Annex No. 3
DATA PROTECTION POLICY
pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR").
- Our Data Protection Policy
We at FUMBI take the security and privacy of your personal data very seriously. This Data Protection Policy ("Data Protection Policy") forms the basis for the processing of all personal data obtained in connection with the conclusion and performance of Agreement between You and FUMBI, use of the FUMBI Platform.
This Data Protection Policy governs the collection, use, retention and deletion of your personal data by us and provides you with information about your rights under the GDPR.
For the purpose of the GDPR, the data controllers for any personal information we hold about you are FUMBI NETWORK j. s. a., a simple joint stock company incorporated in the Slovak Republic, with registered seat at: Tyršovo Nábrežie 12, Bratislava - municipality Petržalka 851 01, Slovak Republic, Business Identification No.: 52 005 895, registered with the Commercial Register of the District Court Bratislava I, Section: Sja, File No.: 57/B.
Each action involving the processing of personal data is carried out in accordance with the GDPR and this Data Protection Policy. Please read this Data Protection Policy carefully so that you understand our view on and our procedures with respect to your personal data and how we deal with them.
- The Data Protection Principles We Abide
We process your personal data in accordance with the following principles set forth by the GPDR:
(a) Lawfulness, fairness and transparency
We process your personal data lawfully, fairly and in a transparent manner.
(b) Purpose limitation
We collect your personal data for specified, explicit and legitimate purposes and do not further process your personal data in a manner that is incompatible with those purposes.
(c) Data minimization
Personal data which we process is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
We keep your personal data accurate and update it where necessary.
(e) Storage limitation
We keep your personal data in a form which permits your identification for no longer than is necessary for the purposes for which we process your personal data.
(f) Integrity and confidentiality
We ensure appropriate security of your personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
We carry out any processing of your personal data in a responsible fashion and in compliance with the GDPR.
- Sources and Scope of Personal Data We Process
We primarily collect your personal data directly from you. During the process of opening your Account, you provide us with your log-in and password to your Account.
After the opening of your Account and prior to our provision of any Services to you, we will ask you to provide us with additional information for the purposes of verification of your identity, assessing your business risk, detection of fraud, money laundering, terrorist financing, or any other financial crime. In this respect, we will ask you to provide us with Identification Data, e.g. on provision of you name, surname, your residency address for the purpose of our statutory obligations, mainly pursuant provisions arising from AML Act.
We collect and process payment information at the time when you make a payment to us. If you give us bank your account details, we use it solely for the purpose of collection of your payment and facilitation of our payments to you.
Pursuant to the terms of the Agreement in order to comply with our obligations pursuant AML Act, other laws or internal directives we may require you to provide us with additional information for the purpose of verification of your we may ask you to provide us with additional information for the purpose of verification of Your identity and assessment of business risk pursuant, for example, copy of (i) identification document; in case of legal person also identification documents of members of the statutory body and ultimate beneficial owners of such legal person; (ii) documentation confirming your permanent or temporary residency address (e.g. utilities bill or the extract from the bank account evidencing identification information conforming information, extract from registry of persons, extract from the Commercial or similar public register; (iii) photo of your face including legible data of your identity card, and (iv) information on origin of funds that are subject of the Deposit pursuant to the Agreement.
We may also collect certain information about you from public registers and other publicly accessible sources for the purposes of verification of your identity, assessing your business risk, detection of fraud, money laundering, terrorist financing, or any other financial crime.
If you visit FUMBI Platform, we may automatically collect information about you using Google Analytics in order to understand how you engage with FUMBI Platform. Such information is collected and provided to us by Google LLC, as our data processor. If you don't want Analytics to be used in your browser, you can install the Google Analytics browser add-on. You can learn more about Google Analytics and privacy here.
- Processing of Your Personal Data
Compliance with our Data Protection Policy
We use your personal data in compliance with this Data Protection Policy. We will never sell your personal data to any third party, unless you give us your explicit consent with such sale.
Use of Personal Data
We may use your personal data on the basis of the following legal bases:
(a) Performance of the Agreement
We will process your personal data where it is necessary for the conclusion, performance, amendment and termination of the Agreement. In this respect, we process your name, surname, address, telephone number, e-mail address and your bank account details. The conclusion and performance of the Agreement is only possible after the opening of your Account and therefore we also process your log-in and password to your Account.
The term of processing your personal data is determined by the term of the Agreement. We may continue to process your personal data even after the termination of the Agreement based on a different legal basis where applicable.
(b) Compliance with Statutory Obligation
We will process your personal data where it is necessary for compliance with a legal obligation to which we are subject. We will process your personal data for the purpose of our compliance with applicable legislation on detection of fraud, prevention of money laundering and terrorist financing, or any other financial crime. In this respect, we may ask you to upload a copy of your identification document and fill out the Identification Data or other information pursuant to Agreement.
We may disclose your personal data where it is necessary to comply with a law, court order, or similar legal requirement. The term of processing your personal data is determined by the duration of the respective legal obligations.
(c) Legitimate Interests
We may also process your personal data where it is necessary for the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms. Our legitimate interests include the following:
• Protection of our rights
We may store your personal data where it is necessary for the protection of our rights under the Agreement or applicable law. We will only hold such personal data for a necessary period of time which will not exceed 10 years after the termination of Agreement.
• Prevention of fraudulent behavior
We may store your personal data where it is necessary for the purpose of preventing fraud that may harm us and our interests for a period of up to 5 years after the termination of Agreement.
• Enforcement of claims
We may store your personal data where it is necessary for the enforcement of claims that we may have against you. We will only hold such personal data until the applicable limitation periods expire.
• Direct marketing
We use your name and e-mail address to provide you with information about our products and
services. In order to provide you with such information we will send you an e-mail newsletter, unless you have objected to this or you will object at any time in future.
• Recommendations and rewards
We store the information about each referral made by the User of the Services, if the New User joined FUMBI pursuant to Referral System, for the purposes of evaluating eligibility to receive a Reward under applicable reward scheme. Such information is stored in relation to both the User making a recommendation as well as the New user who joined FUMBI on the basis of the recommendation.
We use "cookies" to help you personalize the use of the FUMBI Platform. A cookie is a text file that is placed on your hard disk by a web server. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalize pages on the FUMBI Platform, a cookie helps us to recall your specific information on subsequent visits. When you return to the same website, the information you previously provided can be retrieved, so you can easily use the customised features.
Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the FUMBI Platform.
- Recipients and Processors of Your Personal Data
We may appoint third parties - processors - to carry out certain tasks related to processing of your personal data under a data processing agreement. We will appoint only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of your rights.
We use the following data processors, who may receive and process your personal data on our behalf:
• Google LLC ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, The United States of America;
• Liquid Web, LLC, 2703 Ena Dr., Lansing, MI 48917, The United States of America;
• Mailgun Technologies, Inc., 535 Mission St., Fl 14, San Francisco, CA 94105, The United States of America.
We may transfer your personal data to processors or other recipients in third countries but only (i) where the European Commission has decided that the third country, a territory or one or more specified sectors within that third country in question ensures an adequate level of protection or (ii) where the processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.
- Your Rights
Pursuant to the GDPR, you have the following rights related to processing of your personal data:
(a) The right to be informed
You have the right to be informed about processing of your personal data. We provide you with the information about such processing in this Data Protection Policy.
(b) The right to access your personal data
Contact us if you wish to access the personal data, we store about you.
(c) The right to rectification
If the personal data we hold about you is inaccurate or incomplete, you have the right to ask for its rectification. If that personal data has been passed to a third party with your consent or for legal reasons, then we must also ask them to rectify the data.
(d) The right to erasure (“the right to be forgotten”)
You have the right to ask us to erase all your personal data. However, we are not obligated to erase your personal data if we have a legal reason to process it or if the processing is necessary for the performance of the Agreement.
(e) The right to restrict processing
You have the right to ask us to restrict how we process your personal data if:
• you contest the accuracy of your personal data;
• the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead;
• we no longer need the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
• you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
This means we are permitted to store the data but not further process it. We keep just enough data to make sure we respect your request in the future.
(f) The right to data portability
We are obligated to allow you to obtain and reuse your personal data for your own purposes across services in a safe and secure way without this affecting the usability of your data.
(g) The right to object
You have the right to object to processing of your personal data if it is based on our legitimate interests. Unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims, we will no longer process your personal data.
(h) The right to withdraw consent
If you have given us your consent to process your data but change your mind later, you have the right to withdraw your consent at any time. If you withdraw previously granted consent, we will stop processing your data. However, we generally do not process your personal data on the basis of your consent.
(i) The right to complain
You have the right to complain to a competent data protection authority if you feel that we are processing your personal data in a manner inconsistent with the GDPR or if you feel that we do not respect your rights. Contact details of the all EU member states' data protection authorities are available at: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
You can exercise any of the above rights (except the right to complain, which should be exercised by contacting the competent data protection authority directly) by submitting the appropriate request with us. Please contact us by email at: email@example.com
- Links to Other Websites
FUMBI Platform may contain links to and from websites of our partners, advertisers, social media sites etc. If you follow a link to any of these websites, please note that these websites may have their own privacy notices and that we do not accept any responsibility or liability for any such notices. Please check these notices, where available, before you submit any personal data to these websites.
- How we Secure your Personal Data
We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use or disclosure. We secure your personal data on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When sensitive information (such as a bank account details and/or geo-location data) is collected on the FUMBI Platform and/or transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
Even though we strive to provide the most secure environment for the processing of your personal data, we cannot completely rule out a possibility of unauthorized access, use or disclosure. In the case of such a personal data breach, we will inform the competent supervisory authority without undue delay and act swiftly to address the situation. If the personal data breach is likely to harm you, we will also inform you about the personal data breach without undue delay.
- Changes to Our Data Protection Policy
We may amend this Data Protection Policy from time to time in which case we will always provide you with the amended version of the Data Protection Policy.
If you have any questions about this Data Protection Policy, you can contact us at: firstname.lastname@example.org