Privacy Notice of VPWallet
This Privacy Notice describes the rules according to which Vlka Cryptana s.r.o. processes the personal data of any person using the VPwallet and/or any person using any services offered by Company.
1. GLOSSARY
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Company: Vlka Cryptana s.r.o (further Vlka Cryptana s.r.o or we)
Payment Account: payment account at VPwallet
Payment Account Terms: regulated under General Terms and Conditions available on the https://vpwallet.io/ website
Policy: this Privacy Notice
Person (You): any person using the VPwallet and/or any person using any services offered by Vlka Cryptana s.r.o (incl user)
User: a person or an entity, who uses the Services, agreed to the Terms of Use and is a holder of an Account.
Data controller of personal data: Vlka Cryptana s.r.o., registry code 17664021, address Praha, Praha 9, Kurta Konráda 2517/1, 190 00 Czech Republic (incl data controllers authorized by Vlka Cryptana s.r.o).
Data Protection Officer- The responsible person appointed by the Vlka Cryptana s.r.o
2. THE PRINCIPLES OF PROCESSING PERSONAL DATA
Company principles while processing Person’s/ Vlka Cryptana s.r.o user personal data:
2.1. Company processes personal data only in accordance with this Policy and applicable laws;
2.2. Company collects and processes personal data only for the purposes stipulated in this Policy;
2.3. Company makes sure that the personal data which Company collects and processes is:
2.3.1. adequate, relevant and limited to what is necessary for the purposes stipulated in this Policy;
2.3.2. accurate and up to date and
2.3.3. stored only for such period as is necessary for the purposes stipulated in this Policy.
Company applies appropriate technological and organizational measures to ensure the availability, authenticity, integrity and confidentiality of personal data.
3. THE PERSONAL DATA WE COLLECT
3.1. The personal data, which Company collects and processes includes the following:
3.1.1. Personal Details – Your personal details, including:
- Full name;
- Date of birth;
- Personal identification code;
- Citizenship;
- Residency;
- Residential address;
- e-mail address;
- mobile phone number;
- occupation, photo of person, which is provided to Company for the purpose of identifying the person.
3.1.2. Identification Document Data – Data retrieved from Person’s identification document which Person has forwarded to Company, including the document number, issue date, expiry date and issuing entity, photo of Person’s identification document, which Person has forwarded Company for the purpose of identifying itself.
3.1.3. Due Diligence Data – Data which Company collects for the purpose of conducting customer due diligence under applicable anti-money laundering laws from Person and appropriate databases, including information about:
3.1.3.1. whether Person have been affiliated with money laundering or terrorist financing;
3.1.3.2. whether Person have been prosecuted for a crime;
3.1.3.3. whether Person have been subject to any international financial sanctions;
3.1.3.4. whether Person have (been) held a public office or
3.1.3.5. whether the Person is/ have been a close relative or associate of someone who has held public office.
3.1.4. Transaction Data – Details of any transfers made to and from Person’s Payment Account, including the name and account number of the payer and the payee, the date, time, currency, amount and explanation of the transaction.
3.1.5. Card Data – Person’s Card data, including:
3.1.5.1. Card number of the Person;
3.1.5.2. the name printed on Person’s Card;
3.1.5.3. the expiry date of Person’s Card;
3.1.6. Device Data – Information regarding the device on which Person is using the VPwallet, including the device’s model, name or any other identifier and the IP address of the network from which Person is using the VPwallet.
3.1.7. Preference Data – Person’s preferences in the VPwallet (language preferences, transaction limits, etc).
3.1.8. Contact Data – The contacts list on Person’s device.
3.1.9. Customer Support Data – Communication between Person and Company’s customer support (e-mails and calls).
3.1.10. Usage Data – Data about Person interaction with the VPwallet (e.g. information
about which features of the VPwallet does Person use, which features do not use,
etc).
4. GROUNDS FOR COLLECTING AND PROCESSING PERSONAL DATA
4.1.Company collects and processes personal data for the following purposes:
4.1.1. Compliance purposes (GDPR art 6 ( 1 ) ( a )) – to perform an obligation under applicable laws, including the obligation to:
- avoid money laundering, terrorist financing and fraud;
- ensure the fulfillment of international financial sanctions;
- ensure the security of Company’s payment services;
- comply with the lawful inquiries and orders of:
- public authorities, including foreign public authorities with whom Company is obliged to cooperate under applicable laws;
- other financial institutions with whom the Company is obliged to cooperate under applicable laws.
4.1.2. Contractual purposes (GDPR art 6 ( 1 ) ( b )) – to perform or enter into a contract between Person and Company.
4.1.3. Fraud monitoring purposes (GDPR art 6 ( 1 ) ( f )) – to monitor and decrease payment fraud.
4.1.4. Analytical purposes (GDPR art 6 ( 1 ) ( f )) – to gain a better understanding of the preferences of Company’s customers and how customers interact with the VPwallet.
Note that upon processing personal data for Analytical Purposes, the data is part of a large mass of data. Company does not analyze Person’s individual preferences or Person’s individual interaction with VPwallet.
4.1.5. Marketing Purposes (GDPR art 6 ( 1 ) ( a )) – to send marketing e-mails of Company’s products and services.
4.2.Company does not process personal data for profiling or other automated decision making.
5. PURPOSE OF USING PERSONAL DATA
5.1.Company processes the following data for the following purposes:
6. PERSON’s CONSENT ON OPERATIONS FOR DATA PROCESSING
6.1.Company needs Person’s consent for processing personal data for the following purposes:
6.1.1. Marketing purposes;
6.1.2. Additional Features.
6.2.Company does not process personal data for the purposes stipulated in Section 6.1 unless Person has granted Company Person’s prior consent.
6.3.If Company would want to process personal data for any new purpose, which requires Person’s consent, then Company will not process personal data for such new purpose, before Company has received Person’s consent for such processing.
7. CONSENT ON WITHDRAWAL FOR PROCESSING PERSONAL DATA
7.1.The consent for the processing of personal data can be withdrawn at any time:
7.1.1. Data collected for marketing purposes:
• Send an email to gdpr@vpwallet.io to delete personal data for marketing purposes.
7.2. The withdrawal of Person’s consent does not affect the legality of processing personal data prior to the withdrawal of Person’s consent.
8. LEGISLATIVE RESPONSIBILITY TO DISTRIBUTE THE PERSONAL DATA TO COMPANY
- There is no statutory obligation for Person to provide Company its personal data. However, there are statutory obligations for Company to collect personal data.
- In order for Company to provide Person its services, Company needs to collect and process personal data. In case Company is not able to collect or process personal data, Company will not able to provide Person its services.
9. OTHER SOURCES FOR COLLECTING PERSONAL DATA
Company collects Due Diligence Data from sources other than Person itself. Such sources include:
- databases of people affiliated with money laundering or financing terrorism;
- databases of people, who have been accused of a crime;
- databases of people subject to international financial sanctions;
- databases of people who have held a public office, etc.
Some of these databases are publicly available and some of them are not. In addition, Company uses other public databases for collecting Due Diligence Data.
10. TERMS FOR STORING AND KEEPING OF PERSONAL DATA
10.1. Company stores personal data for the following periods:
10.1.1. Transaction Data – 7 years after Payment Account is closed. Company is obliged to store this data for such period under accounting and taxation laws.
10.1.2. Personal Details, Identification Document Data, Due Diligence Data, Card Data – 5 years after termination of the business relationship with Company, which, upon the request of the Estonian Financial Intelligence Unit may be extended up to another 5 years. Company is obliged to store this data for such period under Money Laundering and Terrorist Financing Prevention Act.
10.1.3. Device Data, Preference Data, Contact Data – Until the closure of Payment Account (for Payment Account and VPwallet to function).
10.1.4. Customer Support Data, Usage Data – 1 year as of its creation, except for e-mails and chat logs, which are stored at least until the closure of Payment Account.
Company stores this data for such period as within this period the data is still relevant for Analytical Purposes. E-mails and chat logs are necessary for providing customer support until such time when Person is no longer a customer of Company
10.1.5. Other Data – Deleted after closing Payment Account. This data is necessary only for enabling Person the use of the VPwallet and is not necessary after Payment Account is closed.
10.2. After the periods stipulated in this Section 10.1 Company will delete personal data.
10.3. Company stores personal data on servers/cloud located within the European Economic Area.
11. PERSON RIGHTS IN CONNECTION WITH PERSONAL DATA
11.1. In connection with the processing of personal data, person has the following rights:
11.1.1. Right to information – Person has the right to receive the information provided in this Policy. The valid version of this Policy will be available on the https://vpwallet.io/ website at any given time.
11.1.2. Right to access – Person has the right to ask Company to provide Person with a copy of its personal data which Company processes.
11.1.3. Right to Rectification – Person has the right to ask Company to rectify Person’s personal data in case the data is incorrect or incomplete.
11.1.4. Right to erasure – Person has the right to ask Company to erase Person’s personal data, unless Company is obliged to continue processing personal data under law or under a contract between Person and Company, or in case Company has other lawful grounds for the continued processing of Person’s personal data. In accordance with Section 10, Company will, in any case, delete personal data as soon as it no longer has lawful grounds for processing Person’s personal data.
11.1.5. Right to restriction – Person has the right to ask Company to restrict the processing of Person’s personal data in case the data is incorrect or incomplete or in case Person’s personal data is processed unlawfully.
11.1.6. Right to data portability- Person has the right to ask Company to provide Person or, in case it is technically feasible, a third party, personal data, which Person itself has provided Company and which is processed in accordance with Person consent or a contract between Person and Company.
11.1.7. Right to object – Person has the right to object to processing personal data in case Person believe that Company has no lawful grounds for processing Person’s personal data. For any processing conducted in accordance with Person consent, Person can always withdraw its consent by following the instructions set out in Section 7.
11.1.8. Right to file complaints – Person has the right to file complaints regarding Processing personal data as further described in Section 18.
11.2. Person can exercise its rights stipulated in this Section 11 by using the respective functionalities of the VPwallet or sending a respective request to gdpr@vpwallet.io
11.3. Company will make its best efforts to respond to Your application submitted in accordance with this Section 11 within 2 weeks. Under GDPR art 12 ( 3 ) Company must respond to Your application within 1 month. In case it is necessary due to the number and complexity of applications filed with Company, Company may, under GDPR art 12 ( 3 ), also respond to Your application within 3 months.
12. PROCESSING PERSONAL DATA REGARDING CHILD ACCOUNT
12.1. Company does not open Child Account as according to Company Terms and Conditions it can be opened by a person with an active legal capacity of at least 18 years of age.
13. DISTRIBUTION OF PERSONAL DATA
13.1. Upon processing personal data, Company may share elements of Person’s personal data with the following third parties:
13.1.1. public authorities and other financial institutions whom Company is obliged to disclose personal data under law;
13.1.2. server hosts/ cloud service providers who host Company’s servers/ clouds;
13.1.3. payment processors and payment network operators who process Person’s transactions; 13.1.4. identification service providers who help Company verify Person’s identity and acquire Due Diligence Data;
13.1.5. card manufacturers who manufacture Person’s Card;
13.1.6. communication service providers who facilitate e-mails, calls, SMS messages and other communication between Person and Company;
13.1.7. couriers who help Company deliver letters (e.g. letters with Your Card and PIN codes);
13.1.8. partners, with whom the Company has arranged You a gift, a discount or another special offer; 13.1.9. other parties involved with the provision of the Company's services.
13.2. The partners listed in Section 13.1 above may be located within and outside of the European Economic Area but Company makes sure that the servers on which personal data is stored are, in any case, located within the European Economic Area.
14. SHARING PERSONAL DATA WITH THIRD PARTIES AND SAFEGUARDING MEASURES APPLIED 14.1. Upon sharing personal data with third parties, Company will apply the following safeguards (except as specified in Section 14.2):
14.1.1. Company enters into a data processing agreement with the relevant third party;
14.1.2. Company makes sure that such third party undertakes to implement appropriate technical and organizational measures ensuring the processing of personal data in accordance with this Policy and applicable laws;
14.1.3. Company makes sure that personal data will not be forwarded to any countries which the Commission of the European Union has not recognized as ensuring an adequate level of data protection.
14.2. Company cannot apply the safeguards stipulated in Section 14.1 above upon sharing personal data with public authorities and other financial institutions whom Company is obliged to disclose personal data under law.
15. AMENDMENT OF THE PRIVACY POLICY
Company may unilaterally amend this Policy from time to time. Upon amending this Policy, Company will notify person about the new Policy by e-mail and/or via the VPwallet. In case the new Policy refers to processing personal data for any new purpose, which requires Person’s consent, then Company will not process personal data for such new purpose, before it has Your consent for processing Your personal data for such new purpose.
16. INQUIRIES, REQUESTS AND COMPLAINTS
16.1. In case You have inquiries, requests or complaints regarding the processing of Your personal data, You may forward it to: gdpr@vpwallet.io
which are processed by the Data Protection Officer of Company
16.2. In case You have complaints regarding the processing of Your personal data, You may file them with the Data Protection Authority of the state in which You have permanent residence.