Privacy Policy

 

If a user refuses to provide his/her personal data or disagrees with the policy, s(he) shall immediately cease the use of the Company’s Services.

Publication date: 10.05.2024, approved by Order No. 19-o of the Director dated 10.05.2024 with the amendments approved by Order No. 36-o of the Director dated 31.07.2024.

Current version is available at: https://www.free2ex.ru/

 

1. General Provisions

This privacy policy (hereinafter referred to as the “Policy”) applies to all and any information, including personal data about Company’s users and clients which may be collected, received and processed by Limited Liability Company Pixel Internet, legal address: 4b Amuratorskaya street, premise 22, office 17, Minsk, Republic of Belarus, 220004 (hereinafter referred to as the “Company” and/or “Processor”) in the course of use by the users of the Company’s Facilities and Services, including in the process of performance by the Company of contracts concluded with the user and/or the client.

This Policy has been drawn up in accordance with the Law of the Republic of Belarus “On Personal Data Protection” (hereinafter referred to as the “Law”), legislation of the Republic of Belarus, acts of the High Technologies Park, local regulatory acts of the Company.

The Company applies measures aimed at protection of information in accordance with the legislation of the Republic of Belarus on information protection with due regard for the best international practices in this field.

 

2. Basic Terms Used in the Policy

·            Services (Applications): software products, systems or information assets used by FREE2EX. It can be a mobile application and a Web version of the FREE2EX Trading system, a Telegram bot, and Win services. When the ability to enter data, perform any functions in such programs and applications is limited, the Web version is the main channel of interaction with FREE2EX.

·            Third-party service: refers to advertisers, contest sponsors, advertising and marketing partners, to agents, partners and other persons who provide our content or whose products or services, in our opinion, may be of interest to the user.

·            Website shall mean any website addresses used by the Company as a cryptoplatform operator, including the website https://www.free2ex.com/, https://www.free2ex.ru/, Trading Platform website https://live.free2ex.com/, Personal Account website(s): https://my.free2ex.com/ru/Login/, allowing the User to use the Web version of the Personal Account.    

·            User: an individual, i.e. any visitor of the Website, a user of FREE2EX Services, using the Services, the Company’s Website in order to get acquainted with the services both before establishing a relationship of participation in token trading, including the demo version, and after establishing such a relationship for using the Company’s services. The User is not necessarily a Client of the Company.

Personal data processing shall mean any action (operation) or combination of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, revision (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;

Personal data shall mean any information related to an identified individual or an individual who can be identified;

The legislation singles out sensitive personal data. Sensitive personal data shall mean personal data relating to race or nationality, political views, membership in trade unions, religious or other (philosophical) beliefs, health or sexual life, including sexual orientation, administrative or criminal liability, as well as biometric and genetic personal data.

The Company hereby clarifies the fact that it does not request sensitive personal data from the User. Sensitive personal data may be provided by the User at his/her own initiative in the process of confirmation of any other facts. For example, the Company may request confirmation of the source of origin of the funds (such right is granted to the Company by law). The User at his/her own initiative may submit instead of a certificate of income a document containing the grounds for granting a health (disability, etc.) allowance. The Company asks the users to be careful and not to provide sensitive personal data for no probable cause.

Trans-border transfer of personal data shall mean the transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity;

Deletion of personal data shall mean actions as a result of which it becomes impossible to restore personal data in information resources (systems) containing personal data, and/or as a result of which the material carriers of personal data are destroyed;

Authorized person shall mean a state body, a legal entity of the Republic of Belarus, any other organization, an individual who, in accordance with a regulatory act or on the basis of an agreement with the Company, process personal data on behalf of the Company or in its interests.

Other terms in this Policy may be used in the meanings assigned to them in the Law.

 

3. Principles

The handling of users’ personal data is carried out in accordance with the following principles

- the principle of legality;

- the principle of transparency of handling;

- the principle of limiting the purposes of handling;

- the principle of minimizing personal data;

- the principle of accuracy of personal data;

- the principle of limiting the storage period of personal data;

- the principle of integrity and confidentiality.

 

4. Types of Personal Data Processed by the Company

For the purposes of this Policy, all of the below listed items are combined in a common concept Personal Data.

The Company processes personal data identifying the user (client), as well as information related to the user (client).

The Company may collect information about the user (client), as well as about individuals who manage companies and representatives of companies. The list of data for each category of persons, as well as the purposes and grounds for their processing are listed in the Appendix hereto.

Such personal data are requested due to the special regulation of the Company’s activities, in particular, by the Law of the Republic of Belarus No. 165-З “On measures to prevent the legalization of proceeds of crime, financing of terrorist activities and financing of the proliferation of weapons of mass destruction” dated 30.06.2014 (hereinafter referred to as “Law 165-З”).

The Policy provides for the regulation of data processing of Users using the Services and the Company’s Website.

 

5. User’s Rights

In addition to the rights stipulated by the legislation of the Republic of Belarus in the field of handling personal data, the User, when using the Trading System, has, inter alia, the following rights:

- the right to establish restrictions on personal data handling;

- the right to receive information concerning processing of personal data and to change personal data;

- the right to receive personal data available to the Company in a structured manner in the form of a typewritten text;

- the right to require the Company to correct errors (inaccuracies) in personal data;

- the right to withdraw consent (if such consent was given)[1];

- the right to demand the termination of the processing of personal data and/or to demand the deletion (destruction) of personal data available to the Company in cases and in the manner stipulated by the current legislation of the Republic of Belarus. If the right to terminate the processing of personal data, as well as the right to delete an Account cannot be exercised taking into account the mandatory information storage periods established by legislation, the Company has the right to implement the Account closure procedure and continue processing personal data by storing them within the time limits specified in the Appendix. This right is limited by mandatory information storage periods;

- the right to receive information about the provision of personal data to third parties;

- the right to receive information about authorized persons if personal data will be processed by such persons;

- the right to demand notification of third parties to whom personal data have been transferred by the Company about the facts of correcting errors (inaccuracies) therein and the fact of their deletion;

- the right to object to handling personal data, the right to appeal against the actions/omissions of the Company;

- the right not to be subjected to the action of a decision made only on the basis of automated handling of personal data;

- the right to receive transparent information about the procedure for exercising the above mentioned rights.

The user shall be entitled to exercise the above mentioned rights, including withdrawal of his/her consent to the processing of personal data, throughout the validity period of such consent, taking into account the storage period of personal data.

The above mentioned rights shall be exercised by the user in writing by sending a message with the relevant request to the Company’s e-mail address: privacy@free2ex.com or in the form of an electronic document.

A message containing user’s application for the purpose of exercising his rights shall contain:

- surname, given name, patronymic (if any) of the user, the address of his place of residence (place of stay);

- user’s date of birth;

- user’s identification number, in the absence of such a number – the number of the identity document, in case such information was indicated by the user when giving his consent to the Company, or personal data are processed without the user’s consent;

- statement of the essence of user’s requirements;

- personal signature or an electronic digital signature.

The response to the application shall be sent to the user in the manner corresponding to the application form, unless otherwise stipulated by the application.

Taking into account the fact that the Client’s data are subject to verification, in order to simplify interaction in the exercise of such rights as:

receipt of information concerning personal data processing;

receipt of information about the provision of personal data to third parties;

the requirement to cease personal data processing and/or to delete information;

clarification of data, with the attachment of supporting documents;

withdrawal of consent;

- the application can be sent by the Client to the Company via e-mail to the address privacy@free2ex.com in the form of a text message, without a personal signature.

Apart from that, in case inaccuracies in personal data are identified, the Client can update them independently in any other way permitted by the Agreement for participation in token trading.

Withdrawal of the Client’s/User’s consent can also be submitted in the form in which such consent was obtained (check-box).

The User can withdraw his/her consent to the processing of personal data at any time.

The user’s right of access to personal data, including obtaining information concerning the processing of his/her personal data or the transfer of data to third parties, may be restricted in accordance with the legislation of the Republic of Belarus: Law 165-З, etc.

If the user exercises his/her right to demand withdrawal of his/her consent to the processing of personal data or the right to delete personal data available to the Company in the cases and in the manner stipulated by the current legislation of the Republic of Belarus, the user stops using the Trading System, the Company’s Services, and in some cases – the Website.

 

6. Informing the User of the Period of Personal Data Processing

The Company hereby draws the User’s attention to the fact that it is a resident of the High Technologies Park of the Republic of Belarus (hereinafter referred to as the “HTP”) and is guided by mandatory requirements established by the HTP, including with regard to obligatory storage of information. The Company also follows the legal provisions of the Republic of Belarus setting mandatory requirements to the storage period.

Thus, according to the Rules for the activities of the cryptoplatform operator, (https://www.park.by), the Company shall:

- store the data of audio recordings (video recordings) and all correspondence with clients for at least 5 years from the date of performance (creation) of such sound recordings (video recordings) and correspondence;

- store information about each fact of violation of the legislation and/or HTP rules detected by the cryptoplatform operator (including confirming that such a fact took place) for 5 years from the date of detection of this fact;

- ensure the storage of documents and other materials received in the course of assessment of the level of knowledge (competence) stipulated by parts one and two of this clause for at least 5 years from the date of receipt of such documents and other materials.

Pursuant to the Rules for the provision of services related to the creation and placement of digital signs (tokens), and the implementation of transactions for the creation and placement of own digital signs (tokens) (https://www.park.by ), the ICO Organizer shall:

- ensure the storage of confirmation of the fact of receiving an assurance that clients have the status of a qualified investor (as well as the results of verification of this assurance, if applicable) for at least 5 years from the date of its receipt.

- store documents and information about the sale of tokens to the first owners (including correspondence, contracts), keep a record of these owners and the number of tokens transferred to them (including ensuring reliable backup of these data) for at least 5 years from the date of the sale of tokens.

According to the Regulation on the requirements to the rules of internal control of residents of the Hi-Tech Park, HTP residents shall:

-  make digital recordings of the web-ID procedure and store the specified video recording for 5 years from the date of termination of the relevant contracts concluded by HTP residents with clients.

- store customer identification data, information about the sources of origin of customer funds in hard copy and/or in electronic form in a place that excludes access by unauthorized persons for 5 years from the date of termination of the contracts concluded with them by HTP residents.

In addition, the legislation of the Republic of Belarus has established mandatory storage periods for documents generated in the course of activity. As a general rule, for the Company’s documents, such a period is at least 3 years (and often even 5 years) after the tax authorities have inspected compliance with tax legislation, and should the tax authorities fail to inspect compliance with tax legislation – within 10 years from the date of financial transactions or the expiration of the relevant contract.

The period for processing personal data received during user registration for the purposes of mailing of promotional materials is 1 year after the closure of the client’s account, and if the withdrawal of consent is received, the Company shall stop processing personal data for these purposes within 15 days.

If the user submits an application to terminate the processing of personal data, the Company undertakes not to process the relevant personal data in any other way that differs from their storage during the storage period. However, storage will be carried out within the time limits established by the Company, justified by the requirements of the legislation.

At the end of the specified period, information about the user’s personal data is subject to deletion or may be depersonalized in order to achieve anonymity of such information by hiding signs of personal nature from this information.

The User can review the terms of processing and storage of a particular type of personal data in the Appendix hereto.

 

7. Cases When Consent to the Processing of Personal Data is not Required

Consent to the processing of personal data is not required in all cases.

The Company shall not request consent when it is not required.

The user’s attention is drawn to the fact that according to Article 6 of the Law, the Company processes the user’s personal data without his consent:

-  on the basis of an agreement concluded (to be concluded) with the user in order to perform the actions established by this agreement or to implement on the instructions of the user the steps preceding the conclusion of the agreement;

- when implementing the norms of legislation in the field of national security, on combating corruption, on preventing the legalization of proceeds of crime, financing terrorist activities and financing the proliferation of weapons of mass destruction;

- in cases where the processing of personal data is necessary to fulfil the duties (powers) provided for by regulatory acts;

- in cases where this Law and other regulatory acts directly stipulate the processing of personal data without the consent of the personal data subject.

The Company is allowed in accordance with Article 8 of the Law, due to the specifics of its activities, to process special (sensitive) data without consent:

“in cases stipulated by ... legislation ... on combating terrorism and countering extremism, on preventing the legalization of proceeds of crime, financing terrorist activities and financing the proliferation of weapons of mass destruction …”.

 

8. Actions of the Company to Transfer Data to Third Parties

The Company hereby notifies that it may disclose, transfer the user’s personal data (or access to personal data):

-  for the implementation of court decisions and other writs of execution, at the request of law enforcement agencies or other state bodies, if the request for this information is sent within the framework of court proceedings, as well as in other cases stipulated by the legislation;

- to third parties in the process of using the Company’s Website, Services, as well as other services of the Company, in the process of participating in promotional events or loyalty programs, persons with whom the Company has concluded advertising and marketing services contracts, as well as persons participating in the same advertising events along with the subject of personal data, when this transfer is due to the functioning of the loyalty program.

- agents, partners of the Company (hereinafter referred to as the Partner) when the user independently uses Third Party Services (applications, programs, etc.) offered by the Partner, whose service is integrated with the Company's Services for the purpose of simultaneous use of the Company's Services through such Third Party Services. For example, if the user uses a mobile application owned by the Partner, the Company and the Partner may exchange personal data of the clients to the extent necessary to serve the client and fulfill the client's instructions.

The Company may entrust the Partner to collect and process personal data of users for the purposes of:

A) to improve service on technical support issues to the extent that the user (client) specifies when contacting the Company.

The ground for processing is the Company's contract with the user and the Company's obligations to provide quality service and technical support;

B) diversification of the line of services and expansion of the Company's Services, ensuring the operation of functionality for the fulfillment of the Company's and user's Agreement. For example, if the Company does not provide the Partner with access to the information for drafting an invoice for account replenishment, it will be impossible to replenish the account via the Partner's application. In other words, the client will simply not be able to use the Company's functionality through the Partner's application, which he/she has chosen himself/herself.

Such data are not stored by the Partner - the Partner sees them at the moment of choosing one or another option by the client. The gound for processing personal data of clients will be the Company's agreement with the user;

- to banks in order to carry out identification and verification procedures (to entrust the bank to collect and process personal data to the extent required for identification and verification and transfer them to the Company). The bank may engage sub-agents for data collection. The basis for such processing will be Law 165-З;

- to other persons and in cases expressly provided for by the current legislation.

The Company conducts occasional promotional events, organizes loyalty programs, referral programs, and other promotions. There are also partnership programs.

The Company may establish the terms of programs and promotions, according to which any User may be attracted by other participants of the program.  The Company processes the data of such a user within the framework of an Agreement for participation in token trading, and the data of such a user in the Company’s information systems are pseudonymized.  For the purpose of calculating prizes and gifts, accrual of remuneration to agents or affiliates under loyalty programs, it is possible to open some information about the time and scope of transactions of attracted users (depersonalized). In this case, this information will not be disclosed to third-party program participants (agents or affiliates), and the data will not be classified as personal, except if the user is the only attracted client for the agent or affiliate and such information about the user can be obvious under certain circumstances.

 

9. Purposes of Personal Data Processing

The main purpose of processing personal data is the identification and verification of the user for admission to participate in trading, provisions of access to facilities and services to the user.

The basis for processing the vast majority of personal data is the implementation of legislation in the field of prevention of the legalization of proceeds of crime, financing of terrorist activities and financing of the proliferation of weapons of mass destruction (in compliance with the requirements of Law 165-З[2]).

With the user’s separate consent, the Company uses the user’s data that were entered for the purpose of registration and Account creation, as well as for initial identification (name, e-mail, phone number) to provide the user with information about promotions and offers by mailing advertising posts, materials, reminders, and providing advertising information. Such consent can be withdrawn, in which case the Company will not use this data for mailing.

The data of clients who participate in referral programs and other promotions are processed by the Company in order to fulfil the conditions of their participation in loyalty programs and promotions (referral programs, etc.). Participation in the program is considered to be an agreement of the user to meet certain conditions.

The Company stores personal data of clients in order to comply with the current legislation.

 

10. Informing the User

The Company has the right to send notifications to the user and/or the client about new products and services, special offers and various events based on the consent received for the processing of personal data in order to inform the user about promotions and offers by mailing promotional materials, providing advertising information. The Company may use third-party services[3] for notification, subject to the appropriate level of personal data protection.

The User can always refuse from receiving informational messages by sending a letter to the Company to the e-mail address privacy@free2ex.com with a mark “Opt-out of notifications” or “Opt-out of newsletters”.

The Company reserves the right to send certain types of information messages to users and/or clients, despite their refusal from receiving notifications in cases where sending such a notice serves the interests of the user and/or client (technical mailing) or is mandatory by law.

 

11. Cookies

For the convenience of users and for ensuring greater transparency, the FREE2EX team has prepared this Cookies Policy.

 

What are cookies

A cookie (pl. cookies) is a small text file that a Website or Services save on your computer or on other device when you visit it. This allows the site to remember your actions and preferences (such as login, language, font size) for a certain period of time, so that you do not have to re-enter them when you return to the Site or go from one page to another or return to the Services.

 

The cookies are subdivided into the following types by purpose:

1.   Technical (Necessary) – allow you to navigate the Website or Services and make full use of their features. They help to control security and ensure special features.

2.   Functional/preferential (Customizing) – allow the Website or Services to adapt to the preferences of the visitor, to ensure an individual experience of using the Website or Services and are installed in response to user actions.

3.    Analytical (Statistical)– necessary for statistical purposes, they help to improve the performance of the Website or Services and to make it more user-friendly. In particular, the Company uses the following tools that stipulate the use of analytical cookies: Google Analytics and Yandex.Metrica.

For example, detailed information about cookie management settings in major browsers can be found at the links below:

Firefox: https://support.mozilla.org/ru/kb/udalenie-kukov-dlya-udaleniya-informacii-kotoruyu-

Chrome: https://support.google.com/chrome/answer/95647?hl=ru

Safari: https://support.apple.com/ru-ru/guide/safari/sfri11471/mac

Opera: https://help.opera.com/ru/latest/web-preferences/#Управление-файлами-cookie

Microsoft Edge: https://support.microsoft.com/ru-ru/microsoft-edge/удаление-файлов-cookie-в-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

Internet Explorer: https://support.microsoft.com/ru-ru/windows/удаление-файлов-cookie-и-управление-ими-168dab11-0753-043d-7c16-ede5947fc64d

 

4. Advertising cookies (Marketing)– these cookies are used to display advertising on the Website or Services and on third-party resources. They track information about your online activity to select and show you relevant advertising based on your interests and preferences. Advertising cookies help personalize advertisements and measure their effectiveness.

 

By supplier сookies are broken down into the following types:

First-party and Third-party.

Third-party – third-party files belong to another domain. As a general rule, this type of cookies is embedded in the pages of other companies’ websites, for example, in the form of an advertising unit. The creator of the cookie file can collect and receive data about visitors.

 

By the lifetime, cookies are subdivided into:

Permanent – stored for a certain period of time, which is determined by the parameters of each file, or until they are manually deleted.

 

Session (temporary) – can exist only during the period of time when the user is on the Website or in the Services. After he closes the browser window (ends the session), the cookies are deleted.

 

Cookies storage period

By the storage period, cookies are divided into session and permanent ones.

Session cookies are cookies that are stored when you visit a Website or Services.

For example, they allow the system to remember the selected language. Session cookies are never stored for a long time and are deleted when the browser is closed.

Permanent cookies are stored in the user’s browser for a long time – this type of cookies has a period of validity. Permanent cookies make it possible for the websites or Services to remember users’ personal information the next time they visit the site.

The Company stores information from permanent cookies for 5 years, while information from cookies used by our partners’ services may have a different storage period.

 

How to manage cookies

Cookies are stored on your device only if you consent to this, except in cases where cookies are required directly for the technical functioning of the website. However, it should be noted that if you do not give your consent to the use of cookies, some functions of the website or Services may not work properly or not work at all.

Cookies are used on the basis of the legitimate interest of the Company in order to ensure website or services functionality. If cookies are used to remember your choice or your statistical data, the ground for it is your consent, which is requested from the user at the first visit to the Website or the Services.

The user may accept all cookies or make a choice based on the description of the types of cookies.

 

Examples of cookies used:

- Asp.Net_SessionId, __RequestVerificationToken, AspNet.TwoFactorCookie,

.AspNet.ApplicationCookie – required for authorization;

- Accounts_Menu_Visibility – responsible for the menu status;

- AccordionSectionsItemsIds – saves the minimized state;

- CookiesNotice – consent to cookies.

- URlMarkers – markers;

- Agent – information about the agent;

 

Cookies are stored in the browser of your computer or other device, you can delete them from the browser history in whole or in part, and also configure most browsers in such a way as to prevent them from being saved. However, if you do this, you may have to manually adjust some of your preferences every time you visit the website or the services;

The user of the website using the F12 key or the fn+F12 key combination can open the developer toolbar in the browser. There one can find an Application tab, which, when opened, grants access to the Cookies section. In the above mentioned section the user can view the full list of cookies used on the website page opened by him at a given time. The section includes the names and the source (domain) of cookies, as well as their storage period. You can get acquainted with the cookies used in the control panel of your browser and configure the general rules for their use there.

 

Detailed information on managing cookies is available in English on the following websites: 

https://www.allaboutcookies.org/ and https://www.youronlinechoices.com/.

 

The Websites do not belong to the Company and have their own rules of use.

 

The Company uses Cookies-bot to obtain user consent to use various types of cookies. The Cookies-bot helps determine consent and the form of use of cookies in various situations.

 

App Tracking Transparency for iOS Users

For iOS users, our App fully complies with Apple's App Tracking Transparency framework. We obtain explicit user consent before tracking or accessing any device identifiers for advertising purposes.

 

The Website or Services user is entitled to:

- receive information about cookies on the Company’s website and in the Services;

- updating cookies that are used on the Company’s website and in the Services;

- deletion of information received from cookies and making it possible to identify the user’s identity;

- withdrawal of consent to the use of cookies;

- the right to submit a complaint to us and/or to the competent authority.

When visiting the Services for the first time, the user shall either give consent to the use of cookies by clicking the word «Allow selection» / «Allow all» or «Deny» the use of cookies (except Necessary ones). When visiting the Website, a Cookiebot is used to obtain the user's consent.

If a Cookiebot is used to obtain user consent, the user can reject consent using it.

The user can independently change the settings for the use of cookies in the browser. For the google chrome browser, s(he) needs to go to Settings > Privacy and Security > Cookies and other website data.

 

If the user refuses to use cookies, without which it is impossible to use the services of the Website or Services, the user must immediately stop using the Website or Services.

 

12. Procedure for the collection, storage, transfer and other types of personal data processing

The Company and/or an Authorized Person, if applicable, processes the user’s personal data if they are filled in and/or sent by the user independently through special forms3, available on the website of the Company and/or when they are received via e-mail.

If Personal Data are processed by an Authorized Person, the Authorized Person shall comply with the requirements for the processing of personal data stipulated by the legislation. The authorized person is not obliged to obtain the consent of users. The security of personal data processed by the Company is ensured through the implementation of legal, organizational and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection. In addition, a set of measures aimed at prevention of risks for the security of Sensitive personal data is adopted.

The Company ensures the safety of personal data and takes all possible measures to exclude access of unauthorized persons to the personal data.

All third parties to whom the Company provides the user’s personal data receive the minimum amount of such personal data that is reasonably required by them to provide services to the Company. As well as all third parties listed herein shall treat the user’s data as strictly confidential and shall maintain the level of confidentiality with respect to such personal data not lower than that of the Company.

In order to ensure the protection of personal data, the Company appoints 1) a person responsible for the performance of internal control over the processing of personal data; 2) publishes and updates this Policy; 3) introduces the Company’s employees and/or an authorized person and/or other persons directly involved in the processing of personal data with the provisions of the legislation on personal data; 4) trains the above mentioned employees and other persons in accordance with the procedure established by legislation; 5) establishes the procedure for access to personal data; carries out technical and cryptographic protection of personal data; 6) determines the list of foreign states on the territory of which an appropriate level of protection of the rights of personal data subjects is ensured.

 

13. Cross-border transfer of personal data

The Company carries out cross-border transfer of personal data only to the territory of a foreign state, which ensures reliable protection of users’ rights.

The cross-border transfer of personal data on the territory of foreign states that do not meet the above mentioned requirements can only be carried out if users are informed about the risks arising from the lack of an appropriate level of Personal Data protection in such countries, receipt of personal data on the basis of an agreement concluded (subject to conclusion) with the user in order to perform the actions established by this agreement; receipt of personal data by any person by sending a request in the cases and in the manner stipulated by the legislation; transferring data when it is necessary to protect the life, health or other vital interests of the subject of personal data or other persons, if obtaining the consent of users is impossible; processing personal data within the framework of the performance of international treaties of the Republic of Belarus; obtaining the appropriate permission the authorized body for the protection of the rights of personal data subjects.

Like other companies, the Company makes use of the services of third-party service providers, which, among other things, help process personal data on the basis of the relevant contract with them. In particular, the Company attracts suppliers of third-party cookies specified in Section 11.

The cross-border transfer of personal data is carried out by the Company in order to execute and maintain contractual relations, for the purpose of Identification and Verification to the following entities:

List of companies to which customer data is transferred

Location

Purpose of data transfer

The ground of data transfer

 

Organization in charge of mailing text messages

Russian Federation

phone number verification, password recovery

 Rules for the performance of the activities of the cryptoplatform operator

Organization ensuring the KYC procedure

Great Britain

software verification of information about clients and their beneficial owners

Regulation on requirements to the rules of internal control of the Hi-Tech Park residents

Yandex LLC

in the Russian Federation and/or in the EEA

use of analytical data of visits, sessions, duration (collected through Yandex.Metrica)

High-quality performance of the Contract and provision of electronic services to the User, improving the performance of the Website

Google[4],

Google Ireland Limited

Ireland

use of analytical data of visits, sessions, duration (collected through Google Analytics)

High-quality performance of the Contract and provision of electronic services to the User, improving the performance of the Website

Organization for the provision of Zoho services

Great Britain

processing cookies for the chat on the website

Rules for carrying out activities of the cryptoplatform operator (mandatory technical support)

Partner companies (owners of the mobile application, and other. third-party services selected by the User)

Russian Federation

Technical support

Contract

Partner companies (owners of the mobile application, and other third-party services selected by the User)

Russian Federation

Transfer of information (access to information) within integrated services through the extension of services and simplification of operations:

-  the current balance of the specified assets,

- the information specified in the invoice (user's full name, transaction amount, user ID),

- the Client's crypto address in FREE2EX,

- current transaction limits,

-clarification of the transaction status generated by the Client (invoice, exchange, withdrawal),

- the Client's ID in FREE2EX;

- exchange specified pairs,

- asset withdrawal followed by the Client's confirmation via 2FA.

 

Contract

Banks under partnership programs 

Russian Federation

Identification and verification

Law 165-З

 

Individuals who have access to your data

Employees of the Company may have access to data on the users of the Company’s website in the course of performance of their employment duties.

The owners of the host server or partners of the Company in the field of creation and placement of content on the website have access to technical records on the website’s host server.

Yandex.Metrica. Detailed information about the Yandex.Metrica service is available at: https://yandex.ru/support/metrika/.

Google Analytics. Detailed information about the Google Analytics service is available at: https://analytics.google.com/analytics/web/provision/#/provision.

 

The cross-border transfer of personal data can also be carried out based on the relevant court decision or legal requirement, as part of service provision (as described in clause 8 hereof), as well as in other cases where such transfer is performed on the legal basis. The Company notifies the users that it does not process personal data for the purpose of their subsequent sale.

 

14. Final Provisions

The User can receive any clarifications on issues of interest concerning the processing of his/her personal data by contacting the Company via e-mail: privacy@free2ex.com in the manner and to the extent specified in this Policy and the legislation of the Republic of Belarus.

This document will reflect any changes to the Company’s Confidentiality Policy. The policy shall remain in force without limit of time until it is replaced by a new version.


                                                                                                                                              Supplement to Privacy Policy of

                                                                                                                           Pixel Internet LLC

 

PERSONAL DATA PROCESSED BY US: TYPES, PURPOSES AND GROUNDS

We process your personal data within the scope and to the extent required for the stated objectives:

Category of subjects whose personal data are processed:

Users of Free2ex services

Objective

Data processed

Ground

Storage period

Website users/Company’s clients

User Registration

E-mail

Agreement for participation in token trading (hereinafter referred to as the “Agreement”)

3 years after the expiration of the Agreement, upon performance by the tax authorities of an audit of compliance with tax legislation. If the tax authorities haven’t checked compliance with tax legislation – 10 years after agreement expiration (clause 70 of the List approved by the Resolution of the Ministry of Justice of the Republic of Belarus No. 140 dated 24.05.2012 (hereinafter referred to as the List).

Initial Identification stage during User registration

Name,

 e-mail,

 phone,

IP address,

information from header User-Agent,

country of residence (determined based on the specified details IP address or phone code)

Law 165-З,

Rules for the implementation of the activities of the cryptoplatform operator

5 years after termination of the Agreement; if the tax authorities haven’t checked compliance with tax legislation – 10 years from the date of financial transactions

 (clause 459 of the List, clauses 461, 462)

Providing the user with information about promotions and offers by means of mailing promotional materials, providing advertising information

 name, e-mail, phone

User consent

for the period of validity of contractual relations and 1 year after the closure of the client’s account.

If a withdrawal of consent has been received – within 15 days from the date of withdrawal.

 

The procedure of complete user identification and Verification, admission to trading.

Re-identification and re-verification

surname, patronymic (if any), date of birth, location address,

or contact details, except for those indicated during registration,

citizenship,

sex,

place of birth,

data on registration at the place of residence and/or place of stay,

date of issue of the passport or other identity document,

identification number and other particulars of the identity document and/or other document on the basis of which identification is performed,

 previous surnames (when registering birth, marriage(s), etc.),

other data obtained as a result of verification of personal data and contact details based on the submitted documents),

digital portrait photograph,

 

test results (blockchain technology),

 

video recordings obtained in the course of the WebID procedure;

images obtained as part of liveness check procedure,

audio recordings of a conversation with the User.

 

 

Law 165-З,

Regulation on requirements to the rules of internal control of residents of the Hi-Tech Park

5 years after termination of the Agreement; if the tax authorities haven’t checked compliance with tax legislation – 10 years from the date of financial transactions

 (clause 459 of the List, clauses 461, 462)

Wallet replenishment, Making transactions

- information about payment instruments utilized by the user for depositing/withdrawing funds (current (settlement) bank account, electronic wallet, address (identifier) of the virtual wallet);

- information about all operations performed by the user;

- information about the sources of the user’s funds;

- information about financial transactions of clients, about participants of financial transactions

 

Law 165-З

From the date of financial transactions; subject to destruction upon the expiry of 5 years after the tax authorities have checked compliance with tax legislation. If the tax authorities haven’t checked compliance with tax legislation – 10 years from the date of financial transactions (clause 460 of the List)

Enhanced AML/CFT control measures

- web ID procedure data,

photo or video image, audio recordings of a conversation, selfies,

- IP address used by the user;

- payer’s identification number (if any);

- place of employment, position, office phone number (if available);

- website address on the Internet;

- data on representatives, persons who are able to directly and/or indirectly (through other persons) determine (influence) the decision-making of an individual, about persons, whose decision-making is influenced by an individual;

- information about the composition of the family, namely the full name and date of birth of the spouse, father, mother, adult children, expressly specified in the documents provided by the User,

 

- about income and other information confirming income, the size of property, the amount of debt and creditors;

- about transactions to be made, or the fact of the acquisition/sale of property and the circumstances that can confirm the ownership of the property and the legitimacy of its origin;

- information about financial standing;

 - information about reputation (references, reviews, etc.).

- other information, including special personal data which are related to some factual circumstances, but can be provided by the User at his initiative when confirming other facts (for example, certificates of benefits confirming the source of funds, containing the basis for assigning benefits for health reasons, etc.).

 

Law 165-З

5 years after termination of the Agreement; if the tax authorities haven’t checked compliance with tax legislation – 10 years from the date of financial transactions

 (clauses 459, 461, 462)

Confirmation of the status of a qualified investor, admission to trading in borrowed tokens, opening of gross, net accounts,

- about income and other information confirming income, the size of property, the amount of debt and creditors;

- about work experience;

 - about skills, including experience in transactions, including with securities and/or derivative financial instruments, transactions with non-deliverable over-the-counter financial instruments;

- about education, certification or professional development.

Rules for the provision of services related to the creation and placement of digital signs (tokens), and the implementation of operations for the creation and placement of their own digital signs (tokens)

5 years from the date of receipt of the representation or confirmation of such representation, if the tax authorities haven’t checked compliance with tax legislation – 10 years from the date of financial transactions

(Rules for the provision of services related to the creation and placement of digital signs (tokens), and the implementation of operations for the creation and placement of their own digital signs (tokens) (clause 461 of the List)

Fulfillment by the Company of the conditions of loyalty programs and promotions (referral programs, etc.)

 

- data on participation in other promotions and campaigns organized by the Company;

- Referral code;

- Data on referral links, connections, and click-throughs;

- the number of points, the amount of cashbacks (accrued tokens, other interest);

- the number of referrals involved

 

Acceptance of the terms of the Referral program (other program/promotion)

- 10 years from the date of closing the client’s account;

- 5 years from the date of closing the client's account when checking the Company's compliance with tax legislation after closing the account or – 3 years from the date of such inspection – in this case, the longest storage period is applied

(clause 460 of the List)

 

Technical support of the user

- audio recording of a conversation with the User;

- contact details;

- other data indicated in the Personal Account;

- correspondence between the User/Client and the Company

Clause 26 of the Regulations on the requirements to be met by individual applicants in order to be registered as residents of the Hi-Tech Park;

5 years from the date of creation (occurrence) of such audio recordings (videos) and correspondence

(Rules for the carrying  out of the activities of the cryptoplatform operator),

and correspondence containing the grounds for financial transactions – 5 years from the date of payment, but in any case within 3 years after the tax authorities have inspected compliance with tax legislation. If the tax authorities haven’t checked compliance with tax legislation – 10 years from the date of financial transactions (clause 461 of the List)

Storage of materials about ongoing promotional games

-      full name;

-      date of birth;

-      contact details;

-      ewallet number

Processing of personal data in cases where the processing of personal data is necessary to perform the obligations (powers) stipulated by legal acts (clause 20 of Article 6 of the Law), clause 15 of the Regulations on promotional games in the Republic of Belarus, approved by Decree of the President of the Republic of Belarus No. 51 “On promotional games in the Republic of Belarus” dated 30 January 2003

3 years from the date of the end of the promotional game (clause 15 of the Regulations on promotional games in the Republic of Belarus, approved by Decree of the President of the Republic of Belarus No. 51 “On promotional games in the Republic of Belarus” dated 30 January 2003).

If the information is related to financial transactions (payments, gifts, etc.) – 5 years from the date of payment, but in any case within 3 years after the tax authorities have inspected compliance with tax legislation. If the tax authorities haven’t checked compliance with tax legislation – 10 years from the date of financial transactions (clause 461 of the List)

Category of subjects whose personal data are processed:

persons managing companies – Users of the Company’s Services, their representatives, chief accountants

beneficiaries and  representatives of Users of Free2ex Services

 

surname, first name, patronymic (if any), date of birth, passport details, information about citizenship, place of permanent stay (residence),

other personal data specified in the passport (other identity document),

 

for representatives – also the information specified in the powers of attorney granted to them.

 

Law 165-З,

Regulation on requirements to the rules of internal control of residents of the Hi-Tech Park

5 years after termination of the Agreement; if the tax authorities haven’t checked compliance with tax legislation – 10 years from the date of financial transactions

 (clause 459 of the List, clauses 461, 462)

Category of subjects whose personal data are processed:

Applicants, both Users of the Services and other persons who intend to use the Company’s Services

Consideration of comments and suggestions made in the customer comment book, preparation and sending a response to the applicant’s comment and/or proposal

-      surname, name, patronymic;

-      place of residence (place of stay) address;

-       phone number;

-      other information included in the application by the applicant.

Processing of personal data in cases when the processing of personal data is necessary to perform the obligations (powers) stipulated by regulatory acts (clause 20 of Article 6 of the Law), Article 9, Article 28 of the Law of the Republic of Belarus No. 300-З “On appeals of citizens and legal entities” dated 18.07.2011 (hereinafter referred to as “Law 300-З”)

5 years from the date of the last application; 5 years after the end of maintaining the customer comment book (clauses 89, 91 of the List)

Consideration of a written (other than a comment or suggestion made in the customer comment book) or an electronic application of an individual, except for appeals sent within the framework of “Technical support”

-      surname, first name, patronymic (in full or initials)

-      place of residence (place of stay) address;

-      personal signature – when the applicant submits a written application;

-      other information included in the application by the applicant;

-      e-mail address – in case the applicant submits an electronic appeal;

-      the information contained in the documents confirming the powers of the representative - if an application is submitted by the applicant’s representative

Processing of personal data in cases when the processing of personal data is necessary to perform the obligations (powers) stipulated by regulatory acts (clause 20 of Article 6 of the Law), Article 9, Article 28 of Law No. 300-З

5 years from the date of the last application. Proposals to improve the Company’s activities – 10 years from the EPC [5] (clause 85 of the List)

Consideration of a written (other than a comment or suggestion made in the customer comment book) or an electronic application of an individual, filing such application on behalf of a legal entity

-      surname, first name, patronymic (in full or initials of the chief executive office or a person authorized in accordance with the established procedure to sign applications);

-      personal signature of the chief executive office or a person authorized in accordance with the established procedure to sign applications – if the applicant submits a written application;

-      other information included in the application by the applicant;

-      e-mail address – in case the applicant submits an electronic appeal;

-      the information contained in the documents confirming the powers of the representativeif an application is submitted by the applicant’s representative

Processing of personal data in cases when the processing of personal data is necessary to perform the obligations (powers) stipulated by regulatory acts (clause 20 of Article 6 of the Law), Article 9, Article 28 of Law No. 300-З

5 years from the date of the last application. Proposals to improve the Company’s activities – 10 years from the EPC (clause 85 of the List)

 



[1] Withdrawal of consent is possible only in case if the processing of personal data was performed on the basis of consent (Consent was given by the User).

 

[2] In relation to non-resident users, a legitimate interest can serve as the ground, in accordance with the requirements of Law 165-З, HTP acts.

 

[3] Including services as a solutions (SaaS)

 

[4] An affiliate is a company which forms part of the Google Group. Apart from Google Ireland Limited, the following organizations providing consumer services in the EU belong to this category: Google Commerce Ltd, Google Payment Corp. и Google Dialer Inc. Learn more about Google companies that are service providers for commercial organizations in the EU… (Source: https://policies.google.com/privacy?hl=ru#infosharing)

[5] RP – a review panel specified in the List with respect to the storage periods of specific types of documents, which means that the storage period of such documents after the examination of their value can be extended