Privacy Policy
If a User refuses to provide his/her personal data or disagrees with the Policy, the User shall immediately cease the use of the Services.
1. General Provisions
1.1. This Privacy Policy (hereinafter referred to as the “Policy”) applies to any information, including personal data about the Users which may be processed by Limited Liability Company Pixel Internet, legal address: 4b Amuratorskaya street, premise 22, office 17, Minsk, Republic of Belarus, 220004 (hereinafter referred to as the “Company” and/or “Controller”) and its partners in the course of using Company’s Services.
1.2. The identity and contact details of the Company representative for European Union Users: REFIRAL, 205 Christodoulou Chatzipavlou, Louloupis Court, 6th floor, 3036, Limassol, Republic of Cyprus.
1.3. The contact details of the Data Protection Officer: 4b Amuratorskaya street, premise 22, office 17, Minsk, Republic of Belarus, 220004; email: privacy@free2ex.com.
2. Definitions
2.1. Services – software, Website, and any systems or information assets used by the Company, including a mobile application, a web version of the Company trading system and a Telegram bot.
2.2. Website – any website addresses used by the Company, including the website https://www.free2ex.com/, https://www.free2ex.ru/, https://live.free2ex.com/, https://my.free2ex.com.
2.3. User – any natural person, including a visitor of the Website, who currently or previously used the Services.
2.4. Cross-border or international transfer of personal data: transferring personal data to a foreign country, authority, individual, or organization.
2.5. Sensitive personal – personal data relating to ethnic or national origin, political views, membership in trade unions, religious or other (philosophical) beliefs, health or sexual life, including sexual orientation, administrative or criminal liability, as well as biometric and genetic personal data.
2.6. Other terms in the Policy may be used in the meanings assigned to them in accordance with the requirements of the Law of the Republic of Belarus ‘On the Protection of Personal Data’ (hereinafter - the ‘Law’).
3. Purposes and Legal Grounds for Processing Personal Data
3.1. The main purpose of processing personal data is the identification and verification of the User for concluding the contract and its performance, providing the Services and their enhancement, and fulfilling the legal obligation of the Company (compliance).
3.2. The legal ground for processing the vast majority of personal data is the necessity for the performance of a contract, compliance, in particular of legislation in the field of prevention of the legalization of proceeds of crime, financing of terrorist activities and financing of the proliferation of weapons of mass destruction for the sake of compliance by the Law of the Republic of Belarus No. 165-З “On measures to prevent the legalization of proceeds of crime, financing of terrorist activities and financing of the proliferation of weapons of mass destruction” dated 30.06.2014 (hereinafter referred to as “Law 165-З”). For non-residents of the Republic of Belarus, instead of the legal basis related to the legal obligation stipulated in the Policy or Annex to the Policy, the Company relies on its legitimate interests in processing personal data regarding the relevant processing. Please note, that without such data the Company in most cases will be not able to conclude or perform a contract.
3.3. With the User’s consent, the Company processes the User’s data regarding the identification (name, e-mail, phone number) to provide the User with information about promotions and offers by mailing advertising posts, materials, reminders, and advertising information. Such consent can be withdrawn, in which case the Company will not use this data for these purposes.
4. Cases When Consent to the Processing of Personal Data is not Required
4.1. Consent to the processing of personal data is not required in all cases. The User’s attention is drawn to the fact that according to Article 6 of the Law, the Company processes the User’s personal data without consent:
4.1.1. on the basis of a contract concluded (to be concluded) with the User in order to perform the actions established by this contract or to implement on the instructions of the User the steps preceding the conclusion of the contract;
4.1.2. when implementing the norms of legislation in the field of national security, combating corruption, preventing the legalization of proceeds of crime, financing terrorist activities and financing the proliferation of weapons of mass destruction;
4.1.3. in cases where the processing of personal data is necessary to comply with a Company’s legal obligations;
4.1.4. in cases where the Law and legislation directly stipulate the processing of personal data without the consent of the User.
4.2. The Company is allowed in accordance with Article 8 of the Law, due to the nature of its activities, to process special (sensitive) data without consent in cases stipulated by legislation on combating terrorism and countering extremism, on preventing the legalization of proceeds of crime, financing terrorist activities and financing the proliferation of weapons of mass destruction.
5. Categories of Processing Personal Data
5.1. The Company may collect information about the User, as well as natural persons who are representatives of legal entities. The list of data for each category of persons, as well as the purposes and legal grounds for their processing, are listed in the Appendix hereto.
5.2. The Company hereby clarifies the fact that it does not request Sensitive personal data from the User. Sensitive personal data may be provided by the User at his/her own initiative in the process of confirmation of any other facts. For example, the Company may request confirmation of the source of origin of the funds (such right is granted to the Company by law). The User at his/her own initiative may submit instead of a certificate of income a document containing the grounds for granting a health (disability, etc.) allowance. The Company asks the Users to be careful and not to provide sensitive personal data without reasonable justification.
6. User’s Rights
6.1. In addition to the rights stipulated by the Law, the User has, inter alia, the following rights:
6.1.1. the right to receive information concerning the processing of personal data;
6.1.2. the right to alteration personal data;
6.1.3. the right to rectification personal data;
6.1.4. he right to set restrictions on personal data processing;
6.1.5. the right to withdraw consent (if such consent was given);
6.1.6. he right to terminate the processing of personal data and/or to demand the erasure (destruction) of personal data processed by the Company. If the right to terminate the processing of personal data, as well as the right to erasure, cannot be exercised taking into account the mandatory data storage periods established by legislation, the Company can stop providing the Services to the User and continue processing personal data by storing this data within the time limits specified in the Appendix. This right is limited by mandatory information storage periods;
6.1.7. the right to receive information about the transfer of personal data to third parties;
6.1.8. the right to demand notification of third parties to whom personal data have been transferred by the Company about the facts of correcting errors (inaccuracies) therein and the fact of their erasure.
6.1.9. the right to object to processing of personal data;
6.1.10. the right not to be subjected to the action of a decision based solely on automated processing of personal data;
6.1.11. the right to lodge a complaint with a data protection supervisory authority for unresolved complaints.
6.1.12. the right to receive transparent information about the procedure for exercising the above-mentioned rights.
6.2. The above-mentioned rights shall be exercised following the requirements of the Law, hence the request of a User located in the territory of the Republic of Belarus must contain:
6.2.1. surname, given name, patronymic (if any) of the User, the address of his residence (place of stay);
6.2.2. the User’s date of birth;
6.2.3. the User’s identification number, in the absence of such a number – the number of the identity document, in case such information was indicated by the User when giving his consent to the Company, or personal data are processed without the User’s consent;
6.2.4. the essence of the requests;
6.2.5. personal signature or an electronic digital signature.
6.3. The Company responds to the User’s request in the same format as the request, unless otherwise stipulated by the request.
6.4. Considering the fact that the User’s data are subject to verification, in order to simplify the exercise of the above-mentioned rights the User’s request can also be sent via e-mail to the address privacy@free2ex.com, without a personal signature.
6.5. If inaccuracies in personal data are found, the User can independently update it through any method allowed by the Agreement
6.6. Users can withdraw consent to data processing anytime, in the same form as it was initially given (for example, by using a checkbox). However, the fact that the User's consent has been withdrawn does not affect the legality of the processing that occurred prior to the withdrawal of such consent.
6.7. The User’s right of access to personal data, including obtaining information concerning the processing of personal data or the transfer of data to third parties, may be restricted in accordance with the legislation of the Republic of Belarus: Law 165-З, etc.
7. Special Remarks Regarding the Period of Processing Personal Data
7.1. The Company hereby draws the User’s attention to the fact that the Company is a resident of the High Technologies Park of the Republic of Belarus (hereinafter referred to as the “HTP”) and is guided by mandatory requirements established by the HTP, including with regard to obligatory storage of information. The Company also follows the legal provisions of the Republic of Belarus setting mandatory requirements for the storage period.
Thus, according to the Rules for the activities of the cryptoplatform operator, (https://www.park.by), the Company shall:
7.1.1. store the data of audio recordings (video recordings) and all correspondence with Users for at least 5 years from the date of performance (creation) of such sound recordings (video recordings) and correspondence;
7.1.2. store information about each fact of violation of the legislation and/or HTP rules detected by the Company (including confirming that such a fact took place) for 5 years from the date of detection of this fact;
7.1.3. ensure the storage of documents and other materials received in the course of assessment of the level of knowledge (competence) of the User for at least 5 years from the date of receipt of such documents and other materials.
7.2. Pursuant to the Rules for the provision of services related to the creation and placement of digital signs (tokens), and the implementation of transactions for the creation and placement of its own digital signs (tokens) (https://www.park.by), the Company shall:
7.2.1. ensure the storage of confirmation of the fact of receiving an assurance that the User has the status of a qualified investor (as well as the results of verification of this assurance, if applicable) for at least 5 years from the date of its receipt.
7.2.2. store documents and information about the sale of tokens to the first owners (including correspondence, contracts), keep a record of these owners and the number of tokens transferred to them (including ensuring reliable backup of these data) for at least 5 years from the date of the sale of tokens.
7.3. According to the Regulation on the requirements for the rules of internal control of residents of the Hi-Tech Park, the Company shall:
7.3.1. make digital recordings of the web-ID procedure and store the specified video recording for 5 years from the date of termination of the relevant contracts concluded by HTP residents with Users.
7.3.2. store User’s identification data, information about the sources of origin of the User funds in hard copy and/or in electronic form in a place that excludes access by unauthorised persons for 5 years from the date of termination of the contracts concluded with them by HTP residents.
7.4. In addition, the legislation of the Republic of Belarus has established mandatory storage periods for documents generated in the course of the Company’s activity. As a general rule, for the Company’s documents, such a period is at least 3 years (and often even 5 years) after the tax authorities have inspected compliance with tax legislation, and should the tax authorities fail to inspect compliance with tax legislation – within 10 years from the date of financial transactions or the expiration of the relevant contract.
7.5. The period for processing personal data received during the User registration to mail promotional materials is 1 year after the closure of the User’s account, and if the withdrawal of consent is received, the Company shall stop processing personal data for these purposes within 15 days.
7.6. If the User submits a request to terminate the processing of personal data, the Company does not process the relevant personal data in any other way that differs from their storage during the storage period. However, storage will be carried out within the time limits established by the Company, justified by the requirements of the legislation.
7.7. At the end of the specified period, information about the User’s personal data shall be erased or anonymized in order to make it no longer possible to attribute the personal data to a specific data subject.
7.8. The User can review the terms of processing and storage of a particular type of personal data in the Appendix hereto.
8. Recipients of Personal Data
8.1. The Company notifies that it may disclose and transfer the User’s personal data:
8.1.1. for the implementation of court decisions and other writs of execution, at the request of law enforcement agencies or other state bodies, if the request for this information is sent within the framework of court proceedings, as well as in other cases stipulated by the legislation;
8.1.2. to third parties in the process of using the Company’s Services, in the way of participating in promotional events or loyalty programs, entities with whom the Company has concluded advertising and marketing services contracts.
8.1.3. to agents, partners of the Company (hereinafter referred to as the Partners) when the User independently uses third party services (applications, programs, etc.) offered by the Partner, whose service is integrated with the Company's Services for the purpose of simultaneous use of the Company's Services through such third party services. For example, if the User uses a mobile application owned by the Partner, the Company and the Partner may exchange personal data of the clients to the extent necessary to provide service to the client and follow the client's instructions.
8.2. The Company may authorise the Partner to collect and process personal data of Users for the purposes of:
8.2.1. to improve Services regarding technical support to the extent that the User specifies when contacting the Company.
The legal ground for such processing is the Company's legitimate interest and the performance of a contract with the User;
8.2.2. expanding and enhancing the Company's Services, ensuring the operation of functionality for the fulfilment of the Company's and User's contract. For example, if the Company does not provide the Partner with access to the information for drafting an invoice for account replenishment, it will be impossible to replenish the account via the Partner's application. In other words, the User will simply not be able to use the Company's Services through the Partner's services, which he/she has chosen himself/herself.
Such data are not stored by the Partner: the Partner can have access to data at the moment of choosing one or another option by the User. The legal ground for processing personal data of the User is the Company's contract with the User;
8.3. to banks in order to carry out identification and verification procedures (to authorise the bank to collect and process personal data to the extent required for identification and verification and transfer them to the Company). The bank may engage third parties for data collection. The legal ground for such processing is Law 165-З;
8.4. to other third parties in cases expressly provided for by the current legislation.
8.5. The Company may establish the terms of programs and promotions, according to which Users may be engaged by Partners. In this case, the Company processes the pseudonymized User’s data. For example, to calculate prizes and gifts, and accrual of remuneration to Partners. The Partner can have access to pseudonymized information about the time and scope of transactions of engaged Users. Therefore, this information as a general rule cannot be deemed as personal data, unless the User is the sole engaged person and such information can identify the User.
9. Marketing Communications
9.1. With the User’s consent, the Company has the right to send marketing communications regarding new products and services, special offers and various events in order to inform the User about promotions and offers by providing advertising information. The Company may use third party services for marketing communications, subject to the appropriate level of personal data protection.
9.2. The User can always refuse to receive such communications by sending a message to the Company to the e-mail address privacy@free2ex.com with a mark “Opt-out of notifications” or “Opt-out of newsletters”.
9.3. The Company reserves the right to send certain types of information messages to Users, despite their refusal to receive notifications in cases where sending such a notice serves the interests of the Users (technical mailing) or is mandatory by law.
10. Cookies
10.1. For the convenience of Users and for ensuring greater transparency, the FREE2EX team has prepared this Cookies Policy.
10.2. What are cookies?
A cookie (pl. cookies) is a small text file that a Website or Services save on your computer or on other device when you visit it. Cookies help the site remember your actions and preferences (such as login, language, and font size) over time.
The cookies are subdivided into the following types by purpose:
10.2.1.Technical (Necessary) – allow you to navigate the Website or Services and make full use of their features. They help to control security and ensure special features.
10.2.2.Functional/preferential (Customizing) – allow the Website or Services to adapt to the preferences of the visitor, to ensure an individual experience of using the Website or Services and are installed in response to user actions.
10.2.3.Analytical (Statistical)– necessary for statistical purposes, they help to improve the performance of the Website or Services and to make it more user-friendly. In particular, the Company uses the following tools that stipulate the use of analytical cookies: Google Analytics and Yandex.Metrica.
10.2.4.Advertising cookies (Marketing)– these cookies are used to display advertising on the Website or Services and on third-party resources. They track information about your online activity to select and show you relevant advertising based on your interests and preferences. Advertising cookies help personalize advertisements and measure their effectiveness.
10.2.5.Detailed information about cookie management settings in major browsers can be found at the links below:
10.2.5.1. Firefox: https://support.mozilla.org/ru/kb/udalenie-kukov-dlya-udaleniya-informacii-kotoruyu-
10.2.5.2. Chrome: https://support.google.com/chrome/answer/95647?hl=ru
10.2.5.3. Safari: https://support.apple.com/ru-ru/guide/safari/sfri11471/mac
10.2.5.4. Opera: https://help.opera.com/ru/latest/web-preferences/#Управление-файлами-cookie
10.2.5.5. Microsoft Edge: https://support.microsoft.com/ru-ru/microsoft-edge/удаление-файлов-cookie-в-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
10.2.5.6. Internet Explorer: https://support.microsoft.com/ru-ru/windows/удаление-файлов-cookie-и-управление-ими-168dab11-0753-043d-7c16-ede5947fc64d
10.3. By supplier сookies are broken down into the following types:
10.3.1. First-party
10.3.2. Third-party. Third-party – third-party files belong to another domain. As a general rule, this type of cookies is embedded in the pages of other companies’ websites, for example, in the form of an advertising unit. The creator of the cookie file can collect and receive data about visitors.
10.4. By the storage period, cookies are divided into:
10.4.1. Permanent – stored for a certain period of time, which is determined by the parameters of each file, or until they are manually erased. Permanent cookies make it possible for the websites or Services to remember users’ personal information the next time they visit the site. The Company stores information from permanent cookies for 5 years, while information from cookies used by our partners’ services may have a different storage period.
10.4.2. Session (temporary) – can exist only during the period of time when the user is on the Website or in the Services. For example, they allow the system to remember the selected language. Session cookies are never stored for a long time and are erased when the browser is closed. After he closes the browser window (ends the session), the cookies are erased.
10.5. How to manage cookies
10.5.1. Cookies are stored on your device only if you consent to this, except in cases where cookies are required directly for the technical functioning of the website. However, it should be noted that if you do not give your consent to the use of cookies, some functions of the website or Services may not work properly or not work at all.
10.5.2. Cookies are used on the basis of the legitimate interest of the Company in order to ensure website or services functionality. If cookies are used to remember your choice or your statistical data, the ground for it is your consent, which is requested from the user at the first visit to the Website or the Services.
10.5.3. The User may accept all cookies or make a choice based on the description of the types of cookies.
Examples of cookies used:
- Asp.Net_SessionId, __RequestVerificationToken, AspNet.TwoFactorCookie,
.AspNet.ApplicationCookie – required for authorization;
- Accounts_Menu_Visibility – responsible for the menu status;
- AccordionSectionsItemsIds – saves the minimized state;
- CookiesNotice – consent to cookies.
- URlMarkers – markers;
- Agent – information about the agent;
10.5.4. Cookies are stored in the browser of your computer or other device, you can erase them from the browser history in whole or in part, and also configure most browsers in such a way as to prevent them from being saved. However, if you do this, you may have to manually adjust some of your preferences every time you visit the website or the services;
10.5.5. The User of the website using the F12 key or the fn+F12 key combination can open the developer toolbar in the browser. There one can find an Application tab, which, when opened, grants access to the Cookies section. In the above mentioned section the user can view the full list of cookies used on the website page opened by him at a given time. The section includes the names and the source (domain) of cookies, as well as their storage period. You can get acquainted with the cookies used in the control panel of your browser and configure the general rules for their use there.
10.5.6. Detailed information on managing cookies is available in English on the following websites: https://www.allaboutcookies.org/ and https://www.youronlinechoices.com/.
10.5.7. The Company uses automated technologies to obtain user consent to use various types of cookies. These technologies help determine consent and the form of use of cookies in various situations.
10.6. App Tracking Transparency for iOS Users
For iOS users, our App fully complies with Apple's App Tracking Transparency framework. We obtain explicit user consent before tracking or accessing any device identifiers for advertising purposes.
10.7. The Website or Services User is entitled to:
10.7.1. receive information about cookies on the Company’s website and in the Services;
10.7.2. updating cookies that are used on the Company’s website and in the Services;
10.7.3. erasion of information received from cookies and making it possible to identify the user’s identity;
10.7.4. withdrawal of consent to the use of cookies;
10.7.5. the right to submit a complaint to us and/or to the competent authority.
10.8. When visiting the Services for the first time, the User shall either give consent to the use of cookies by clicking the word «Allow selection» / «Allow all» or «Deny» the use of cookies (except Necessary ones). When visiting the Website, a Cookiebot is used to obtain the user's consent.
10.9. If a User refuses to provide personal data or disagrees with this Policy, the User must immediately stop using the Services.
11. Security of Processing
11.1. The Company establishes measures by which the Company itself and third parties maintain the highest standards of protection and ensure that processing complies with the requirements stipulated by legislation. These measures are ensured through the implementation of legal, organizational and technical measures necessary to fully comply with the requirements of legislation in the field of personal data protection. In addition, a set of measures aimed at prevention of risks for the security of Sensitive personal data is adopted.
11.2. In order to ensure the appropriate level of protection of personal data, the Company:
11.2.1. appoints a person responsible for the performance of internal control over the processing of personal data;
11.2.2. publishes and updates this Policy;
11.2.3. introduces the Company’s employees and/or other persons directly involved in the processing of personal data with the provisions of the legislation on personal data;
11.2.4. trains the above-mentioned employees and other persons in accordance with the procedure established by legislation;
11.2.5. establishes the procedure for access to personal data by segregation of roles and only need-to-know basis for the sake of excluding access unauthorized persons to the personal data.
11.2.6. carries out technical and cryptographic protection of personal data;
11.2.7. determines the list of foreign states on the territory of which an appropriate level of protection of the rights of personal data subjects is ensured.
11.3. All third parties to whom the Company provides the User’s personal data receive the minimum amount of such personal data that is reasonably required by them to provide services to the Company. Third parties shall treat the User’s data as strictly confidential and shall maintain a level of confidentiality with respect to such personal data not lower than that of the Company.
12. Profiling
12.1. In order to comply with the legislative requirements, before entering into a contract with a User and at the time of its performance, the Company uses special software that allows to both identify and verify the personality of the User, as well as to ensure that the contract conclusion and its performance does not violate the legislative requirements. The special software matches the User's identity with the document provided by the User for identification and also assesses the risks of the User carrying out illegal activities. If the software is not able to identify and/or verify the User or if the software detects a risk associated with the User, the Company will either refuse to conclude/perform the contract or report suspicious transactions to enforcement agencies, for example, the Financial Monitoring Department of the State Control Committee of the Republic of Belarus.
13. Cross-Border Transfer of Personal Data
13.1. The Company carries out cross-border transfer of personal data only to the territory of a foreign state, which ensures an appropriate and high level of protection of Users’ rights. The Company also continuously assess the risk related to cross-border transfers and adopts measures that supplement transfer tools to ensure an appropriate and high level of protection.
13.2. Cross-border data transfers that do not meet the above requirements may only occur in the following cases:
13.2.1. the Сompany has obtained the User's explicit consent to such transfer, and the User has been informed of the risks arising from the lack of an adequate level of personal data protection:
13.2.2. the personal data are collected on the basis of an agreement concluded (subject to conclusion) with the User in order to perform the actions established by this agreement;
13.2.3. the personal data are collected by a third party by sending a request in the cases and in the manner stipulated by the legislation;
13.2.4. when it is necessary to protect the life, health or other vital interests of the User or other persons if obtaining the consent of users is impossible;
13.2.5. processing personal data within the framework of the performance of international treaties of the Republic of Belarus;
13.2.6. obtaining the permission of the data protection authority of the Republic of Belarus;
13.2.7. the personal data regarding to European Union Users are transferred under standard contract clauses. You can request a copy of them by sending the request to privacy@free2ex.com.
13.3. Like other companies, the Company uses the services of third party service providers, which, among other things, help process personal data on the basis of the relevant contract with them. In particular, the Company attracts suppliers of third-party cookies specified in Section 10.
13.4. The cross-border transfer of personal data is carried out by the Company in order to execute and maintain contractual relations, improvements of the Services and for the purpose of identification and verification to the following entities:
|
List of companies to which customer data is transferred |
Location |
Purpose of data transfer |
The legal ground of data transfer |
|
Organization in charge of mailing text messages |
Russian Federation |
phone number verification, password recovery |
rules for the performance of the activities of the cryptoplatform operator |
|
Organization ensuring the KYC procedure |
Great Britain |
software verification of information about clients and their beneficial owners |
legal obligation of the Company and (or) legitimate interest of the Company |
|
Yandex LLC |
in the Russian Federation and/or in the EEA |
analytics of visits, sessions, duration (collected through Yandex.Metrica) |
the User’s consent and (or) legitimate interest of the Company in improving the performance of the Website |
|
Google[1], Google Ireland Limited |
Ireland |
use of analytical data of visits, sessions, duration (collected through Google Analytics) |
User’s consent and some cases legitimate interest of the Company in improving the performance of the Website |
|
Organization for the provision of Zoho services |
Great Britain |
technical support |
concluding or performance of the contract with the User |
|
Partner companies (owners of the mobile application, and other third-party services selected by the User) |
Russian Federation |
technical support |
concluding or performance of the contract with the User |
|
Partner companies (owners of the mobile application, and other third-party services selected by the User) |
Russian Federation |
transfer of information (access to information) within integrated services through the extension of services and simplification of operations: - the current balance of the specified assets, - the information specified in the invoice (user's full name, transaction amount, user ID), - the User’s crypto address in FREE2EX, - current transaction limits, -clarification of the transaction status generated by the User (invoice, exchange, withdrawal), - the User 's ID in FREE2EX; - exchange specified pairs, - asset withdrawal followed by the User 's confirmation via 2FA.
|
concluding or performance of the contract with the User |
|
Banks under partnership programs |
Russian Federation |
Identification and verification |
legal obligation of the Company and in some cases legitimate interest of the Company |
13.5. Employees of the Company may have access to data on the Users in the course of the performance of their employment duties.
13.6. The owners of the host server or Partners of the Company in the field of creation and placement of content on the Website have access to technical records on the Website’s host server.
13.6.1. Yandex.Metrica. Detailed information about the Yandex.Metrica service is available at: https://yandex.ru/support/metrika/.
13.6.2. Google Analytics. Detailed information about the Google Analytics service is available at: https://analytics.google.com/analytics/web/provision/#/provision.
13.7. The cross-border transfer of personal data can also be carried out based on the relevant court decision or legal requirement, as part of the Service provision.
13.8. The Company does not process personal data for the purpose of their subsequent sale.
14. Final Provisions
14.1. The User can receive any clarifications regarding the processing of personal data by contacting the Company via e-mail: privacy@free2ex.com.
Appendix to the Policy
PURPOSES, CATEGORIES, LEGAL GROUNDS AND STORAGE PERIOD OF
PROCESSED PERSONAL DATA
|
Category of subjects whose personal data are processed: Users as a natural person |
|||
|
Purpose |
Categories |
Legal ground |
Storage period |
|
Website Users |
|||
|
User registration |
|
concluding an agreement for participation in token trading (hereinafter referred to as the “Agreement”) |
3 years after the expiration of the Agreement, upon performance by the tax authorities of an audit of compliance with tax legislation. If the tax authorities haven’t checked compliance with tax legislation – 10 years after agreement expiration (clause 70 of the List approved by the Resolution of the Ministry of Justice of the Republic of Belarus No. 140 dated 24.05.2012 (hereinafter referred to as the List). |
|
initial Identification stage during User registration |
name, e-mail, phone number, - IP address, - information from header User-Agent, - country of residence (determined based on the specified details IP address or phone code) |
Law 165-З, Rules for the implementation of the activities of the cryptoplatform operator |
5 years after termination of the Agreement; if the tax authorities haven’t checked compliance with tax legislation – 10 years from the date of financial transactions (clause 459 of the List, clauses 461, 462) |
|
Providing the User with information about promotions and offers by means of mailing promotional materials, providing advertising information |
name, e-mail, phone number |
the User’s consent |
for the period of validity of contractual relations and 1 year after the closure of the User’s account. If a withdrawal of consent has been received – within 15 days from the date of withdrawal |
|
The procedure of complete User identification and verification, admission to trading. Re-identification and re-verification of the User |
surname, patronymic (if any), date of birth, location address, other contact details, except for those indicated during registration, citizenship, - sex, - place of birth, - data on registration at the place of residence and/or place of stay, - date of issue of the passport or other identity document, - identification number and other particulars of the identity document and/or other document on the basis of which identification is performed, - previous surnames (when registering birth, marriage(s), etc.), - other data obtained as a result of verification of personal data and contact details based on the submitted documents), digital portrait photograph,
- test results (blockchain technology)
- video recordings obtained in the course of the WebID procedure; - images obtained as part of liveness check procedure, - audio recordings of a conversation with the User. |
Law 165-З, Regulation on requirements to the rules of internal control of residents of the Hi-Tech Park |
5 years after termination of the Agreement; if the tax authorities haven’t checked compliance with tax legislation – 10 years from the date of financial transactions (clause 459 of the List, clauses 461, 462) |
|
Wallet replenishment, Making transactions |
- information about payment instruments utilized by the user for depositing/withdrawing funds (current (settlement) bank account, electronic wallet, address (identifier) of the virtual wallet); - information about all operations performed by the User; - information about the sources of the user’s funds; - information about financial transactions of Users, about participants of financial transactions |
Law 165-З |
From the date of financial transactions; subject to destruction upon the expiry of 5 years after the tax authorities have checked compliance with tax legislation. If the tax authorities haven’t checked compliance with tax legislation – 10 years from the date of financial transactions (clause 460 of the List) |
|
Enhanced AML/CFT control measures |
- web ID procedure data, photo or video image, audio recordings of a conversation, selfies, - IP address used by the User; - payer’s identification number (if any); - place of employment, position, office phone number (if available); - website address on the Internet; - data on representatives, persons who are able to directly and/or indirectly (through other persons) determine (influence) the decision-making of an individual, about persons, whose decision-making is influenced by an individual; - information about the composition of the family, namely the full name and date of birth of the spouse, father, mother, adult children, expressly specified in the documents provided by the User,
- information about income and other information confirming income, the size of property, the amount of debt and creditors; - information about transactions to be made, or the fact of the acquisition/sale of property and the circumstances that can confirm the ownership of the property and the legitimacy of its origin; - information about financial standing; - information about reputation (references, reviews, etc.). - other information, including special personal data which are related to some factual circumstances, but can be provided by the User at his initiative when confirming other facts (for example, certificates of benefits confirming the source of funds, containing the basis for assigning benefits for health reasons, etc.).
|
Law 165-З |
5 years after termination of the Agreement; if the tax authorities haven’t checked compliance with tax legislation – 10 years from the date of financial transactions (clauses 459, 461, 462) |
|
Confirmation of the status of a qualified investor, admission to trading in borrowed tokens, opening of gross, net accounts |
- information about income and other information confirming income, the size of property, the amount of debt and creditors; - about work experience; - about skills, including experience intransactions, including with securities and/or derivative financial instruments, transactions with non-deliverable over-the-counter financial instruments; - about education, certification or professional development. |
Rules for the provision of services related to the creation and placement of digital signs (tokens), and the implementation of operations for the creation and placement of their own digital signs (tokens) |
5 years from the date of receipt of the representation or confirmation of such representation, if the tax authorities haven’t checked compliance with tax legislation – 10 years from the date of financial transactions (Rules for the provision of services related to the creation and placement of digital signs (tokens), and the implementation of operations for the creation and placement of their own digital signs (tokens) (clause 461 of the List) |
|
Fulfillment by the Company of the conditions of loyalty programs and promotions (referral programs, etc.)
|
- data on participation in other promotions and campaigns organized by the Company; - Referral code; - Data on referral links, connections, and click-throughs; - the number of points, the amount of cashbacks (accrued tokens, other interest); - the number of referrals involved |
User’s consent |
- 10 years from the date of closing the User’s account; - 5 years from the date of closing the U's account when checking the Company's compliance with tax legislation after closing the account or – 3 years from the date of such inspection – in this case, the longest storage period is applied (clause 460 of the List) |
|
Technical support of the User |
- audio recording of a conversation with the User; - contact details; - other data indicated in the User’s personal Account; - correspondence between the User and the Company |
clause 26 of the Regulations on the requirements to be met by individual applicants in order to be registered as residents of the Hi-Tech Park; |
5 years from the date of creation (occurrence) of such audio recordings (videos) and correspondence (Rules for the carrying out of the activities of the cryptoplatform operator), and correspondence containing the grounds for financial transactions – 5 years from the date of payment, but in any case within 3 years after the tax authorities have inspected compliance with tax legislation. If the tax authorities haven’t checked compliance with tax legislation – 10 years from the date of financial transactions (clause 461 of the List) |
|
Storage of materials about ongoing promotional games |
− full name; − date of birth; − contact details; − e-wallet number |
Processing of personal data in cases where the processing of personal data is necessary to perform the obligations (powers) stipulated by legal acts (clause 20 of Article 6 of the Law), clause g of the Regulations on promotional games in the Republic of Belarus, approved by Decree of the President of the Republic of Belarus No. 51 “On promotional games in the Republic of Belarus” dated 30 January 2003 |
3 years from the date of the end of the promotional game (clause 15 of the Regulations on promotional games in the Republic of Belarus, approved by Decree of the President of the Republic of Belarus No. 51 “On promotional games in the Republic of Belarus” dated 30 January 2003). If the information is related to financial transactions (payments, gifts, etc.) – 5 years from the date of payment, but in any case within 3 years after the tax authorities have inspected compliance with tax legislation. If the tax authorities haven’t checked compliance with tax legislation – 10 years from the date of financial transactions (clause 461 of the List) |
|
Category of subjects whose personal data are processed: persons managing companies – Users as representatives of legal entitles who is using Company’s Services, beneficiaries and representatives of Users of Free2ex Services |
|||
|
Registrations, AML/KYC procedure |
surname, first name, patronymic (if any), date of birth, passport details, information about citizenship, place of permanent stay (residence), - other personal data specified in the passport (other identity document),
for representatives – also the information specified in the powers of attorney granted to them. |
Law 165-З, Regulation on requirements to the rules of internal control of residents of the Hi-Tech Park and consent in some cases. For example, when Company processes of personal data concerning a third-party whose data was not provided by a representative of a legal entity. |
5 years after termination of the Agreement; if the tax authorities haven’t checked compliance with tax legislation – 10 years from the date of financial transactions (clause 459 of the List, clauses 461, 462) |
|
Category of subjects whose personal data are processed: Applicants, both Users of the Services and other persons who intend to use the Company’s Services |
|||
|
Consideration of comments and suggestions made in the customer comment book, preparation and sending a response to the applicant’s comment and/or proposal |
− surname, name, patronymic; − place of residence (place of stay) address; − phone number; − other information included in the application by the applicant. |
processing of personal data in cases when the processing of personal data is necessary to perform the obligations (powers) stipulated by regulatory acts (clause 20 of Article 6 of the Law), Article 9, Article 28 of the Law of the Republic of Belarus No. 300-З “On appeals of citizens and legal entities” dated 18.07.2011 (hereinafter referred to as “Law 300-З”) |
5 years from the date of the last application; 5 years after the end of maintaining the customer comment book (clauses 89, 91 of the List) |
|
Consideration of a written (other than a comment or suggestion made in the customer comment book) or an electronic application of an individual, except for appeals sent within the framework of “Technical support” |
− surname, first name, patronymic (in full or initials) − place of residence (place of stay) address; − personal signature – when the applicant submits a written application; − other information included in the application by the applicant; − e-mail address – in case the applicant submits an electronic appeal; − the information contained in the documents confirming the powers of the representative - if an application is submitted by the applicant’s representative |
processing of personal data in cases when the processing of personal data is necessary to perform the obligations (powers) stipulated by regulatory acts (clause 20 of Article 6 of the Law), Article 9, Article 28 of Law No. 300-З |
5 years from the date of the last application. Proposals to improve the Company’s activities – 10 years from the EPC [2] (clause 85 of the List) |
|
Consideration of a written (other than a comment or suggestion made in the customer comment book) or an electronic application of an individual, filing such application on behalf of a legal entity |
− surname, first name, patronymic (in full or initials of the chief executive office or a person authorized in accordance with the established procedure to sign applications); − personal signature of the chief executive office or a person authorized in accordance with the established procedure to sign applications – if the applicant submits a written application; − other information included in the application by the applicant; − e-mail address – in case the applicant submits an electronic appeal; − the information contained in the documents confirming the powers of the representative – if an application is submitted by the applicant’s representative |
processing of personal data in cases when the processing of personal data is necessary to perform the obligations (powers) stipulated by regulatory acts (clause 20 of Article 6 of the Law), Article 9, Article 28 of Law No. 300-З |
5 years from the date of the last application. Proposals to improve the Company’s activities – 10 years from the EPC (clause 85 of the List) |
[1] An affiliate is a company which forms part of the Google Group. Apart from Google Ireland Limited, the following organizations providing consumer services in the EU belong to this category: Google Commerce Ltd, Google Payment Corp. и Google Dialer Inc. Learn more about Google companies that are service providers for commercial organizations in the EU… (Source: https://policies.google.com/privacy?hl=ru#infosharing)
[2] RP – a review panel specified in the List with respect to the storage periods of specific types of documents, which means that the storage period of such documents after the examination of their value can be extended