
- information about your contacts list stored on your device for the purposes of sending invitations to use the Platform to your contacts and checking the use of the Platform by persons in your contacts list (i.e. checking that these persons are already using the Platform);
- information collected by third-party advertisements in the Platform, from third parties providing services to the Operator, and from third parties with whom the Operator advertises, including information from Operator's advertising partners; and
- other information about your device(s), web surfing preferences and interests that is not personally identifiable.
Any and all Automatically Collected Data collected and processed by the Operator and/or its designated third parties is used strictly for the purposes of improving the performance or functionally of the Platform, as well as for advertising and marketing purposes, addressing technical support issues, protection of the Users' Personal Accounts from fraud by detecting unauthorized access, providing You with a streamlined and personalized experience. You hereby agree that the Operator and/or its designated third parties are free to disclose any and all such Automatically Collected Data to third parties of their choice, including but not limited to third party advertisers and other parties.
SOCIAL NETWORK DATA AND GEOLOCATION
The Platform utilizes, among others, the technology of Personal Profiles registration via accounts created with third-parties resources and applications (e.g. in social networks). If you choose the option of registering your Personal Profile using your account in a social network but at the same time do not want the Operator to use the details of that account in that social network for Personal Profile registration purposes you may abstain from providing such details, however in this case you may be denied registration of your Personal Profile in the Platform.
The Platform utilizes GPS and other geolocation technologies to determine your current location in order to determine the country and city you are located within and display a location map with relevant content and advertisements within the Platform. If you do not want the Operator to use your location for these purposes, you should turn off the location services for the Platform in your mobile device settings and/or within the Platform.
PRINCIPLES OF PERSONAL DATA PROCESSING
The Operator and/or its designated Data Processor (when and if applicable) collect, process, store and use your Personal Data in accordance with the following general principles:
- your Personal Data is or will be at all times obtained solely from you and from you only, and not from any third party;
- your Personal Data are at all times collected, processed, stored and used lawfully, fairly and in transparent manner;
- Your Personal Data is at all times treated confidentially and processed, if and where applicable, only by or with assistance of personnel working with Personal Data that have signed non-disclosure agreements or other legal instruments ensuring confidentiality and security of Your Data;
PURPOSES OF DATA PROCESSING
The Operator and/or its designated Personal Data Processor (if and where applicable) collect, process, store and use Your Data (including Personal Data) solely for the following purposes:
- registering You as a User of the Platform by registering your Personal Account in the Platform;
- performing biography check procedures known as "Know Your Customer", (KYC);
- performing business background check procedures known as "Know Your Business", (KYB);
- performing transaction history and funds origin check procedures known as "Anti-Money Laundering / Countering Financing Of Terrorism", (AML / CFT);
- audio- or video-interviewing You for clarification of certain information relating to the KYC / KYB / AML / CFT procedures;
- providing to You access to the Platform and its content, including paid or additional functionality of the Platform and support service to resolve any issues or disputes, collect license fees or to troubleshoot problems;
- engaging in marketing activities, including but not limited to sending you and displaying for You promotional and advertising materials or newsletters relating to new functionality and/or services of the Platform, as well as products and services of the Operator and/or its subsidiaries and affiliates and partners, including advertising partners, as well as sending you other information that you requested or agreed to receive;
- personalizing the content and features you access when you use the Platform and choose the relevant preferences;
- improving and upgrading the content and functionality of the Platform;
- tracking Users' demographics, interests, their total number and behaviors;
- providing to You service communications or notifications containing information related to Your Personal Account and to keep You informed about Your Personal Account, relevant security issues, events or updates, authorization status or settings modifications related to the security of Your Personal Account;
- performing statistical studies basing on the Personal Data provided by you and using information obtained from user surveys completed by you for implementation of Your preferences, improvements and enhancements of Your user experience with the Platform, its functionality and services;
- sending you notifications relating to the Platform and your use of the Platform;
- using your Personal Data for Operator's internal business purposes directly relating to the Platform including but not limited to measuring advertising and promotional effectiveness;
- Platform fraud and abuse detection, monitoring and prevention, ensuring network and information security of the Platform, combating spam or other malware or security risks and to comply with applicable security laws and regulations;
- for any other purposes with respect to which You provide Your express consent.
LEGAL GROUNDS FOR PROCESSING YOUR DATA
The Operator and its designated Data Processor rely on legal bases for processing Your Personal Data listed below, as established by the following legal acts (hereinafter collectively the "Personal Data Protection Legislation"):
- (i) the EU General Data Protection Regulation ("GDPR");
- (ii) the UAE Federal Decree Law No. 45 of 2021 on the Personal Data Protection ("PDPL") and accompanying Executive Regulations; and
- (iii) the Dubai International Finance Centre (DIFC) Data Protection Law No. 5 of 2020 ("2020 DPL") and accompanying Data Protection Regulations (the "DPRs").
The applicable legal basis in each instance will depend on Your Personal Data at issue, the specific context in the which it is collected and the purposes for which it is used. Below is a list of how Operator uses Your Personal Data, as described in the Sections above, with the corresponding legal bases for processing.
The Operator and its designated Data Processor generally only process Your Personal Data where:
- Platform Operator and/or the Data Processor have obtained Your consent to do so; or
- processing is in Platform Operator's or in its affiliates' legitimate interests to operate business and not overridden by Your fundamental rights and freedoms; or
- there is legal obligation compelling the Platform Operator to comply with, or processing is required to protect Your vital interests or those of another person.
PERSONAL DATA SHARING AND DISCLOSURE
- as may be required by law and in the public interest, such as to comply with a subpoena, or similar legal process, inter alia, if such disclosure of your Personal Data is required under governmental or legal requests for information, including but not limited to under the request of any governmental authorities, including but not limited to local and international police authorities and courts conducting investigations;
- if the Platform Operator is involved in a merger, acquisition, or sale of all or a portion of its assets;
- if you are found to be, or the Platform Operator has reasonable grounds to believe, that you are violating any legal agreement or law relating to Your use of the Platform;
- if such disclosure of your Personal Data is required to fulfill Platform Operator's obligations under applicable law;
- if such disclosure of your Personal Data is required to respond to an emergency that endangers life, health or vital interest of another person; or
- when the Operator believes in good faith that such disclosure is necessary to protect the Operator's rights, protect your safety or the safety of other Users, or investigate fraud or abuse, or if such disclosure of your Personal Data is required otherwise to protect the rights, property or security of third parties, other users of the Platform or the general public in any jurisdiction whatsoever.
Further to the above, the Platform, in order to prevent fraud and the other illegal activities utilizes third-party services that may collect information that can be used to identify You. These third-party service providers may create derivative data based on your Personal Data that can be used in connection with the provision of identity verification services by comparing Personal Data you provide us to public records and other third-party databases. Below are the links to privacy policies of these third-party service providers used by the Platform, including the designated Data Processor:
- Sum + Substance (Data Processor): https://www.sumnsub.com/privacy-policy.
The Platform and the Operator disclose the Automatically Collected Data to the following third parties for advertising, data analytics, and marketing purposes, links to privacy policies of which are listed below:
- Google Analytics: https://policies.google.com/privacy?hl=en-US;
- Yandex.Metrica: https://metrica.yandex.com/about/info/privacy-policy;
- Facebook: https://www.facebook.com/privacy/policy/;
- VK: https://m.vk.com/privacy?api_view=1&lang=en;
- MyTarget: https://target.my.com/help/partners/mob/gdpr_compliant/en;
- TikTok: https://www.tiktok.com/legal/page/row/privacy-policy/en.
PERSONAL DATA OF CHILDREN AND TEENAGERS
To use the Platform and submit your Personal Data, you must be at least 18 (eighteen) years of age. Any use by you of the Platform shall be deemed to constitute your conformance with this requirement.
If the Operator has learned or has sufficient grounds to believe that Personal Data is submitted by a minor instead of an adult, the Operator reserves the right to suspend the Personal Account through which the Personal Data was submitted and request provision of an e-mail address of the parent or legal guardian of the submitting person so that the Operator can notify the parent or legal guardian that their child or teen has provided Personal Data through the Platform and provide an opportunity for the parent or legal guardian to request the deletion of that Personal Data from the relevant records. The Operator will contact the parent or legal guardian at the e-mail address provided and the parent or legal guardian will have 48 hours from delivery of the e-mail to advise who exactly submitted the Personal Data. If the parent or legal guardian fails to reply to the query sent to the provided e-mail address, the Operator will assume that the parent or legal guardian has not consented to collection and processing of the minor's Personal Data, after which the related Personal Account will be immediately terminated and the Personal Data in question will be purged from Operator's and/or its designated Data Processor's records.
YOUR CONSENTS TO PROCESSING AND DISCLOSURE OF PERSONAL DATA; USE OF PERSONAL DATA BY THIRD PARTIES
The Operator may from time to time engage third parties to perform certain functions on behalf of the Operator, such as:
- hosting (including but not limited to cloud and server hosting) and/or operating the Platform;
- User verification, KYC / KYB / AML / CFT checks;
- receiving and processing payments of fees made by you via the Platform;
- sending e-mail and instant messaging communications;
- carrying out user behavior analysis;
- creating and sending to You personalized advertising, and performing any other functions.
You hereby grant Your express consent to the Platform Operator and its designated Data Processor to share your Personal Data with such third parties in order for them to perform such functions and to disclose your Personal Data to such parties where and when required.
In certain instances, your Personal Data may be processed by Operator or parties designated by the Operator, such as payment services providers, to perform your payments made or received with help of the Platform, including but not limited to fees for use of the Platform. You hereby acknowledge that the Operator will process any Personal Data that may be received from you during such transactions, and share your Personal Data with third parties such as payment services providers and banks in order for them to be able to process your payment orders.
ADVERTISING AND SURVEYS
The Operator, Operator's advertising partners or third party advertisers may use Your Personal Data for sending you notifications and other informational and promotional materials about the new functionality and content available via the Platform or other services and products (including new services and products of the Operator or its affiliates), and the Platform may display online advertisements. You hereby grant your express consent to receive such informational and advertising materials and to use of Your Data for these purposes, and to use of Your Data for providing you personalized advertising. Your Data address will not be used for sending you unsolicited advertising messages ("spam").
The Operator may, from time to time, conduct Platform surveys with voluntary participation required to improve and enhance your user experience with the Platform, with its functionality and services. You hereby grant your express consent to receive offers of participating in such surveys. If and to the extent you participate in such surveys, you hereby grant the Operator your express consent to processing of your Personal Data that you may be required to submit when completing such surveys.
You have the right to refuse to receive information and advertising notifications and materials, to participate in surveys by sending an appropriate notification to e-mail email@example.com or modifying settings of Your Personal Account or referring to a special link texted as "unsubscribe" or any other similar link in any such notifications and materials or by any other actions explicitly stated in the text of notifications and materials
The Operator and Operator's designated Data Processor (when and if applicable) use commercially reasonable technical, organizational and administrative measures to ensure protection and security of your Personal Data. The Platform and the servers hosting the Platform, as well as servers of the Operator's designated Data Processor (when and if applicable) utilize certain electronic security measures designed to protect against the loss, misuse, and alteration of the information under Operator's and/or Operator's designated contractor's performing Personal Data processing (when and if applicable) control, including Personal Data, which measures fully correspond to requirements set forth under applicable law and best practices. As an example, all Personal Data after its collection is by design irrevocably hashed for the purposes of prevention of its potential decryption in the case of a hacker attack. However, you acknowledge and agree that no electronic data transmission or storage of information can be guaranteed to be fully secure, and while the Operator and Operator's designated Data Processor (when and if applicable) perform and will continue to perform the discussed measures to ensure protection and security of Platform-related network and systems and safety of your Personal Data, the Operator and Operator's designated Data Processor (when and if applicable) cannot and do not guarantee that security measures implemented in the Platform will prevent third-party hackers or other malefactors from illegally obtaining information about you, including your Personal Data.
Furthermore, the Operator cannot ensure or warrant the security or confidentiality of information You transmit to or receive from the Operator by Internet, fixed or wireless connection, including email, phone, or SMS, since the Operator has no way of protecting information once it leaves and until it reaches the Operator. If you have reason to believe that your data is no longer secure, please contact our DPO using the contact information provided in "Contacts" section herein below.
Notwithstanding the foregoing, you may configure your browser settings in a way that it rejects cookies, only saves them for one session or deletes them prematurely. Please note that blocking or rejecting cookies on your computer or other device may prohibit you from accessing and/or using certain functionality or services available in the Platform and/or impair Platform's functionality.
Some Internet browsers – like Internet Explorer, Firefox, and Safari – include the ability to transmit "Do Not Track" or "DNT" signals. Since uniform standards for "DNT" signals have not been adopted, Platfom's websites do not currently process or respond to "DNT" signals.
RETENTION AND DELETING PERSONAL DATA
The Operator is under no obligation to store your Personal Data indefinitely and hereby disclaims any liability arising out of, or related to, destruction of such Personal Data.
The Operator will only retain Your Personal Data for as long as necessary for the initial purposes and for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. While retention requirements vary by jurisdiction, information about typical retention periods for different aspects of Your Personal Data are described below:
- contact information such as your name, email address and telephone number for marketing purposes is retained on an ongoing basis until you delete Your Personal Account. Thereafter your contact information will be added to the suppression list to ensure we do not inadvertently market to You;
YOUR PRIVACY RIGHTS AND CHOICES
Under applicable law you may be able to enjoy certain rights related to Your Personal Data identified below. If any of the rights listed below are not provided under the law of Your residence, the Operator will provide You with the rights guaranteed by the GDPR. All Your requests shall be responded within 1 (one) calendar month.
You are always entitled to request information about any of Your Data that the Operator has stored, as well as their origin and recipients and the purpose it was collected, stored and processed for. Although, Your information rights and access to Personal Data are not absolute. Depending upon the applicable law, exercise of your rights under the applicable law may be denied or restricted:
- when denial of access is required or authorized by law;
- when granting access would have an adverse impact on another's privacy;
- to protect Operator's rights and properties;
- where the request is frivolous or vexatious, or for other reasons.
Access and portability. You may request that the Operator provide you a copy of your Personal Data. This information will be provided without undue delay (subject to a potential fee associated with gathering of the information in case of manifestly unfounded or excessive requests), unless such provision adversely affects the rights and freedoms of others. In certain circumstances, You may request to receive your Personal Data in a structured, commonly used and machine-readable format, and to have the Operator transfer Your Personal Data directly to another data controller.
Rectification of incomplete or inaccurate personal data. You may request the Operator to rectify or update any of Your Personal Data held by the Operator that is inaccurate or incomplete. You may do this at any time by logging in to Your Personal Account and filling the relevant forms in the "Settings" tab.
Erasure. You can stop all collection of Your Data by the Platform by uninstalling the Platform interactive application and by discontinuing usage of the Platform. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network. Hereby You acknowledge that deinstallation of the Platfrom from your Device does not lead to erasure of Your previously collected Personal Data. To erase the Personal Data collected in the period before the deletion of the Platform application, you must submit request to delete Your Personal Account. You may request to erase Your Personal Data using Platform's interface and functionality. Alternatively, You can also request to delete Your Personal Account via email firstname.lastname@example.org. If you delete your Personal Account on the Platform, your Personal Data will not be used by the Operator for any further purposes, nor shared with third parties, except as necessary to prevent fraud and assist law enforcement agencies, as required by law or for the establishment, exercise or defense of legal claims. Notwithstanding your request for erasure, You hereby acknowledge that the Operator will store your Data, including your request for deletion, to the extent necessary to comply with applicable mandatory data retention laws for the period of time established by applicable law.
Consent withdrawal. To the extent the processing of your Personal Data is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of processing based on consent before your withdrawal.
Restriction of processing. Applicable law entitles You to restrict or object to the Operator processing or transferring your Personal Data under certain circumstances. Operator may continue to process your Personal Data if it is necessary for the defense of legal claims, or for any other derogations permitted by applicable law.
Automated individual decision-making, including profiling. Operator relies on automated tools to help assess whether a SDO's Personal Account presents a fraud or legal risks. Any ultimate decisions affecting Users or producing any legal effects are taken with human intervention only.
Marketing communications. You can opt-out of receiving marketing communications from the Operator. Direct marketing includes any communications to you that are only based on advertising or promoting our products and services. Operator will only contact you by electronic means (e-mail, push-notifications in applications) based on your consent. If you do not want to receive marketing communications, please refer to your Personal Account Settings to opt-out or submit a request via e-mail.
You can make protection rights requests relating to your Personal Data by going to your Personal Account settings or, if you cannot access it, by contacting the Operator email. Your Personal Account Settings also allow you to set your communication preferences and make individual rights requests relating to your Personal Data. Operator strongly encourage you to submit any individual rights requests through Your Personal Account because it ensures that you have been authenticated already (based on the information you have provided to open your Personal Account and by providing the necessary login credentials). Otherwise, when the Operator receives an individual rights request via other intake methods, it will take steps to verify your identity before complying with the request to protect your privacy and security.
GOVERNING LAW; JURISDICTIONS
OVERSEAS DATA TRANSFER; STORING DATA IN CERTAIN JURISDICTIONS
In addition to the above you acknowledge that, if the laws of your jurisdiction establish the requirement for storing Personal Data of its citizens within the territory of that jurisdiction, the Operator must conform to that requirement and will store Your Personal Data on servers located within the territory of that jurisdiction.
CHANGE OF OWNERSHIP
To request update or deletion of your Personal Data: email@example.com
In the UAE, the relevant data protection authority is Data Office.