PRIVACY POLICY

Effective date

Version

Summary of Changes

26 June 2019

v.2.0

Minor fixes
Description detailed
Client’s rights added
Contact details specified


Hereby is described the privacy practice of collecting and processing of personal data provided by persons engaging in business relations regulated by Terms and Conditions and other relevant documents (hereinafter Clients or you, your) with TRANSCRYPT OÜ, REG. Nr.14453691, Harju maakond, Tallinn, Haabersti linnaosa, Meistri tn 16, 13517, under the brand Transcrypt (hereinafter Transcrypt or we, us and our) possessing and operating an internet website www.transcrypt.eu (hereinafter the Website). The provisions of this Privacy Policy are subject to Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the Regulation) and the Personal Data Protection Act of 01.01.2008 (Estonia).

The provisions of this Privacy Policy are subject to Regulation (EU) 2016/679 (General Data Protection Regulation) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“Regulation”) and the Personal Data Protection Act of 12.12.2018 (Estonia). In case of conflict between this Privacy Policy and aforementioned Regulation or Act (due to amendment of a legal act or for other reason), relevant parts of these legal acts shall be applied.

INTRODUCTION

We understand the importance of protection of your privacy and personal data and commit a lot of efforts to develop and maintain high standards of our inner security measures and technologies to provide you with secure processing and storage of the data we collect from you; and keep your data safe against unauthorized or unlawful processing and against accidental loss, destruction or damage.


1. PERSONAL DATA WE PROCESS AND ITS OBJECTIVE


  1. When registering for an account via Transcrypt we may collect and further process (see chapter 2 below) the following categories of data:

  1. Information requested during the registration of the Account that identifies you, for example your name, date of birth, citizenship, etc.

When you go through the registration process, you shall provide an e-mail address and create a password. You may also choose to log in via supported third-party service provider (for example, Twitter, Facebook and Google+). You can also choose to add a Google Authenticator account to be used for 2FA verification for improved security.

  1. Financial information, including your income, source of income / funds, taxation residence information, etc.


Information, which we may collect through automated means. Through your use of Transcrypt and its exchange tools, we also monitor and collect tracking information related to usage such as access date & time, device identification, operating system, browser type and IP address. This information may be directly obtained by Transcrypt or through third party services.

с) Your identity and residency verification documents, for example passport and/or ID card, utility bill, insurance contract, tax statement, rental agreement etc.

  1. Contact information, i.e. your phone number, e-mail address, etc.

(information described above under a), b), c) and d) is hereinafter separately or collectively referred to as “Personal Data”)

We do not collect any information that may identify you without your permission.

We use Google Analytics on our Website. If You want to know more about Google Analytics and its “do not track” policy, please visit https://www.google.com/analytics/terms/us.html

We do not intend to solicit or collect Personal Data from anyone under the age of 16 or under the legal age of your country, if it is higher. If you are under 16 or are not of a legal age of your country, do not enter any Personal Data on our Website.

1.2. The term we keep the Personal Data collected depends on the type of information, the purpose of its use, nature of sensitiveness, etc. To the general rule, we will retain your Personal Data for the length of time reasonably needed to fulfill the purposes outlined in this privacy policy, including for as long as needed to provide you with our products and services, unless a longer retention period is required or permitted by law. We will also retain and use your information for as long as necessary to resolve disputes and/or enforce our rights and agreements.

1.3. We collect and process the Personal Data to fulfil our contractual obligations and legitimate interest before you, namely:

  1. provide services, including execution of requested transactions and related maintenance of the services you registered for and manage the account you hold;

  2. provide you with the information about your activities on the account;

  3. inform on any changes and updates to the services you are provided with;

  4. assess and mitigate risks related to anti-money laundering and terrorism financing regulations as well as transaction related risks;

  5. comply with applicable legislation;

  6. maintain actions in relation to legal claims;

  7. provide additional or supportive services, as well as perform Client surveys, statistical analysis;

  8. to ensure marketing activities (send you news, updates, promotions, product information, event announcements, and other).

  9. improve the performance and functionality of our services.

The above list may be extended depending on the development of the services.


2. PROCESSING OF YOUR PERSONAL DATA


2.1. Your personal data may be received and processed:

(a) by Transcrypt within our inner systems of processing, which complies to technical and organizational measures in a manner that meets applicable requirements of the Regulation and security standards; and/or

(b) at outsource service providers and processors who access and use the data only to the extent required to perform the obligations subcontracted to them by Transcrypt (hereinafter ”subprocessors”).

2.2. Those subprocessors perform tasks on our behalf and are contractually obligated not to disclose or use collected information for any other purposes, then storage, help in facilitation of technical aspects of our services or perform functions related to the administration of services (collection and analysis) or other indicated under contractual closes.

2.3. You give your explicit consent that Transcrypt may on its own discretion to engage subprocessors, who comply with technical and organizational measures in a manner that meet applicable requirements of the Regulation and security standards implied under this Privacy Policy.

2.4. If such subprocessors are located outside of Swiss Confederation or the European Union or European Economic Area, the processing of personal data is done or will be done in accordance with applicable laws.

2.5. Subprocessors remain fully liable for all obligations subcontracted to, and all acts and omissions of, Transcrypt is not responsible in the event that information is disclosed at a result of a breach or security lapse at any such subprocessors, or for such subprocessors' non-compliance with the foregoing requirements.


3. INCIDENTS NOTIFICATION


3.1. If Transcrypt becomes aware of any breach of our security leading to the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of, or access to (excluding unsuccessful attempts or activities) personal data of Clients on systems managed or otherwise controlled by us we will notify you promptly and without undue delay and in compliance to the procedure prescribed under Regulation or applicable laws.

3.2. The notification will be made to your e-mail address at the discretion of Transcrypt or by other direct communication available to Transcrypt and allowed by Client (for example, by phone or e-mail). It is sole responsibility of the Client to provide us with the e-mail address and ensure that this e-mail address is valid and current.

3.3. None of Data Incidents notification from Transcrypt may not be and will not be construed as an acknowledgment of any fault or liability with respect to data incident by us.


4. CLIENT’S SECURITY COMMITMENTS


4.1. Client agrees that without prejudice to our security measures and data incidents that it is Client’s responsibility to make appropriate use of our services to ensure a level of security appropriate to the risk in respect of your Personal Data and securing your authorization credentials, system and devices which you use to access to our services.

4.2. We are not obligated to protect your Personal Data that you choose to store or transfer outside Transcrypt and our subprocessors’ systems, and cannot be held responsible for any negative consequences you may suffer as a result thereof.


5. CLIENT’S RIGHTS IN RESPECT TO ITS PERSONAL DATA


5.1. You have the following rights in relation to your personal data:

  1. Right of access — You have the right to obtain from us information as to whether your personal data is being processed, and, where that is the case, access to such personal data.
  2. Right to withdraw consent — When we rely on your consent for processing of your personal data, you have the right to withdraw your consent at any time. However, the withdrawal of your consent will not affect the lawfulness of Transcrypt’s processing based on consent before your withdrawal.
  3. Right to rectification — We are obliged to ensure and you have the right for the accuracy of your personal information. In order to assist us with this, you are obliged to notify us of any changes to the personal information that you have provided to us by sending us a request to rectify your personal data where you believe the personal data we have is inaccurate or incomplete.
  4. Right to restriction of processing — You have the right to ask us to stop processing your personal data at any time
  5. Right to erasure — Asking us to delete all of your personal data will result in Transcrypt deleting your personal data without undue delay (unless there is a legitimate and legal reason why we are unable to delete certain of your personal data, in which case we will inform you of this). Asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use our Services.
  6. Right to data portability — You have the right to request that Transcrypt provides you with a copy of all of your personal data and to transmit your personal data to another data controller in a structured, commonly used and machine-readable format, where it is technically feasible for us to do so and the processing is based on consent or contractual performance.
  7. Right to complain — You have the right to lodge a complaint to our responsible person designated in our Internal Regulations and/or to a supervisory authority (in Estonia this is The Data Protection Inspectorate https://www.aki.ee/en).
  8. Right to object automated processing — You have the right not to be subject to a decision based solely on automated processing of your personal data, including profiling, which produces legal or similarly significant effects on you. There may be exceptions or limitations to this right as defined under relevant data protection law

5.2. We will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above, however, if you make excessive, repetitive or manifestly unfounded requests, we may charge you a reasonable fee taking into account the administrative costs in order to process such requests or we may refuse to act on such requests.

5.3. Client may also send a request to receive information which Personal Data has been processed, amended, deleted or locked and information about any parties to which we transmit your Personal Data.

5.4. In some cases we may charge a fee (based on our reasonable costs) if your requests related to Personal Data are excessive considering the nature of the request itself or the nature and functionality of our services.


6. COOKIE & SIMILAR TECHNOLOGIES


6.1. We also collect Cookie and similar technologies for collecting technical information, which contains unique identifiers from you. In brief words we automatically receive the web address of the site that you came from and the IP address of the computer or device that you are using to access. This information helps to understand your preferences, navigate website efficiently, and allows to develop and improve our services, and to manage the load on our servers.

6.2. If you prefer not to allow cookies, please use your browser settings, most browsers give you an ability to manage your cookies or provide you with “incognito mode” or similar options, which allows you not to record your visits and downloads in your browsing and download histories. In this mode any cookies created while this type of session are deleted after you close all “incognito” windows.

For more details please check our Cookie Policy.


7. CHANGES TO THESE PRIVACY POLICY


Please note that we may amend this Privacy Policy from time to time at our sole discretion. Therefore, please check this Privacy Policy for updates. If any significant updates in regard to data processing terms are made here we will notify you additionally within reasonable time via e-mail provided by you.


8. CONFIRMATION AND CONSENT


8.1. By applying for an account with Transcrypt, you declare and confirm that you have familiarized yourself with this Privacy Policy, understood its content and possible consequences.

8.2. By applying for an account with Transcrypt you consent to the processing (incl. collection, storing, receipt, forwarding, disclosing, making available, deleting, etc.) of your Personal Data, as described in this Privacy Policy.


9. CONTACT DETAILS


If you require any additional information or have any further questions concerning this Privacy Policy or you wish to use any of your rights regarding your Personal Data, please contact us at [email protected].
The supervising authority for privacy issues in Estonia is Estonian Data Protection Inspectorate

Postal address: Tatari 39, Tallinn 10134, Estonia

Telephone: +372 627 4135

Email: [email protected]

Website: https://www.aki.ee/en

The EU's independent data protection authority is European Data Protection Supervisor

Postal address: Rue Wiertz 60, B-1047 Brussels

Office address: Rue Montoyer 30, B-1000 Brussels

Telephone: +32 2 283 19 00

Email: [email protected]

Website: www.edps.europa.eu


10. OFFICIAL COMPLAINTS


If you are not satisfied with our answers, or you still have questions or pretentions related to your Personal Data, you may also contact Estonian Data Protection Inspectorate (in Estonian Andmekaitse Inspektsioon) at the phone +372 627 4135, e-post [email protected] or postal address Tatari 39, Tallinn 10134, Estonia. Should you feel that your rights related to the Personal Data are or may be violated, you may also submit an official complaint to aforementioned Inspectorate. If your complaint will fall under jurisdiction of other EU member state (other than Estonia), Estonian Data Protection Inspectorate will advise you and provide you with all necessary directions to address your complaint to a competent data protection authority of such other state.