1.1. Personal Data
“Personal Data” means any information that may be used to identify you as an individual, directly or indirectly. Such information includes you personal name, identification number, location data, and any information found online that may reveal your physical, genetic, mental, economic, cultural or social identity.
1.2. Information about the Deceased
Personal Data requires a person to have legal capacity, meaning they can exercise their rights, give consent and enter into agreements. Legal capacity begins at birth and is lost upon death. Therefore, in this Policy, any information related to the deceased person is not seen as Personal Data and is excluded from its meaning.
Nevertheless, we will ensure that your personal data collected from you during your life is kept securely and safely with us after your death. We will not share or disclose it in any manner that is not defined in this Policy or not otherwise permitted by the GDPR. Treatment of personal data after death of the data subject differs in regards to the national laws on personal data in each EU Member State: here you may learn about how personal data of deceased person may be treated in your Member State of residence and what options may be available to you and your trusted persons after your death.
1.3. Controller of your Personal Data
As defined in the GDPR, Quan2um is the Controller of your personal data. It means that we determine what information we collect, how and why we collect it, how it is shared and disclosed and what means we use to process this information.
1.4. Processing of your Personal Data
We use specific vendors and partners that are responsible for processing your personal information. For more specific information, please check out Section 8 to learn of how your data is processed, what vendors we use for processing your personal data and what countries we may send your data to for processing.
2. Information We Collect
To provide our Services and offer our Products, we must collect information about you.
2.1. Information that You Provide
This category includes content and information that you provide when you use our Services and Products. Quan2um OÜ will never ask you to submit any information related to your racial or ethnic origin, sex life or sexual orientation, political opinions, philosophical or religious beliefs, biometric or genetic data and trade union membership.
2.1.1. Account Registration
When you create your personal account, we may ask for your contact information, including your full name, personal address, e-mail address and phone number. In addition, in order to further verify your identity for the purposes of compliance measures imposed by us under the relevant legislative acts, such as Anti-Money Laundering and Terrorism Financing Prevention Act of Republic of Estonia, we may collect the following personal information from you:
· Formal identification information, such as identity documents issued by the competent governmant authorities in the country of your domicile and/or birth, e.g. passport, national ID card, residence permit and right of residence cards, driver’s license, birth certificate, visa information, and other relevant identification documents necessary to determine your identity and comply with our obligations under the AML and anti-financial crime laws and regulations;
· Financial information, such as bank account details, payment card information, transaction history, trading data, tax information, and other relevant information.
· Information about your business, such as formal certificate of incorporation issued by the competent authorities of te country of incorporation of your business, extracts from the commercial registries, tax and/or VAT number and information, Articles and/ or Memorandum of Association, Certificates of Incumbency, personal identification information about all ultimate beneficial owners (hereinafter: the “UBOs”), shareholders and management board members, information about the origina dn source of funds, etc.
· Employment information, such as the job title, location of the employer’s officer and/or job description.
· Transaction information, such as information about amounts of your transactions and receipients of such.
If you contact us directly, we may ask some additional information from you, such as your name, e-mail address, personal address, phone number and other personal information. If you communicate with us, we will always state the reasons why we need this information from you.
2.1.3. Payment Information
Our Services allow our users to opt for a desired payment method in order to execute Orders and Transations via the use of our third-party payment processors. We do not store your information about the financial account. It is referred to our payment processor.
2.2. Cookie Files
2.3. Log Files
We use log files to store information gathered from your use of our Services. We use this information to enhance the functionalities of the website, acquiring detailed information about traffic to optimize the website performance and improve the overall quality of provision of our Services. The information stored in log files may include Internet Protocol (IP) addresses, browser type, operation system (OS), Internet Service Provider (ISP), referring/exit pages, landing pages, time and date stamps and clickstream data. Please note that this information may be considered Personal Data under certain circumstances in accordance with the relevant provisions of the GDPR.
2.4. Information from Partners and Third Parties
Our partners that have been authorized by us to provide our Services may provide your Personal Data to us. In this case, the information forwarded to us is collected by our partners and shared with us. We require our partners to have lawful rights to collect, use and share your Personal Data before disclosing it to us. Such Partners and third parties include but are not limited to the following sources:
· Public Databases, Identity Verification Partners and Credit Institutions: we gather information from the above-mentioned Partners to varify your identity as per the applicable laws and regulations. Identify verification involves collecting such personal information as your name, address, employment information, credit history, affiliation with any restricted, sanctioned or prohibited groups and associations, determined as such by relevant legal acts, as well as other relevant data. Particularly, we are obliged to collect and store such information as per our obligations under the Anti-Money Laundering and Terrorism Financing Prevention Act of Republic of Estonia (Rahapesu ja terrorismi rahastamise tõkestamise seadus, hereinafter: “RahaPTS”), aimed at monitoring, detecting and preventing acts related to money laundering, terrorism financing and other financial crimes.
· Blockchain Data: we collect publicly available blockchain data to detect and prevent illegal activities, including those defined in RahaPTS, as well as to determine current blockchain trends.
· Marketing Partners, Advertisers and Analytics Partners: we may collect personal data from such partners and third parties for the purposes of conducting reseach about how you use and interact with our website, Services and Products, as well as to understand what Services and Products may be of interest to you.
3. Anonymized Data
As defined by the GDPR, anonymization is a technique that alters personal information to the point when it may no longer be directly linked to a particular individual and such an individual may not be identified, directly or indirectly, from such data.
Quan2um may employ amonymized data for the purposes of conducting research about quality of our Services, understanding customer needs and demands, conduct marketing, detect and prevent security vulnerabilities and braches, and other relevant business purposes.
4. How We Use Information
We use information we collect in various ways, including the following:
– Providing, operating and maintaining our Services;
– Processing payments, executing Orders, Trades and Transactions in a manner consistent with the rules of market fairness, trasparency, competitiveness, and genuinity;
– Detecting and preventing loss of funds, including losses occuring as a result of fraud and abuse of our Services;
– Ensuring compliance with the relevant laws and regulations to prevent anti-money laundering, terrorism financing, fraud and other financial crimes;
– Complying with the anti-financial crime regimes and obligations, regulated and imposed by the competent authorities of Republic fo Estonia, such as the Financial Inspection (Finantsinspektsioon, or the “FI”) and the Financial Intelligence Unit (Rahapesu andmebüroo, or the “FIU”);
– Communicating with you, including direct means or through our partners, to perform customer support activities, to inform you of the changes and updates related to the Services, to notify you of important information related to the Services and for marketing and promotion;
– Sending you e-mails, including notification e-mails, reminders and confirmations;
– Improving the quality of our Services;
– Conducting research and development related to our Services to develop new features and functionalities and introduce new products and services;
– Performing measurement and analytics activities to learn how our users interact with our Services and understand our users' behaviour and preferences;
– Promoting safety, security and integrity of your funds, our Services and data.
5. How We Share This Information
We may share the information we collect in various ways and third parties.
5.1. Vendors and Service providers
We provide information we collect to vendors and services providers that help us keep our business running. Such vendors include (but are not limited to) payment platforms, web and mobile analytics services, advertisers, partners in IT such as hosting and software providers as well as sales and marketing products.
5.1.1. Non-EU/EEA Vendors
We do not provide information we collect to service providers are located outside of the EU/EEA area. For further information on how your data is handled, please see Section 10 of this Policy.
5.2. Payment Platforms
5.3. Identity Verification Services
To ensure you see the ads that may be of interest to you, we work with third-party advertising partners. These partners may receive information from us to personalize ads to fit your interests. They may also collect information about you and use it in accordance with their own privacy notes. We never sell your information to advertisers. Additionally, we make sure advertisers we choose are compliant with the GDPR and manage your information accordingly.
5.5. Partners that Work with Us
Due to the nature of our business, we communicate and establish business connections with various partners in the field of banking, legal services, compliance, accounting, and other relevant fields. We may provide your information to them to ensure uninterrupted, accurate, and integral provision of our Services and commence activities that help us maintain our business activities.
5.6. Law Enforcement and Compliance
In some circumstances, we may need to disclose your personal information in accordance with the law and current regulations to law enforcement authorities, government officials or other relevant third parties. It may be necessary in the case of court proceedings, complying with a legal order or other legal process, as well as for the purposes of financial crime, money laundering and terrorism financing prevention, if we have strong grounds to believe any natural or legal person to be involved in or associated with the said forms of crime.
5.7. Business Transfers
In cases of insolvency, bankruptcy, acquisition, transfer of ownership, sale of assets or succession of Quan2um, your personal information may be disclosed to the new owner, acquirer or successor of the company or other relevant third parties.
6. How We Secure This Information
At Quan2um, we understand the importsnace of keeping your personal information in a secure and integral manner, as any breach of personal data may lead to detrimental consequences to you and your funds. Therefore, we employ various physical, technical and administrative safeguards to ensure intergrity, security and confidentiality of your personal data.
Your personal information is secured with the help of Transport Layer Security (TLS) protocol that is designed to protect and secure your information from unauthorized access and breaches of privacy. TLS protocol is mainly used for encrypting the information exchanged between our website and servers. We also use TLS to encrypt all the e-mails and messages exchanged with us. We use the latest and the most secure version of TLS (v 1.3) to date and make sure to update is if a more secure and reliable version is released in the future.
In addition, your transaction and other personal information, is stored by us in an encrypted manner. Such encrypted data is stored and maintainted with the use of our relevant service providers that help us maintaint physical, technical, electronic and administrative safeguards. Please note that some of such vendors may be located outside of the EU/EEA zone: to learn more about how your personal data is collected, stored, handled and processed by such vendors, please read Section 10 of this Policy.
At the same time, even with all the seciruty and safety measures imposed by us at all times, we cannot guarantee that your data may not be breached, accessed without authorization or otherwise tainted and leaked. We ask you to kindly acknowledge that a great part in data security lies with you, and it is important to treat your personal data with diligence, attentiveness, and care. It is strongly recommended to make sure your password includes a combination of letters, numbers and signs and consists of a sufficient amount of characters; it is also advised to check for the safety of your connection (which can be accessed by clicking a lock sign next to the URL field of your browser) to make sure you do not submit your personal information to fraudulent and compromised versions of our website, developed and maintained by unauthorized persons with malicious intent.
Should you become aware of any attempt to misuse your personal information by the above-mentioned or any other malicious means, or should you believe your personal information is not stored, handled and maintained securely by us, please notify us immediately at email@example.com
7. Retention of Personal Information
Your personal information is stored securely for as long as your account is opened. We will only store and retain your personal information for the period necessary to fulfill purposes for which it is collected. Retention periods may vary in regards to the type of personal information and purposes for which it was collected, such as indicated below:
· Personal information related to our legal obligations to comply with anti-financial crime and anti-money laundering laws and regulation, including RahaPTS, may be stored for as long as it is required by such laws;
· Contact information for marketing purposes is retained for as long as we have your consent and is deleted immediately after you recall your consent;
· Telephone call records and other correspondence with us may be kept for a period of up to five years;
· Information collected via technical means is retained for a period of up to one year.
8. Legal Basis and Legitimate Interests
Our legal basis to collect, use and share your personal data varies depending on the context. The following are the situations in which we perform processing:
· When we have your consent, meaning you have read our data processing purposes and have agreed to them by giving your consent; such as in cases that include but are not limited to being subject to our marketing notifications and campaigns and granting your consent to use your personal information to enhance your experience of useing our website and Services;
· When we need to perform a contract with you, meaning that your information is necessary to process and finalize your order or comply with the terms of any other contact we have entered into with you; to enforce the terms of this Policy and other agreements; to provide our Services; to provide customer service and support, to ensure quality of our Services and communications;
· When we have a legal obligation to comply with, meaning that data disclosure is necessary to comply with the legal requirements set by law or legal order;
· When we have a legitimate interest, meaning that we process your personal data to operate and provide our Services, improve our Products, ensure proper security and prevent illegal activities and handling of your data. We only have legitimate interest when it does not override your fundamental rights.
9. Rights of the Data Subject
As a data subject, you have certain rights provided by the GDPR that you may invoke.
9.1. Access, Update, Correct or Erase Your Information
You have the right to request the above to be done with your information. You may do so at any time by e-mailing us at firstname.lastname@example.org
9.2. Objecting to and Restricting Processing of Information
You may also exercise these rights at any moment by contacting us at email@example.com
9.3. Data Portability
If you wish to receive all the personal information we collected from you to then provide it to another controller, you may do so by contacting us at firstname.lastname@example.org
9.4. Opt-Out of Marketing Messages
You have the right to opt-out of marketing messages at any moment. This can be done by clicking the ‘unsubscribe’ option in the marketing e-mails from us. You may also contact us at email@example.com and we will unsubscribe you.
9.5. Withdraw Your Consent
You may withdraw your consent for processing your personal information at any moment. Please note that lawfulness of consent before withdrawal will not be affected.
9.6. Complaining to a Data Protection Authority (DPA)
You have the right to complain to the DPA of your country of residence about collecting and processing of your personal information by us. The list of the DPA representatives, their webpages and contact information is available here.
10. Automated Processing and Decision-Making
We may employ automated tools to determine fraud or financial crime risks associated with any Order, Trade, Transation or Customer. However, we do not perform any decision-making based on means of fully automated processing, or automated processing that relies solely on decisions and conlcusions generated by the machines and the line of code and does not involve any human control, assessment and/or intervention. Similarly, we do not employ any algorithmic and automated systems to make decisions that have serious life-affecting consequences, except for the cases laid down by relevant data protection provisions.
11. Children's Privacy
We do not knowingly collect and process any personal information from children under 13 years of age. Please note that for any collection and processing of personal information of a child under 13, we require explicit consent from the child’s legal representative, such as a parent or a guardian.
If you suspect that a child under 13 has provided us with their personal information without explicit consent, please contact us at firstname.lastname@example.org
12. Changes to the Policy
We may modify this Policy from time to time to adapt it to the changing regulations and new developments. Changes will be posted on our Website, on this page.
13. Contact information
If you have any questions or concerns regarding this Policy, your personal data rights and how to invoke them, or any other question about your personal information, please feel free to contact us at email@example.com.
14. Forms of acceptance of the terms and conditions of this Policy