Privacy Policy (for EU)

15.05.2021

  • General Provisions

  • The virtual currency exchange platform FINANSIV, available on the website​​ www.finansiv.com, our mobile apps or application programming interfaces ("API") ("FINANSIV", the "Platform", the "Website") provides a range of services, according to the Platform terms and conditions (the "Services"). The Platform is operated and Services are provided by FINANSIV EOOD (a limited liability company, company number 205867146, registered at 2, Hristo Belchev, 1000, Sofia, the Republic of Bulgaria) ("FINANSIV").

  • This Privacy Policy (the "Policy") applies if you use the Platform or the Services and indicates how your personal data is being processed by FINANSIV in such case, FINANSIV acts as a personal data controller. Depending on the context and your relation to, FINANSIV further in the Policy is referred to as the "Company", "we" or "us".

  • In order to provide Services through the Platform we may process personal data of our customers, their clients or representative, other related persons, such as family members, beneficial owners, transaction senders, etc. (all together referred to as "Customer" or "you"). Any personal data we gather, use or share about you is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR") and other applicable laws.

  • This Policy applies to your use of the Platform and any of Services, available through it. The Policy explains how we process your personal data through any relationship we have, whether it would be a call through the phone, use of the Services on the Platform, a message via e-mail or any other possible mean.

  • By using the Platform or any of the Services offered through it you confirm you have read, understood and agreed with this Policy. The Company reserves the right to make changes to this Policy from time to time. An up-to-date version of the Policy is posted on the Platform, therefore, please do review it regularly.

  • Personal Data Management Principles

  • The Company undertakes to ensure your personal data is:

  • processed lawfully, fairly, and in a transparent manner in relation to you;

  • collected for specified, explicit and legitimate purposes (f. e. prevention of money laundering and terrorist financing, performance of Services, etc.), and not further processed in a manner that is incompatible with those purposes;

  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

  • accurate and, where necessary, kept up to date;

  • kept in a form which permits your identification for no longer than is necessary for the purposes for which the personal data are processed;

  • processed in a manner that ensures appropriate security of your personal data.

  • The Company follows the above indicated principles strictly during the processing of your personal data and request the same from the data processors which it may use to process personal data on behalf of the Company.

  • Lawfulness of Personal Data Processing

  • Your personal data will be processed if:

  • you have given consent to the processing of your personal data for one or more specific purposes; and/or

  • processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract; and/or

  • processing is necessary for compliance with a legal obligation to which we are subject; and/or

  • processing is necessary for the purposes of the legitimate interests pursued by us or the third party.

  • The Company may subject its Customers to decisions based solely on automated processing, including profiling, only if it is necessary for conclusion of a contract between you and the Company or due to provision of the Services under such contract, it is authorized by the law or you have expressed an explicit consent to such processing.

  • Purposes for Which Your Personal Data is Being Processed

  • Your personal data is being processed for the purposes of:

  • account establishment;

  • performance of the Services (sale and purchase, transfers of funds, payment collection, etc.);

  • prevention of money laundering and terrorist financing (implementation of the principle "Know Your Customer");

  • crime prevention;

  • implementation of international sanctions;

  • Services support;

  • quality assurance;

  • direct marketing;

  • use of the Company's social networks accounts;

  • proper and secure operation of the Platform.

  • The processing of your personal data is necessary for the implementation of the above indicated purpose(s), therefore, if you fail to provide the requested data the Company may not be able to provide your requested Services.

  • Methods how your Personal Data is Being Collected

  • The Company collects your personal data directly from you or from the third parties when:

  • you use or view the Platform;

  • you register to the Platform;

  • you use our Services;

  • you request Services support;

  • we execute Customer's due diligence or ongoing due diligence;

  • we monitor your transactions;

  • we check whether you are not related to fraudulent activities;

  • we receive requests, orders, decisions or etc. from the third parties regarding you.

  • Categories of The Processed Personal Data

  • The scope of the Customer's personal data indicated below which could be requested by the Company and further processed in order to provide the Services for the purposes indicated in article 4 of this Policy may vary depending on the type of Services chosen particularly by the Customer and Company's applied verification procedures to execute it, as well as, legal requirements applied for such provision of Services in order to prevent possible risks and various crimes.

  • In order to provide the Services, we may process your personal data categories, such as (including but not limited):

  • General data: name, surname, personal code, date of birth, citizenship(s), place of birth (city, country), country of residence for tax purpose, taxpayer identification number (TIN), address, city/town, postal code, phone number, e-mail, networks account information (i.e. Facebook, Google, Skype) signature, selfie with the identity document, video, data about Customer which may be provided in double-checking systems;

  • Other Customer's profile information: profile type, unique character sequence assigned to the Customer for identification, executed Customer's assessment (evaluation) results, 2FA information, member ID, user ID, user PIN, referral code, referral ID, session ID, login status, social sign on type, email confirmed status, phone confirmed status, secret questions information, compliance officer comments;

  • Social network data: social sign on type, social network profile photo, name, surname, your comments, emotions and other actions expressed via our social network account, other your social network profile information provided by you;

  • Identity document data: ID Type (Passport / Identity Card / Residence permit), its copy, MRZ, document number, date of issue, date of expiry;

  • Data obtained and/or created while performing legal obligation: inquiries, requests, notifications, orders, courts decisions or other data related to the specific Customer(s) which may be received by or provided to the police, courts, investigative bodies, notaries, tax administrator, courts, bailiffs and other institutions;

  • Information about Customer's occupation and income sources:

  • Specific occupation: paid employee / owner of legal entity (company name) / registered self-employee / student / retired / unemployed;

  • Main sectors of customer's occupation, individual or business activity;

  • Information regarding countries in which customer is employed, carries out individual activity or business: countries, whereas activity or business is conducted or registered in preferential tax zone, percentage of turnover in cash for such activity or business, percentage of turnover in individual or business activity is handled in cryptocurrency;

  • Account opening information:

  • Services which the client plans to use;

  • Source of funds in Customers account;

  • Monthly planned account turnover in EUR; countries from which the funds will be received or transferred;

  • Information about Politically Exposed Person ("PEP"):

  • Information whether the Customer is PEP itself or has an immediate relationship with PEP;

  • General information regarding PEP: relation, name, surname, country, PEP's position;

  • Information about Beneficial Owner ("UBO"):

  • Information whether the Customer is the UBO of the account and the funds in the account;

  • General UBO's identification data: name, surname, date of birth, citizenship, country of residence for tax purposes, tax identification number (TIN), place of birth (city, country), registered residential address, share of benefit;

  • Financial data:

  • information about linked card(s) (i.e. currency, partial card number, validity date, card's owner name and surname, CVV/CVV2);

  • information about pre-paid card(s);

  • accounts related to the Customer's account on the Platform (used for receiving/sending funds);

  • information about accounts in other financial institutions (i.e. name of institution, country, account number);

  • information about other Customers' s cryptocurrencies;

  • information about used FINANSIV merchant services;

  • transactions information: transaction ID, method, type (credit, deposit, withdrawal, exchange), status, sender, recipient (ID), QR code/wallet/fiat account number, payment provider's information, time and date register, order ID, amount, currency (code), coupon code;

  • Communication data: date, time, correspondence, video and voice calls, chats, etc.

  • Information related to electronic devices: IP address(es); time zone; log-in and log-out register; browser information; electronic device's operational system information; location data (country (code), city), internet service provider (ISP); selected language; information regarding Customer's actions within Website;

  • History data: customer's experience using the Website, the register of all Customer's actions performed on the Platform (i.e. operations, such as funds transactions, linking cards, log-in and log-out register, register of reset passwords, separately expressed Customer's consents for personal data processing (i.e. for direct marketing);

  • Other data which may be requested or gathered by the Company or provided by the Customer herself/himself or any third party.

  • Personal Data Recipients

  • Your personal data indicated in article 6 of this Policy may be provided by the Company itself or upon respective request to the below indicated categories of personal data recipients:

  • credit, financial, payment and (or) electronic money institutions;

  • payment services providers, as well as intermediary services providers;

  • cards providers;

  • authorities (i.e. supervising institutions, law enforcement institutions, courts);

  • auditors, legal and financial consultants;

  • IT providers;

  • marketing services providers;

  • fraud detection services providers;

  • data processors;

  • other service providers which services may include, or which are engaged in personal data processing executed by the Company.

  • Personal data may also be provided to other recipients if:

  • the Company has to comply with a legal obligation to which it is a subject; or

  • such requested personal data is necessary for the concrete data recipient to carry out a particular inquiry in the general interest, in accordance with the European Union or Member State law; or

  • the data requesting party has a legitimate interest to request for such information.

  • The Company maintains strong cooperation with local and international authorities and institutions, therefore, upon request of such party substantiated under article 7.2 of this Policy, your personal data may be provided to the requested party without permission to notify you.

  • In general, the Company process your personal data within the European Union ("EU") or the European Economic Area ("EEA"), however, there might be some cases when the Company cooperates with the recipients outside EU or EEA. In such cases the Company makes all reasonable efforts to ensure that at least one of the following GDPR requirements is complied with:

  • the recipient is located in the territory which is acknowledged by the European Commission as ensuring the adequate level of personal data protection;

  • the recipient is in the United States of America and has been certified under Privacy Shield Framework;

  • the Company and the recipient have concluded the agreement with the standard terms and conditions regarding personal data security which were approved by the European Commission;

  • the Codes of conduct or other security measures under GDPR has been complied.

  • Personal Data Storage

  • The Company processes personal data so that it could achieve the purposes indicated in article 4 of this Policy.

  • In order to set the below indicated data retention periods the Company has referred to the legal acts and public recommendations applicable in the European Union and locally such as compliance with legit limitation periods, as well as current business practice.

  • Depending of the category of personal data and the purpose it is being processed your data retention period applied within the Company as it is required by the law or business practice to ensure smooth delivery of the Services is:

  • for the purposes indicated in articles 4.1.1- 4.1.5 of this Policy we process your personal data throughout the term of our contractual relationship and store it after this relationship ends for as many years as it is required by law (for example, it may be required to store such data for additional 8 years). The personal data processing for such period is based on necessity to execute Customer's due diligence, conduct ongoing monitoring, collect supporting evidence and records of transactions;

  • for the purposes indicated in article 4.1.6 - 4.1.7 we process your personal data collected via correspondence with you throughout the term of our contractual relationship and store it after this relationship ends for as many years as it is required by law (for example, it may be required to store such data for additional 5 years). As for your personal data processed for the same aforementioned purposes and collected when you call to our support services, or communicate with us when you have not established or has already terminated contractual relationship with us, we store such communication data for 3 years since the day of execution of voice call record or our last contact with each other via other communication means. The personal data processing for such periods is based on necessity to keep records of communication with you;

  • for the purpose indicated in article 4.1.8 we process your personal data throughout the term your consent is valid (up to 3 years, if not renewed) and after the day of termination of contractual relationship or expiration date/ revocation of the consent we store it for additional period of time due to possible claims (for example, possible prescription period for claims can be 3 years) although newsletters will not be sent during this period;

  • for the purposes indicated in article 4.1.9. we process your personal data until your social network account or Company's social network account is deleted​​ – whichever comes first;

  • for the purposes indicated in article 4.1.10 we process your personal data throughout the term we support the Platform.

  • Upon the end of retention period, indicated above, your personal data is erased.

  • Direct Marketing

  • In order to provide you up-to-date news about FINANSIV products, Services and proposals, your email might be processed by the Company for direct marketing purposes.

  • You may receive direct marketing newsletters based on your explicitly expressed consent or Company's legitimate interest based on the applicable law.

  • Company may send you personalized news regarding FINANSIV products, Services and proposals based on your location or used Services only if you have explicitly agreed to such profiled direct marketing.

  • In order to send you the newsletters we may use third party services and share your e-mail address with it.

  • If you gave a consent for direct marketing, your e-mail for this purpose would be processed for the period indicated in article 8.3.3 of this Policy. Together with your e-mail your personal data, such as IP address and the date when you gave a consent and or you have renewed it (and later on also the day of termination of Services or expiration/revocation date of the consent) will be processed for the aforementioned period.

  • You have a right not to consent to direct marketing or revoke your present consent at any time by withdrawing your consent in your profile settings or by clicking on the withdrawal link provided in the received newsletters or by sending us a request at the contacts provided in the Platform.

  • Information Security

  • The Company takes various security ensuring technologies and procedures in order to protect your personal data against unauthorized or unlawful processing, accidental loss, misuse, unauthorized access, illegal usage, destruction, disclosure, damage and etc. This includes legal, organizational, technical, and physical security measures, such as latest security systems, two-factor authentication and passwords, ability to detect cyber security attacks and other threats to the integrity of the Platform, working only with trustworthy service providers, etc. However, no transmission of information via email or other telecommunication channels or your access to the Platform or the Services through the internet could be fully secured. Therefore, you should take due care when you are accessing the Platform or using the Services via internet or sharing confidential information via e-mail or other telecommunication channels.

  • Cookies

  • Cookies are small information files found in the Platform you visit and stored in your computer or mobile device. In order to get to know more about cookies, please read the Cookie Policy on the Platform.

  • Your Rights Regarding the Processing of Your Personal Data

  • You have certain legal rights in relation to the processing of your personal data, including:

  • the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information regarding its processing;

  • the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, taking into account the purpose of the processing, the right to have incomplete personal information completed;

  • the right to obtain from us the erasure of personal data concerning you without undue delay if one of the grounds set out in article 17 of the GDPR applies;

  • the right to obtain from us restriction of processing where one of the grounds set out in article 18 of the GDPR applies;

  • the right to data portability in accordance with article 20 of the GDPR;

  • the right to object at any time to processing of your personal data in accordance with article 21 of the GDPR;

  • the right not to be subject to an automated individual decision-making, including profiling in accordance with article 22 of the GDPR.

  • This Policy does not deprive you of any other legal rights you may enforce under the applicable law.

  • The Customer may exercise his / her rights only after the Company has successfully identified him / her. If the Company is not sure about the identity of the person sending data request, the Company may not provide the requested information to him / her, unless the Customer's identity is confirmed. Therefore, if you like to address a request towards the company regarding execution of your rights, we suggest you to do it through Live Chat once you are logged in to your account on the Platform (so that we could identify you). In case you decide to use other communication channels, such as sending a request via email, kindly ask you to indicate in the e-mail your name, surname, your date of birth and the last four digitals of your identity document number which you used when entering into business relationship with the company (if you have provided it before). In addition, the Company keeps the right to decide if the other or additional legitimate mean of identification proof should be requested, such as a selfie with your ID document, certified copy of your ID document, video or voice call, or any other additional document or method which could let to determine your identity.

  • The Customer is provided with information related to the exercise of their rights free of charge. However, the Customer's request for the exercise of rights may be waived or may be subject to an appropriate fee if the request is manifestly unfounded or excessive, in particular because of their repetitive character.

  • The Company shall provide the Customer with information on the actions taken upon receipt of the Customer's request for the exercise of his rights or the reasons for the inaction no later than within 1 month from the receipt of the request. The period for submitting the requested information may be extended, if necessary, for 2 more months, depending on the complexity and number of requests. When the Customer submits the request by electronic means, the information shall also be provided by electronic means.

  • If the Customer considers that his / her personal data is being processed in violation of his / her rights and legitimate interests in accordance with applicable law, the Customer shall have the right to file a complaint against the processing of personal data to the State Data Protection Inspectorate located in the country where your data controller is incorporated.

  • Your Responsibilities

  • You confirm that you have provided correct data about yourself in every required form and that afterwards, when changing or adding any data at the Platform, you will enter only correct data. The Company will not tolerate invalid, false or otherwise incorrect data and will pursue actions in accordance with its legal obligations. You shall bear any losses that occur with regard to the submission of invalid, false or otherwise incorrect data.

  • You are responsible for maintaining adequate security and control of every identification number, password, and / or any other code that you use to access the Platform. If you have not complied with this obligation and / or could, but have not prevented it and / or performed it on purpose or due to own negligence, you assume the losses and undertake to reimburse the losses of other persons incurred as a result of your (in)action.

  • In the event of loss of any password by yourself or if the password(s) are disclosed not due to your or Company's fault, or in case of a real threat that has occurred or may occur to your account, you undertake to change the password(s) immediately or, if you do not have a possibility to do that, not later than within 1 calendar day notify the Company. The Company shall not be liable for consequences that have originated due to the notification failure.

  • After the Company receives the notification from you as indicated above, the Company shall immediately suspend access to your account and provision of the Company's Services until a new password is provided / created for you.

  • The Company draws your attention to the fact that email address and any other contact information you have chosen to link to your account are used for your identification and communication. You undertake responsibility to protect these instruments and logins to them. You are responsible for password disclosure and for all operations performed after you use the password for a relevant account. We recommend to memorize your passwords and not to write them down or enter anywhere where they may be seen by other persons.

  • Contact Details

  • If you have any questions regarding this Policy or your personal data protection or if you want to withdraw your consent, or execute your rights you may contact our Data Protection Officer who monitors that your data processing executed by Company complies with the applicable data protection laws. You can reach our Data Protection Officer via e-mail: [email protected] or mail via postal address: FINANSIV EOOD, 2, Hristo Belchev, 1000, Sofia, the Republic of Bulgaria with a notice "Data Protection Officer".

  • Final Provisions

  • This Policy shall be viewed and applied in accordance with the GDPR and other applicable laws.

  • The Company may change, amend, delete any of the provisions contained in this Privacy Policy at any time and in its sole discretion. Any such changes will be effective upon the posting of the revised Policy on the Platform and you are solely responsible for reviewing it. Your continued use of the Platform and Services following any such revisions to the Policy will constitute your acceptance of such changes. If you do not agree to any such of such changes, do not continue to use our Services.

  • The Platform and Services may contain links to our partners or other third-party websites. If you use the services of our partners or other third-parties, their own privacy policies apply, and you will be covered by such respective policies.

  • General Provisions

  • The virtual currency exchange platform FINANSIV, available on the website​​ www.FINANSIV.com, our mobile apps or application programming interfaces ("API") ("FINANSIV", the "Platform", the "Website") provides a range of services, according to the Platform terms and conditions (the "Services"). The Platform is operated and Services are provided by FINANSIV EOOD (a limited liability company, company number 205867146, registered at 2, Hristo Belchev, 1000, Sofia, the Republic of Bulgaria) (FINANSIV).

  • This Privacy Policy (the "Policy") applies if you use the Platform or the Services and indicates how your personal data is being processed by FINANSIV. In such case, FINANSIV acts as a personal data controller. Depending on the context and your relation to, FINANSIV further in the Policy is referred to as the "Company", "we" or "us".

  • In order to provide Services through the Platform we may process personal data of our customers, their clients or representative, other related persons, such as family members, beneficial owners, transaction senders, etc. (all together referred to as "Customer" or "you"). Any personal data we gather, use or share about you is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR") and other applicable laws.

  • This Policy applies to your use of the Platform and any of Services, available through it. The Policy explains how we process your personal data through any relationship we have, whether it would be a call through the phone, use of the Services on the Platform, a message via e-mail or any other possible mean.

  • By using the Platform or any of the Services offered through it you confirm you have read, understood and agreed with this Policy. The Company reserves the right to make changes to this Policy from time to time. An up-to-date version of the Policy is posted on the Platform, therefore, please do review it regularly.

  • Personal Data Management Principles

  • The Company undertakes to ensure your personal data is:

  • processed lawfully, fairly, and in a transparent manner in relation to you;

  • collected for specified, explicit and legitimate purposes (f. e. prevention of money laundering and terrorist financing, performance of Services, etc.), and not further processed in a manner that is incompatible with those purposes;

  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

  • accurate and, where necessary, kept up to date;

  • kept in a form which permits your identification for no longer than is necessary for the purposes for which the personal data are processed;

  • processed in a manner that ensures appropriate security of your personal data.

  • The Company follows the above indicated principles strictly during the processing of your personal data and request the same from the data processors which it may use to process personal data on behalf of the Company.

  • Lawfulness of Personal Data Processing

  • Your personal data will be processed if:

  • you have given consent to the processing of your personal data for one or more specific purposes; and/or

  • processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract; and/or

  • processing is necessary for compliance with a legal obligation to which we are subject; and/or

  • processing is necessary for the purposes of the legitimate interests pursued by us or the third party.

  • The Company may subject its Customers to decisions based solely on automated processing, including profiling, only if it is necessary for conclusion of a contract between you and the Company or due to provision of the Services under such contract, it is authorized by the law or you have expressed an explicit consent to such processing.

  • Purposes for Which Your Personal Data is Being Processed

  • Your personal data is being processed for the purposes of:

  • account establishment;

  • performance of the Services (sale and purchase, transfers of funds, payment collection, etc.);

  • prevention of money laundering and terrorist financing (implementation of the principle "Know Your Customer");

  • crime prevention;

  • implementation of international sanctions;

  • Services support;

  • quality assurance;

  • direct marketing;

  • use of the Company's social networks accounts;

  • proper and secure operation of the Platform.

  • The processing of your personal data is necessary for the implementation of the above indicated purpose(s), therefore, if you fail to provide the requested data the Company may not be able to provide your requested Services.

  • Methods how your Personal Data is Being Collected

  • The Company collects your personal data directly from you or from the third parties when:

  • you use or view the Platform;

  • you register to the Platform;

  • you use our Services;

  • you request Services support;

  • we execute Customer's due diligence or ongoing due diligence;

  • we monitor your transactions;

  • we check whether you are not related to fraudulent activities;

  • we receive requests, orders, decisions or etc. from the third parties regarding you.

  • Categories of The Processed Personal Data

  • The scope of the Customer's personal data indicated below which could be requested by the Company and further processed in order to provide the Services for the purposes indicated in article 4 of this Policy may vary depending on the type of Services chosen particularly by the Customer and Company's applied verification procedures to execute it, as well as, legal requirements applied for such provision of Services in order to prevent possible risks and various crimes.

  • In order to provide the Services, we may process your personal data categories, such as (including but not limited):

  • General data: name, surname, personal code, date of birth, citizenship(s), place of birth (city, country), country of residence for tax purpose, taxpayer identification number (TIN), address, city/town, postal code, phone number, e-mail, networks account information (i.e. Facebook, Google, Skype) signature, selfie with the identity document, video, data about Customer which may be provided in double-checking systems;

  • Other Customer's profile information: profile type, unique character sequence assigned to the Customer for identification, executed Customer's assessment (evaluation) results, 2FA information, member ID, user ID, user PIN, referral code, referral ID, session ID, login status, social sign on type, email confirmed status, phone confirmed status, secret questions information, compliance officer comments;

  • Social network data: social sign on type, social network profile photo, name, surname, your comments, emotions and other actions expressed via our social network account, other your social network profile information provided by you;

  • Identity document data: ID Type (Passport / Identity Card / Residence permit), its copy, MRZ, document number, date of issue, date of expiry;

  • Data obtained and/or created while performing legal obligation: inquiries, requests, notifications, orders, courts decisions or other data related to the specific Customer(s) which may be received by or provided to the police, courts, investigative bodies, notaries, tax administrator, courts, bailiffs and other institutions;

  • Information about Customer's occupation and income sources:

  • Specific occupation: paid employee / owner of legal entity (company name) / registered self-employee / student / retired / unemployed;

  • Main sectors of customer's occupation, individual or business activity;

  • Information regarding countries in which customer is employed, carries out individual activity or business: countries, whereas activity or business is conducted or registered in preferential tax zone, percentage of turnover in cash for such activity or business, percentage of turnover in individual or business activity is handled in cryptocurrency;

  • Account opening information:

  • Services which the client plans to use;

  • Source of funds in Customers account;

  • Monthly planned account turnover in EUR; countries from which the funds will be received or transferred;

  • Information about Politically Exposed Person ("PEP"):

  • Information whether the Customer is PEP itself or has an immediate relationship with PEP;

  • General information regarding PEP: relation, name, surname, country, PEP's position;

  • Information about Beneficial Owner ("UBO"):

  • Information whether the Customer is the UBO of the account and the funds in the account;

  • General UBO's identification data: name, surname, date of birth, citizenship, country of residence for tax purposes, tax identification number (TIN), place of birth (city, country), registered residential address, share of benefit;

  • Financial data:

  • information about linked card(s) (i.e. currency, partial card number, validity date, card's owner name and surname, CVV/CVV2);

  • information about pre-paid card(s);

  • accounts related to the Customer's account on the Platform (used for receiving/sending funds);

  • information about accounts in other financial institutions (i.e. name of institution, country, account number);

  • information about other Customers' s cryptocurrencies;

  • information about used FINANSIV merchant services;

  • transactions information: transaction ID, method, type (credit, deposit, withdrawal, exchange), status, sender, recipient (ID), QR code/wallet/fiat account number, payment provider's information, time and date register, order ID, amount, currency (code), coupon code;

  • Communication data: date, time, correspondence, video and voice calls, chats, etc.

  • Information related to electronic devices: IP address(es); time zone; log-in and log-out register; browser information; electronic device's operational system information; location data (country (code), city), internet service provider (ISP); selected language; information regarding Customer's actions within Website;

  • History data: customer's experience using the Website, the register of all Customer's actions performed on the Platform (i.e. operations, such as funds transactions, linking cards, log-in and log-out register, register of reset passwords, separately expressed Customer's consents for personal data processing (i.e. for direct marketing);

  • Other data which may be requested or gathered by the Company or provided by the Customer herself/himself or any third party.

  • Personal Data Recipients

  • Your personal data indicated in article 6 of this Policy may be provided by the Company itself or upon respective request to the below indicated categories of personal data recipients:

  • credit, financial, payment and (or) electronic money institutions;

  • payment services providers, as well as intermediary services providers;

  • cards providers;

  • authorities (i.e. supervising institutions, law enforcement institutions, courts);

  • auditors, legal and financial consultants;

  • IT providers;

  • marketing services providers;

  • fraud detection services providers;

  • data processors;

  • other service providers which services may include, or which are engaged in personal data processing executed by the Company.

  • Personal data may also be provided to other recipients if:

  • the Company has to comply with a legal obligation to which it is a subject; or

  • such requested personal data is necessary for the concrete data recipient to carry out a particular inquiry in the general interest, in accordance with the European Union or Member State law; or

  • the data requesting party has a legitimate interest to request for such information.

  • The Company maintains strong cooperation with local and international authorities and institutions, therefore, upon request of such party substantiated under article 7.2 of this Policy, your personal data may be provided to the requested party without permission to notify you.

  • In general, the Company process your personal data within the European Union ("EU") or the European Economic Area ("EEA"), however, there might be some cases when the Company cooperates with the recipients outside EU or EEA. In such cases the Company makes all reasonable efforts to ensure that at least one of the following GDPR requirements is complied with:

  • the recipient is located in the territory which is acknowledged by the European Commission as ensuring the adequate level of personal data protection;

  • the recipient is in the United States of America and has been certified under Privacy Shield Framework;

  • the Company and the recipient have concluded the agreement with the standard terms and conditions regarding personal data security which were approved by the European Commission;

  • the Codes of conduct or other security measures under GDPR has been complied.

  • Personal Data Storage

  • The Company processes personal data so that it could achieve the purposes indicated in article 4 of this Policy.

  • In order to set the below indicated data retention periods the Company has referred to the legal acts and public recommendations applicable in the European Union and locally such as compliance with legit limitation periods, as well as current business practice.

  • Depending of the category of personal data and the purpose it is being processed your data retention period applied within the Company as it is required by the law or business practice to ensure smooth delivery of the Services is:

  • for the purposes indicated in articles 4.1.1- 4.1.5 of this Policy we process your personal data throughout the term of our contractual relationship and store it after this relationship ends for as many years as it is required by law (for example, it may be required to store such data for additional 8 years). The personal data processing for such period is based on necessity to execute Customer's due diligence, conduct ongoing monitoring, collect supporting evidence and records of transactions;

  • for the purposes indicated in article 4.1.6 - 4.1.7 we process your personal data collected via correspondence with you throughout the term of our contractual relationship and store it after this relationship ends for as many years as it is required by law (for example, it may be required to store such data for additional 5 years). As for your personal data processed for the same aforementioned purposes and collected when you call to our support services, or communicate with us when you have not established or has already terminated contractual relationship with us, we store such communication data for 3 years since the day of execution of voice call record or our last contact with each other via other communication means. The personal data processing for such periods is based on necessity to keep records of communication with you;

  • for the purpose indicated in article 4.1.8 we process your personal data throughout the term your consent is valid (up to 3 years, if not renewed) and after the day of termination of contractual relationship or expiration date/ revocation of the consent we store it for additional period of time due to possible claims (for example, possible prescription period for claims can be 3 years) although newsletters will not be sent during this period;

  • for the purposes indicated in article 4.1.9. we process your personal data until your social network account or Company's social network account is deleted​​ – whichever comes first;

  • for the purposes indicated in article 4.1.10 we process your personal data throughout the term we support the Platform.

  • Upon the end of retention period, indicated above, your personal data is erased.

  • Direct Marketing

  • In order to provide you up-to-date news about FINANSIV products, Services and proposals, your email might be processed by the Company for direct marketing purposes.

  • You may receive direct marketing newsletters based on your explicitly expressed consent or Company's legitimate interest based on the applicable law.

  • Company may send you personalized news regarding FINANSIV products, Services and proposals based on your location or used Services only if you have explicitly agreed to such profiled direct marketing.

  • In order to send you the newsletters we may use third party services and share your e-mail address with it.

  • If you gave a consent for direct marketing, your e-mail for this purpose would be processed for the period indicated in article 8.3.3 of this Policy. Together with your e-mail your personal data, such as IP address and the date when you gave a consent and or you have renewed it (and later on also the day of termination of Services or expiration/revocation date of the consent) will be processed for the aforementioned period.

  • You have a right not to consent to direct marketing or revoke your present consent at any time by withdrawing your consent in your profile settings or by clicking on the withdrawal link provided in the received newsletters or by sending us a request at the contacts provided in the Platform.

  • Information Security

  • The Company takes various security ensuring technologies and procedures in order to protect your personal data against unauthorized or unlawful processing, accidental loss, misuse, unauthorized access, illegal usage, destruction, disclosure, damage and etc. This includes legal, organizational, technical, and physical security measures, such as latest security systems, two-factor authentication and passwords, ability to detect cyber security attacks and other threats to the integrity of the Platform, working only with trustworthy service providers, etc. However, no transmission of information via email or other telecommunication channels or your access to the Platform or the Services through the internet could be fully secured. Therefore, you should take due care when you are accessing the Platform or using the Services via internet or sharing confidential information via e-mail or other telecommunication channels.

  • Cookies

  • Cookies are small information files found in the Platform you visit and stored in your computer or mobile device. In order to get to know more about cookies, please read the Cookie Policy on the Platform.

  • Your Rights Regarding the Processing of Your Personal Data

  • You have certain legal rights in relation to the processing of your personal data, including:

  • the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information regarding its processing;

  • the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, taking into account the purpose of the processing, the right to have incomplete personal information completed;

  • the right to obtain from us the erasure of personal data concerning you without undue delay if one of the grounds set out in article 17 of the GDPR applies;

  • the right to obtain from us restriction of processing where one of the grounds set out in article 18 of the GDPR applies;

  • the right to data portability in accordance with article 20 of the GDPR;

  • the right to object at any time to processing of your personal data in accordance with article 21 of the GDPR;

  • the right not to be subject to an automated individual decision-making, including profiling in accordance with article 22 of the GDPR.

  • This Policy does not deprive you of any other legal rights you may enforce under the applicable law.

  • The Customer may exercise his / her rights only after the Company has successfully identified him / her. If the Company is not sure about the identity of the person sending data request, the Company may not provide the requested information to him / her, unless the Customer's identity is confirmed. Therefore, if you like to address a request towards the company regarding execution of your rights, we suggest you to do it through Live Chat once you are logged in to your account on the Platform (so that we could identify you). In case you decide to use other communication channels, such as sending a request via email, kindly ask you to indicate in the e-mail your name, surname, your date of birth and the last four digitals of your identity document number which you used when entering into business relationship with the company (if you have provided it before). In addition, the Company keeps the right to decide if the other or additional legitimate mean of identification proof should be requested, such as a selfie with your ID document, certified copy of your ID document, video or voice call, or any other additional document or method which could let to determine your identity.

  • The Customer is provided with information related to the exercise of their rights free of charge. However, the Customer's request for the exercise of rights may be waived or may be subject to an appropriate fee if the request is manifestly unfounded or excessive, in particular because of their repetitive character.

  • The Company shall provide the Customer with information on the actions taken upon receipt of the Customer's request for the exercise of his rights or the reasons for the inaction no later than within 1 month from the receipt of the request. The period for submitting the requested information may be extended, if necessary, for 2 more months, depending on the complexity and number of requests. When the Customer submits the request by electronic means, the information shall also be provided by electronic means.

  • If the Customer considers that his / her personal data is being processed in violation of his / her rights and legitimate interests in accordance with applicable law, the Customer shall have the right to file a complaint against the processing of personal data to the State Data Protection Inspectorate located in the country where your data controller is incorporated.

  • Your Responsibilities

  • You confirm that you have provided correct data about yourself in every required form and that afterwards, when changing or adding any data at the Platform, you will enter only correct data. The Company will not tolerate invalid, false or otherwise incorrect data and will pursue actions in accordance with its legal obligations. You shall bear any losses that occur with regard to the submission of invalid, false or otherwise incorrect data.

  • You are responsible for maintaining adequate security and control of every identification number, password, and / or any other code that you use to access the Platform. If you have not complied with this obligation and / or could, but have not prevented it and / or performed it on purpose or due to own negligence, you assume the losses and undertake to reimburse the losses of other persons incurred as a result of your (in)action.

  • In the event of loss of any password by yourself or if the password(s) are disclosed not due to your or Company's fault, or in case of a real threat that has occurred or may occur to your account, you undertake to change the password(s) immediately or, if you do not have a possibility to do that, not later than within 1 calendar day notify the Company. The Company shall not be liable for consequences that have originated due to the notification failure.

  • After the Company receives the notification from you as indicated above, the Company shall immediately suspend access to your account and provision of the Company's Services until a new password is provided / created for you.

  • The Company draws your attention to the fact that email address and any other contact information you have chosen to link to your account are used for your identification and communication. You undertake responsibility to protect these instruments and logins to them. You are responsible for password disclosure and for all operations performed after you use the password for a relevant account. We recommend to memorize your passwords and not to write them down or enter anywhere where they may be seen by other persons.

  • Contact Details

  • If you have any questions regarding this Policy or your personal data protection or if you want to withdraw your consent, or execute your rights you may contact our Data Protection Officer who monitors that your data processing executed by Company complies with the applicable data protection laws. You can reach our Data Protection Officer via e-mail: [email protected] or mail via postal address: FINANSIV EOOD, 2, Hristo Belchev, 1000, Sofia, the Republic of Bulgaria with a notice "Data Protection Officer".

  • Final Provisions

  • This Policy shall be viewed and applied in accordance with the GDPR and other applicable laws.

  • The Company may change, amend, delete any of the provisions contained in this Privacy Policy at any time and in its sole discretion. Any such changes will be effective upon the posting of the revised Policy on the Platform and you are solely responsible for reviewing it. Your continued use of the Platform and Services following any such revisions to the Policy will constitute your acceptance of such changes. If you do not agree to any such of such changes, do not continue to use our Services.

  • The Platform and Services may contain links to our partners or other third-party websites. If you use the services of our partners or other third-parties, their own privacy policies apply, and you will be covered by such respective policies.