CALMSWAP S.R.O. PRIVACY POLICY

 

1. THE INTRODUCTION

 

1.1. Calmswap s.r.o., ID: 21246823, registered office address at Czech Republic, Cimburkova 916/8, 130 00 Prague – Žižkov, registered in the Commercial Register kept by the Municipal Court in Prague, Section C, File 398874, hereinafter the ‘Company’, also ‘we’, or ‘us’

1.2. Calmswap s.r.o. is a personal data controller

1.3. This Privacy Policy describes how we collect, process, store and secure our customers’ personal data.

1.4. We respect the individual’s right to privacy and make all reasonable efforts to ensure the security and confidentiality of personal data and other information processed by us. 

1.5. It’s of our great importance that the customer carefully reads information provided below in this Policy. We assume that the customer has carefully got acquainted with this Policy and agrees to its provisions. If the customer does not agree with this Privacy Policy, please do not apply and use our services.

1.6. If any questions subject to the provisions of this Privacy Policy occur, please do not hesitate to contact us by sending your inquiry to our support team email: [email protected], specifying in subject line - ‘Privacy Issue’. Our support team will process your request with due care, when necessary, forwarding the issue for our legal team consideration.

 

2. THE SCOPE

 

2.1. We handle your personal data in accordance with our legal obligations set by the following legal acts:

• Personal Data Processing Act 2019 (No. 110/2019 Coll., ‘ZZOÚ’), ‘the Act’,
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the ‘GDPR’,
• best practice recognized standards. 

2.2. This Privacy Policy is applicable to any private individual visiting our website, applying for our services or already using our services (prospective or existing customer, director, beneficial owner or representative of the customer - legal entity), or corresponding with us (for example by email or by filling messaging forms on the website).

2.3 This Policy sets purposes for which we process personal data, who we share it with, what rights private individuals have in relation to that data and everything else we think is important for individuals to know. 

2.4.  To the maximum extent permitted by applicable legal acts to process personal data, we may engage third persons acting as data processors. In such a case, we will take all reasonable measures to ensure that personal data is processed by the personal data processors in strict compliance with instructions provided by us and applicable legal acts. We will also ensure that personal data processors will implement appropriate measures for the security of personal data corresponding to the highest security standards. All data processors are under the strict non-disclosing obligation and will not be able to use personal data processed for any other purpose, except to the extent necessary to perform their contractual obligations assigned by us.

2.5. We use different methods to collect data from and about the customer including through:

• Direct interactions: customer him/herself submits us personal data.
• Automated technologies or interactions: when the customer interacts with our system, website, mobile APP. We will automatically collect technical data about customer’s equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. 
• Third parties or publicly available sources: We may receive personal data from various third parties and public sources.

 

3.THE PERSONAL DATA WE COLLECT

 

3.1. To start provision of our services we need first to establish and verify the identity of the customer. 

3.2. We are bound by applicable anti-money laundering, counter terrorism and proliferation financing (AML/CTF/CPF) regulatory requirements to (i) get full understanding of who the customer is – Know Your Customer (KYC) measures, (ii) conduct mandatory sanctions and PEP screenings, (iii) maintain actual data about the existing customer and his/her identity at any time within the lifetime of the established business relationships – Due Diligence (DD) measures, (iv) assess or reassess AML/CTF risk type a particular customer poses; (v) get full understanding of customer’s transactions and behaviour, detect in a timely manner any suspicious activity – Ongoing monitoring measures (date, information of payer and payee, i. e. name, surname, wallet and card number, payment account number, purpose of transaction, amount of transaction and etc.); (vi) AML/CTF/CPF collected data and documents retention. 

3.3. To meet our regulatory requirements specified above in this Section, we retain the right to collect, process and store the following personal data:

• title, name, surname, any former or middle name,
• date and place of birth,
• citizenship,
• nationality, 
• personal identity number,
• residential address,
• correspondence address, if differs from the residential address,
• contact information – phone number, email address,
• identity document number, date of issue, issuing authority, expiry date,
• biometric data,
• results of liveness check,
• payment card photo, 
• payment account details,
• occupation/employment/type of business,
• source of funds and source of wealth,
• financial and tax data.

3.4. The list of required data provided in Cl. 3.3 above is not exhaustive and may vary case by case and the scope of information requested is at our sole discretion. When that is necessary, the customer will be prompted to provide such information without undue delay.

3.5. For more information subject to our AML/CTF/CPF regulatory obligations and applicable KYC measures please refer to our AML Policy available on our website. 

3.6. If the customer contacts us, we will keep a record of that correspondence (i.e., date of the letter, subject, the content of the correspondence, communication channels, etc.).

3.7. We collect and process personal data to satisfy customers’ complaints, refund requests and chargebacks (claims and complaints, responses, messages, details of such communication). 

3.9. We collect and process customer’s personal data to support the customer in respect of services provided and any other matter the customer may have in relation to the services provided; to let the customer know about upcoming amendments to the legal documents available on the website, fee schedule, services provided, website and/or mobile APP, if any, as well as other important information.

3.10. We collect and process customer’s personal data to ensure the functionality of the website and mobile APP, if any, and to provide further updates and improvements (cookies, IP addresses, clicks, visited sections, cookies and other searching preferences).

3.11.We process customer’s personal data on the following legal grounds:

• Consent - voluntarily expressed when applying for the services and registering on our website, or while using the services; customer’s consent should be treated as expressly submitted if customer voluntary submits us his/her personal data, and
• Contractual obligations – voluntary entering business relationships with us,
• Regulatory obligations - voluntary compliance with regulatory requirements we are subject to – passing of liveness checks, submission of biometric data, information requested within KYC and DD process. 

3.12. The customer may at any time edit, update, or delete his/her personal data contacting our support team. 

3.13. Please note that amendments to personal data or data deletion request may lead to suspension or even termination of provision of services and our cooperation. Each such request will fall under comprehensive legal and compliance team investigation. 

3.14. Please also note that personal data being in our possession may not be deleted under the customer’s request in breach of the minimal data retention period set by applicable AML/CTF laws and regulations. Since the minimum regulatory set data retention period is met, your personal data will be deleted automatically.

3.15. If customer provides personal data of any individual other than customer (director, beneficial owner, representative) to get our services and become a customer of us or within the lifetime of already established business relationships, then the customer prior to submit us third person’s data should obtained consent from such individual to disclose his/her personal data. Customer shall bear full responsibility towards such individuals if the customer has not received proper consent for third person’s personal data submission and the customer undertakes to indemnify us for any liability which may appear due to unlawful provision and/or disclosure of third person’s personal data. This liability provision does not apply if such individual personally provides personal data processing consent directly to us (in person, via the website or mobile APP, or in any way described above in this Privacy Policy). 

3.16. We do not knowingly collect personally identifiable information from or about children under 18 years of age. In the case we discover that a child under 18 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to take necessary actions.

 

4. HOW WE SHARE PERSONAL DATA

 

4.1. To provide the services and meet our regulatory obligations, we use third parties' services, and such third parties use personal data in delivering their services to us. 

4.2. We may share personal data we collect with our service providers (data processors) such as:

• Electronic identity verification service providers. We use their services for KYC and DD measures. 
• Cloud storage/servers' providers. We use their service to store personal data safely and securely.
• Liquidity providers/Payment service providers/Card issuers/Acquirers. We use their services to ensure virtual currency exchange orders and transactions execution and process refund requests and chargebacks. 
• Auditors, accountants, legal advisors. We use their services to complete tax, accounting, technical, and legal audits of our business operations.

4.3. We share personal data only with those data processors which ensure safeguards and use technical and organisational security measures equivalent to the ones required by the Czech Republic and European Union EU and applied by us. 

4.4. The personal data that we collect will be transferred to, and stored at, a destination inside the EU and the European Economic Area (EEA).

4.5.  Personal data may be processed outside the EU or EEA to fulfil our contractual obligations towards the customers to provide the services (to execute an international payment, process payment details, provide global AML/CTF/CPF solutions, and provide ongoing support services). We will take all steps to ensure that personal data is treated securely and in accordance with this Privacy Policy.

4.6. We will expressly inform the customer that his/her personal data will be processed outside the EU or EEA, providing data transferring and processing purpose and legal ground. If the customer after such notification continues to use our services, it shall be treated as the customer’s consent to personal data transfer outside the EU or EEA. If the customer does not agree to data transfer outside the EU or EEA, the customer shall stop using the services immediately and terminate business relationships with us. 

4.7. We may need to share customers’ personal data to state and public authorities. We will only do so when we are legally required to provide information (we are regulatory bound to provide customers and transactions data to the supervising authorities for reporting and supervising purposes) or when we need to take legal action to defend our rights, as well as the cases, where we have a belief in good faith that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process or enforceable governmental request, enforce applicable Terms of Services, including investigation of potential violations, detect, prevent or otherwise address AML/CTF/CPF crimes, fraud, security or technical issues.

 

5. CUSTOMER’S RIGHTS

 

5.1. The customer is entitled to request:

• an access to his/her personal data we process: this right enables the customer to receive a copy of the personal data we hold about him/her,
• to correct incorrect/inaccurate information about him/her: this right enables the customer to have any incomplete or inaccurate personal data we hold to be corrected. Please note that we may need to verify the accuracy of the new data the customer provides to us,
• to transfer all or part of the personal data: this right enables the customer to ask us to provide the customer's personal data in a structured, commonly used, machine-readable format, which the customer can then transfer to another appropriate data controller. Note that this right only applies to automated information which the customer initially provided for us to use and consented for its use or where we used the information to perform a contract with the customer,
• to erase personal data: this right enables customer to ask us to delete or remove personal data where there is no good reason for us to process it, or if the customer successfully exercised his/her right to object to processing. Please observe limitations to this right set in Cl. 3.14 above,
• restriction of personal data processing: this right enables the customer to ask us to suspend the processing of personal data in the following cases:

1. if the customer wants us to establish data accuracy,
2. where our use of the data is unlawful but the customer does not want us to erase it,
3. where the customer needs us to hold the data even if we no longer require it as the customer needs it to establish, exercise or defend legal claims,
4. the customer has objected to our use of his/her personal data but we need to verify whether we have overriding legitimate grounds to use it. Please note that such requests may lead to a situation where we may not be able to perform our contractual obligations towards the customer or enter a contract with the customer. If this is the case, we will notify the customer about it.

5.2. The right to object to processing of personal data when processing is carried out based on legitimate interest: this right can be exercised in a situation where we are relying on our legitimate interest (or those of a third party) but such processing impacts on customer’s fundamental rights and freedoms. 

5.3. The customer also has the right to object where we are processing his/her personal data for direct marketing purposes. 

5.4. To exercise any of the rights mentioned above, please reach out to our support team via email [email protected]. We may ask the customer to verify his/her identity and for more information regarding such request. 

 

6. PERSONAL DATA RETENTION

 

6.1. We will only retain personal data for as long as reasonably necessary, at least for a 5 (five) years period, to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory (including AML/CTF/CPF), tax, accounting or reporting requirements. 

6.2. We may retain personal data for a longer period in the event we are required to do so by applicable legal acts, in case of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with the customer.

 

7. THE COOKIES

 

7.1. We use cookies to collect information and to improve our services. 

7.2. Customer has the option to either accept or refuse cookies. If the customer chooses to refuse our cookies, some of our services may not be available.

7.3. We use the following cookies:

• Strictly necessary or Functional: these cookies are necessary for the website and mobile APP to function and cannot be switched off in our systems. They are usually only set in response to actions made by the customer which amount to a request for services, such as setting privacy preferences, logging in or filling in forms. The customer can set the browser to block or alert the customer about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
• Analytics or Performance: these cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website and mobile APP. They help us to know which pages are the most and least popular and see how visitors move around the site and mobile APP,
• Targeting: these cookies may be set through our website and mobile APP by our advertising partners. They may be used by those companies to build a profile of customer’s interests and show relevant adverts on other websites. They do not store directly personal information, but are based on uniquely identifying the customer's browser and internet device. If the customer does not allow these cookies, the customer will experience less targeted advertising,
• Managing: customer can manage preferences relating to the use of cookies on our website and mobile APP. Most browsers allow to refuse or to accept cookies, and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. Blocking all cookies will have a negative impact upon the usability of many websites. Also, by blocking cookies, you will not be able to use all features on our website and mobile APP.

7.4. When the customer enters our websites for the first time, we provide opportunity to accept or decline the usage of cookies. The customer is able to granularly accept cookies, meaning that customer will have a choice on what type of cookies customer will allow. The customer can also delete and block cookies at any time from our website through his/her browser. However, note that some features on this website will not function without cookies.

7.5. Our website may contain links to other websites. If the customer clicks on a third-party link, the customer will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise reviewing a privacy policy applicable to those websites. We have no control over and take no responsibility for the content, privacy policies, cookies or practices of any third-party sites or services.

 

8. COMPLAINTS

 

8.1. The customer is entitled to lodge a complaint with the Office for Personal Data Protection of the Czech Republic (UOOU), pplk. Sochora 727/27, 170 00 Prague 7 – Holešovice, tel.: +420 234 665 111, https://uoou.gov.cz, email: [email protected], if the customer may reasonably believe that his/her rights may have been infringed. 

8.2. We would, however, appreciate the chance to deal with customer’s concerns before the customer approaches the UOOU and find a solution at customer’s satisfaction. So please contact us in the first instance.

 

9. CHANGES TO THE PRIVACY POLICY

 

9.1. This Privacy Policy will regularly be updated to reflect any changes in the way we handle your personal data or any changes in applicable laws.

9.2 .We will notify the customer in a timely manner on any changes to this Privacy Policy. If the customer does not agree to the amendments made, the customer shall stop using our services and shall terminate business relationships established with us in a time and manner set in our Terms of Services.

9.3. If the customer continues to use our services irrespective of the amendments made by us to this Privacy Policy, it should be treated as the customer's consent to the amendments made and updated version of this Policy.

9.4. We retain the right to notify the customer on any amendments made to this Privacy Policy by emailing the customer or by posting amendments on our website. Please follow any new releases and information posted on our website.