Last revised: 3 March 2020
DigiFinex Limited and its affiliates (hereinafter, “we”, “us” or “our”) recognise that privacy is important to our customers and others, including visitors of our website(s) (hereinafter “you”, “your”, “users”). We are committed to promoting confidence in the manner in which your personal information is handled by us.
- Platform means the online website platform and mobile application platform, each known as DigiFinex Exchange Platform operated by us for the purpose of providing a digital currency exchange service; and
- Website means the website www.digifinex.com, also known as DigiFinex Website operated by us for the purpose of the provision of the digital currency exchange service.
- the kinds of personal information that we collect and hold;
- how and why we collect, use, disclose and protect personal information;
- how you can access your personal information and seek correction of it;
- how to contact us and supervisory authorities in the event you have a complaint;
- how to close your account; and
- how to make a complaint about any breaches of privacy.
If personal information we request is not provided, we may not be able to supply the relevant product or service to you.
What personal information do we collect and hold?
When we refer to “personal data” or personal information, we mean:
- personal identification information about you as an identified or identifiable person; and
- business identification information about you as an institution of all types of business structures.
Examples of personal identification information we collect and hold include:
- email address;
- phone number;
- residential address;
- date of birth;
- identity documentation;
- cryptocurrency wallet ID;
- information (such as your bank account details); and
- relevant bank and payment card information.
Examples of business identification information we collect and hold include:
- business legal name;
- business type (company, trust, partnership etc);
- address of registered office of the business;
- address of principal place of business;
- business contact details including phone number and email address;
- personal identification information of all directors, account signatories and Beneficial Owners of the business;
- proof of legal existence of the business (e.g. state certified articles of incorporation or certificate of formation, unexpired government-issued business licence, trust instrument, or other comparable legal documents as applicable);
- business cryptocurrency wallet ID; and
- relevant bank and payment card information.
The list above is not exhaustive and we may collect other personal information from time to time which we consider is reasonably necessary for one or more of our functions and activities which we are authorised or required by the law to collect.
Beneficial Owner means:
- institution/business owns no less than 15% shares/controlling power of the business; and/or
- individual owns no less than 15% shares/controlling power of the business and/or the institutional beneficial owner.
We may collect personal information about you whenever you interact with our Website. This information may include technical information about your means of connection to our Website, such as details of your browser, computer operating system, smartphone, the Internet service providers utilized, IP Address, MAC address, mobile network information, standard web information and other similar information.
Unless is it impracticable for us to do so, you will have the option of dealing with us anonymously or by using a pseudonym. However, in order to comply with the Know Your Customer requirement in the Terms and Condition, you need to use your real names/legal names when dealing with us.
Sensitive information includes, amongst other things, information about your health, genetics, religious beliefs, sexual orientation, biometric templates and criminal record. We may only collect sensitive information about you if you consent to us doing so and the information is reasonably necessary for one or more of our functions or activities, or where otherwise permitted or required by law.
If you provide us with personal information that we did not request for, we will within a reasonable period after receiving the information, determine whether or not we could have collected the information under the Data Protection Act (DPA) if we had requested the information. If we determine that we could not have collected the personal information in accordance with the DPA, we will (but only if accidentally provide your information to us without us requesting to do so, we will view and decide the nature of the information. If the information helps us to provide you better service or to comply with our legal obligations, we may retain the personal information in our database. If not, we will contact you to collect the information. If we do not receive your response within 7 business days, we will destroy or de-identify the information.
How we collect personal information
Generally, we will collect your personal information from you directly (including when you interact with us in writing, electronically or via telephone), when you visit our Platform (including when you place a trade order, submit a form and any other actions in connection with our Platform and Services) directly from you in a variety of ways such as by telephone, standard form, letter, email or you visiting our site.
Personal information collected in every form you submit or every communication you make to use will be recorded in our database. Personal information disclosed in calls to and from our customer support centre may be recorded.
We may also collect your personal information from a related entity or from a third party or a publicly available source where you consent for us to do so, it is unreasonable or impractical to collect the information directly from you or we are required or authorised by law or court order.
Security of your personal information
We have taken steps to assure that all personal information collected will remain secure and in its original form, i.e. free from any alteration. As such, access to all personal information is strictly controlled.
We will retain your personal information after you end the relationship with us or as necessary to comply with our legal obligations or resolve disputes.
We cannot guarantee that unauthorised access by external parties will never occur, however, we assure you that we take the greatest care in maintaining the security of your information and in stopping unauthorised access attempts by the most appropriate technology and strict internal procedures to the best industry practice.
We will never send you emails asking you for your login information. In general, you can protect yourself against phishing by never providing personal or login information via a link contained in such email; Instead, please visit our Platforms and/or Website directly.
How we use your personal information
We collect and hold personal information from you in order to provide a service to you. We use your personal information for a variety of purposes to effectively conduct our business, including to:
- verify your identity;
- conduct Know Your Customer (KYC) procedures and fulfil any reporting obligations in accordance withthe Anti-Money Laundering Act (the AML Act) ;
- comply with other legal obligations;
- enable you to open and operate an account under your name and make transactions through our Platform and Services;
- perform our administrative operations including accounting, risk management and record keeping;
- fulfil your product or service orders;
- inform you of any updates to the of terms and conditions of our Service;
- contact you when necessary regarding your account and transactions;
- conduct market surveys and research;
- alert you of new products or services, features, or enhancements;
- handle/route your customer service or technical support questions or issues;
- provide you with news, information and material in relation to our services or direct marketing and promotional content of us, our partners and affiliates;
- notify you of promotions and offers;
- monitor who is accessing our Website or using our services;
- improve customer service;
- process payments; and
- to fulfil compliance requirements.
We may occasionally hire other companies to provide services on our behalf, including but not limited to handling customer support enquiries and processing transactions. Those companies will be permitted to obtain only the personal information they need to deliver the service. We take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information.
From time to time, we may use your personal information, to send you information on products, services, upcoming events, offers, special deals and promotions which we think may be of interest to you. Periodic emails will also be sent updates pertaining to their order. To do this, we may contact you by telephone, email or SMS.
Unless you choose to opt out of receiving marketing material from us, we will consider that you consent to this type of communication. In order to opt out, you are welcome to contact us at any time or follow the opt-out instructions in the relevant marketing communication. For example, each email newsletter will include instructions on how you can unsubscribe from that particular mailing.
You may choose to disable cookies via your web browser settings. However, if you do so, various functions of the Website may be unavailable to you or may not work the way you want them to.
Sharing your personal information
Your privacy is respected, and we do not sell, trade, or rent your personal information to others. We may share generic aggregated demographic information not linked to any personal identification information that relates to you with our business partners, trusted affiliates and advertisers for the purposes outlined above.
From time to time we may disclose your personal information to, or share it with, third parties including:
- financial institutions, payment processors, and identity service providers with which we operate. Service providers may be contracted to help with parts of our business operations such as fraud prevention, compliance, marketing, and technology services. Our contracts will dictate for these service providers to only use your personal information to the extent of performing the services under the contract and not for their own benefit.
- law enforcement, government officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure; or we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our Terms and Conditions; and
- other third parties with your consent or direction to do so.
We will take reasonable steps to ensure that third parties that have access to our personal information are bound by appropriate privacy and confidentiality obligations in relation to that personal information.
Sharing information overseas
When we share data, it may be transferred to, and processed in, countries other than the country you live in. Rest assured, where we disclose personal data to a third party in another country, we put safeguards in place requiring the third party to ensure your personal data remains protected. Generally, these include putting in place suitable contractual obligations on the recipient that ensure they comply with all applicable laws in relation to their handling of such personal information.
Third party websites
From time to time, at our discretion, we may include website links to the products and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these websites and are not responsible for the practices employed by websites linked to or from our website. In addition, these websites or services, including their content and links, may be constantly changing. These websites and services may have their own privacy policies and customer service policies.
Browsing and interactions on any other website, including websites which have a link to our Website, is subject to that website’s own terms and policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites.
General Data Protection Regulation (GDPR) for the European Union (EU)
We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use. We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
We must establish a lawful basis for processing your personal information. The legal basis for which we collect your information depends on the data that we collect and how we use it.
We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
Your rights under the GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. We comply with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU. Except as otherwise provided in the GDPR, you have the following rights:
- to be informed how your personal information is being used;
- access your personal information (we will provide you with a free copy of it);
- to correct your personal information if it is inaccurate or incomplete;
- to delete your personal information (also known as “the right to be forgotten”);
- to restrict processing of your personal information;
- to retain and reuse your personal information for your own purposes;
- to object to your personal information being used; and
- to object against automated decision making and profiling.
We may ask you to verify your identity before acting on any of your requests.
Closing your account
If you choose to close or deactivate your account, we will mark your account in our database as “Closed” or “Deactivated,” but will keep your account information in our database. This is necessary in order to deter fraud, by ensuring that persons who try to commit fraud will not be able to avoid detection simply by closing their account and opening a new one.
Accessing your personal information
We endeavour to ensure that the personal information we hold is accurate, complete and up-to-date. This includes updating your personal information when you advise us of changes. You can advise us of changes to your personal information by contacting us over the telephone, by email from your registered email address or online via the electronic trading service. We advise that it is also a good practice for you to keep us informed of any changes to your personal information and we encourage you to notify us promptly.
You have the right to obtain confirmation from us as to whether or not we collect your personal information, and, if so, obtain access to the personal information we hold about you.
Personal information will not be provided if, as is permitted under the DPA, your request is frivolous or vexatious; or if giving access would be unlawful or if in our reasonable opinion, to do so would result in serious threat to the life or health of any person or to public health and safety.
If you wish to make a complaint about our privacy practices, including a breach of the DPA, you should first contact our Privacy Officer with the details of your complaint. We undertake that your complaint will be investigated diligently and our response provided to you as soon as reasonably practicable.
If you feel that we have not handled your complaint adequately you have the right to lodge a complaint in writing to the Financial Intelligent Unit. You may obtain information about the complaint process from the relevant regulator’s website.
You may also complain to the relevant regulator or supervisory authority. They will be able to advise you how to submit a complaint.
Any changes in the future will be posted on our Website/Platform, if the changes are significant, we will notify you via your registered email.