PRIVACY POLICY
for AMLBot Website (AML Check)
1. INTRODUCTION
- The Company is committed to being a responsible custodian of the information you provide to
us and the information we collect in the course of operating our business. This Privacy
Policy describes how the Company may collect and process information received by us in
association with the operation of the AMLBot Website (AML Check) and the
provision of Services outlined in the Terms of Use. This Policy
is addressed to the Company’s clients as well as to those individuals who will provide their
personal data for processing (hereinafter – Data Subjects).
- Your Personal Data is processed in accordance with the General
Data Protection Regulation (Regulation EU 2016/679, further - “the GDPR”), the
Data
Protection Act 2018 and other relevant legislation with respect to the
accepted principles of good information handling (collectively referred to as the “Data
Protection Legislation”).
- This Privacy Policy shall be governed by the laws of Hong Kong.
- For all intents and purposes, the English language version of this Privacy Policy will be
the original, governing instrument. In the event of any conflict between the English
language version of this Privacy Policy and any subsequent translation into any other
language, the English language version will govern and control.
2. DEFINITIONS
- “Company”, “We” means: a) SAFELEMENT LIMITED, a
company registered in Hong Kong with registration number 3148041, having its
registered office at Unit H 3/F Shek Kok road 8, Tseung Kwan O, N.T Hong Kong in
case you are the resident of any country excluding European
Union; b) Safe3, UAB having its registered office at Taikos pr. 111-74,
LT-94230 Klaipėda in case you are resident of European
Union, which both operate AMLBot website available at
AML Check (referred to as “we” and “us” hereinafter);
- “Website” means the AMLBot website operated by the Company and
available at AML Check ;
- “Privacy Policy” means the latest version of the Company’s Privacy
Policy which describes our policies and procedures pertaining to the collection,
use, and disclosure of your Personal Data;
- “Personal Data” means any information relating to the User, which
identifies or may identify the User;
- “User” means an individual or a legal entity that has read and
agreed to the Terms of Use and the Privacy Policy and uses the services of AMLBot
provided by the Company through the Website (referred to as “you” or “yours”
hereinafter);
- “Services” means the services of AMLBot provided by the Company and
available to Users via the Website as set out in detail in the Terms of Use.
3. Scope of the Policy
The purpose of this policy is to ensure that the Safelement’s staff shall comply with the
provisions of Hong Kong law and the EU GDPR when processing personal data. Any serious
infringement will be treated seriously and may be considered under disciplinary procedures. The
company adheres to the principles of data protection as laid down by the EU GDPR. In accordance
with those principles personal data shall be:
- Processed fairly and lawfully and in a transparent manner in relation to the data subject;
- Processed for specified, explicit and legitimate purposes only and not further processed in
a manner that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which
they are processed;
- Accurate and up to date;
- Kept in a form which permits identification of data subjects for no longer than is necessary
for the purposes for which the personal data are processed;
- Not kept longer than necessary;
- Processed in a manner that ensures appropriate security of the personal data;
- Not transferred outside the countries of the European Economic Area or the EU without
adequate protection.
Responsibilities
(a) SAFELEMENT responsibilities. Safelement is responsible for establishing policies and
procedures in order to comply with the EU GDPR.
(b) Data Protection Officer’s responsibilities. Data Protection Officer holds responsibility
for:
- drawing up guidance and promoting compliance with this policy in such a way as to ensure the
easy, appropriate and timely retrieval of information;
- the appropriate compliance with subject access rights and ensuring that data is processed in
accordance with the Data Protection Act 2018 and the EU GDPR;
- ensuring that any data protection breaches are resolved, catalogued and reported
appropriately in a swift manner;
- investigating and responding to complaints regarding data protection including requests to
cease processing personal data.
(c) Staff responsibilities. Staff members who process personal data must comply with the
requirements of this policy. Staff members must ensure that:
- all personal data is kept securely;
- no personal data is disclosed either verbally or in writing, accidentally or otherwise, to
any unauthorised third party;
- any queries regarding data protection, including subject access requests and complaints, are
promptly directed to the Data Protection Officer;
- any data protection breaches are swiftly brought to the attention of the Governance Team and
that they support the Data Protection Officer in resolving breaches;
- where there is uncertainty around a Data Protection matter advice is sought from the Data
Protection Officer.
Software and network security.
The Company holds regular vulnerability scans against our full infrastructure. We also have
external, independent, penetration tests conducted on a periodic basis.
- Our dashboard supports several regimes of secrecy, so that our clients could monitor the
status of processing without learning any personal data of the their customers.
- Code changes are always peer reviewed and static source code reviews are performed
systematically and at a high frequency.
- All engineering and development operations staff are regularly trained on system,
application and network security.
- Our IT and container infrastructure is continuously monitored and audited for change.
- Critical systems and information are protected with strong authentication mechanisms.
- All networks connections are protected by firewalls and are monitored by cyber security
solutions to detect intrusions and suspicious activity.
- Machine learning is used to discover malicious behaviour of network endpoints and
applications.
- All our computers, laptops and servers utilise full disk/volume encryption and are installed
with antivirus/malware protection which is automatically updated to the latest version and
signatures available.
4. INFORMATION WE COLLECT
- When you engage with us, we collect and process your Personal Data, which includes
as follows:
- Personal identification information, including: name, e-mail address, phone
number, country, full address, date of birth, registered address, banking
details;
- Data collected in connection with “Know Your Customer” (KYC) compliance,
“Anti-Money Laundering” (AML) compliance and “Counter-Terrorist Financing” (CTF)
compliance;
- Device and website usage data, including: IP addresses; language preferences and
other device identifiers; information relating to your access to the Platforms,
such as device characteristics, date and time.
- The Company subjects the personal data to automated reading, verification
of the authenticity and other automated processing of photos and scanned copies
of documents and with further check against the data in multiple databases,
including inter alia International politically exposed persons (PEPs) and
Sanctions, Country Specific Sanctions Lists, Criminal Lists and Financial Lists.
Once the personal data is not any more necessary for the purposes of applicable
compliance rules, the Company shall erase the data completely off its servers
without leaving any backup copies or, based on the same condition, transfer the
data to the relevant Controller.
5. HOW WE COLLECT YOUR DATA
- We collect Personal Data directly from you when you use our Website or services,
communicate with us, or interact directly with us. For example, when you complete
the contact form on our Website, Application or when you contact us via email.
- We use industry standards for automatically collecting certain information about
visitors to our Website. We collect information about you, or information collected
by cookies and similar technologies, when you use, access, or interact with our
Website. We shall ensure that processing is proportionate and that we have carried
out a legitimate interest impact assessment. To the extent that the use of cookies
or similar technologies requires your consent, we may also process your Personal
Data based on your consent.
- We also may collect information about you from third-party sources, including but
not limited to, the following channels:
- marketing partners and resellers;
- advertising partners and analytics providers;
- public databases, credit bureaus and ID verification partners;
- social networks (for example, Twitter).
- We protect the Personal Data obtained from third parties according to the practices
described in this Privacy Policy and we also apply additional restrictions imposed
by the source of data.
6. DATA SUBJECT’S RIGHTS
Each Data Subject providing his/her personal data to the Company has the following rights that
the Company fully respects:
- Right to obtain confirmation as to whether or not his or her personal data are being
processed (Article 15 EU GDPR);
- Right to obtain rectification of inaccurate personal data without undue delay (Article 16 EU
GDPR);
- Right to erase personal data or “right to be forgotten” (Article 17 EU GDPR);
- Right to restrict data processing, in particular when the accuracy of the data is contested
(Article 18 EU GDPR);
- Right to receive communications as to rectification or erasure of personal data or
restriction on processing (Article 19 EU GDPR);
- Right to receive personal data in the form that is machine-¬readable and ready for
transmission to another controller (Article 20 EU GDPR);
- Right to object data processing (Article 21 EU GDPR);
- Right not to be subject to a decision based solely on automated processing (Article 22 EU
GDPR).
7. THE PURPOSES OF COLLECTING YOUR PERSONAL DATA
- The Company collects your Personal Data for the following purposes:
- to enable you to use our Website and the Services provided through them, to
create an account or profile, to process information you provide via our Website (including
verifying that your email address is active and valid) in accordance
with Article 6(1)(a) GDPR;
- to detect and prevent potentially prohibited or illegal activity relating to the
Company’s services in accordance with Article 6(1)(b),(c) and (f)
GDPR;
- to tailor content, recommendations, and advertisements that we and third parties
display to you, both on the Platforms and elsewhere online in
accordance with Article 6(1)(a) GDPR;
- to contact you in response to your inquiries, comments and suggestions in
accordance with Article 6(1)(b) GDPR;
- with your consent, to provide you with information, products, or services that
we otherwise believe will interest you, including special opportunities from us
and our third-party partners in accordance with Article 6(1)(a)
GDPR;
- to contact you with administrative communications and, in our discretion,
changes to our Privacy Policy, Terms of Use, or any of our other policies in
accordance with Article 6(1)(c) GDPR;
- for internal business purposes, such as to improve our Website or
Application in accordance with Article 6(1)(b) GDPR;
- to issue invoices and collect fees in accordance with Article
6(1)(f),(b) GDPR;
- to comply with our policies and obligations, including, but not limited to,
disclosures and responses in response to any requests from law enforcement
authorities and/or regulators in accordance with any applicable law, rule,
regulation, judicial or governmental order in accordance with Article
6(1)(c),(b) GDPR.
- Your Personal Data, whether public or private, will not be sold, exchanged,
transferred, or given to any other company for any reason whatsoever, without your
consent, other than for the purpose of delivering the requested services and
improving our services.
8. PROVIDING YOUR PERSONAL DATA TO THE THIRD PARTIES
- As a general principle, we collect and process Personal Data in order to facilitate
or improve the Company’s services or offers. We do not sell your Personal Data or
share it with third parties, except to the extent stated in this Privacy Policy.
- For behaviour statistics and business intelligence we use the services of Google LLC
(“Google Analytics”), a company located in the United States. Your Personal Data
that we may provide to Google Analytics may include your IP address, and that data
is used by Google Analytics to generate information about your usage of our service.
- We may share your Personal Data with the following third parties:
- Third-party vendors providing services on our behalf, including advertising,
analytics, research, customer service, service support, data storage,
validation, security, fraud prevention, and legal services. Such third-party
vendors have access to perform these services but are prohibited from using your
Personal Data for other purposes;
- External services or authorities when such disclosure is necessary for
compliance with a legal obligation to which we are subject, or in order to
protect your vital interests and/or the vital interests of a third-party;
- Other third parties subject to your consent.
- When we disclose your Personal Data to a third party, we take all reasonable steps
to ensure that those third parties are bound by confidentiality and privacy
obligations with respect to the protection of your Personal Data. The disclosure is
conducted in compliance with legal requirements, including entering into data
processing agreements with the relevant third parties, to ensure that Personal Data
is only processed in accordance with our instructions, applicable laws and
regulations and for the purpose specified by us and to ensure adequate security
measures.
9. STORAGE AND DELETION OF PERSONAL DATA
- The Company will retain your Personal Data for as long as we deem it necessary to
enable you to use the Website and to provide Services to you, to comply
with applicable laws (including those regarding document retention), resolve
disputes with any parties and otherwise as necessary to allow us to conduct our
business.
- The legal basis for retaining your Personal Data is the Company’s legitimate
interest under GDPR Article 6(1)(f) to protect our rights in the
light of potential legal disputes during the limitation period under law.
- If we have collected your Personal Data in relation to your inquiry to us, we retain
your Personal Data for up to three (3) years from collection, unless the other
provided by this Privacy Policy.
- Notwithstanding anything to the contrary in this Section, we may retain your
Personal Data where such retention is necessary for compliance with a legal
obligation to which we are subject to, or in order to protect your vital interests
or the vital interests of another natural person in accordance with GDPR
Article 6(1)(c).
- When the Company no longer needs to keep your Personal Data, it will securely delete
or destroy it.
10. PROTECTION OF PERSONAL DATA
- Your Personal data integrity is of high concern to us. We follow the standard
practices within the industry to protect the Personal Data that we collect and
maintain, including using Transport Layer Security (TLS) to encrypt information as
it travels over the internet. We have therefore implemented technology and security
policies and procedures intended to reduce the risk of accidental destruction or
loss, or the unauthorized disclosure or access to, such information, reasonably
appropriate to the nature of the data concerned; unfortunately, however, no data
transmission over the Internet can be guaranteed to be 100% secure.
- We implemented a number of additional security measures to ensure that your Personal
Data is not lost, abused, or altered, including, but not limited to:
- Physical measures, which means that materials containing your Personal Data will
be stored in a locked place.
- Electronic measures, which means that computer data containing your Personal
Data will be stored in the computer systems and storage media that are subject
to strict log-in restrictions.
- Management measures, which means that only authorized employees are permitted to
come into contact with your Personal Data and such employees must comply with
our internal confidentiality rules for Personal Data. We have also imposed
strict physical access controls to buildings and files.
- Technical measures.
- If you suspect that your Personal Data has been compromised, please immediately
contact our Customer Support Team at [email protected]
.
11. USER’S RIGHTS
- Users residing in certain countries, including the EU, are afforded certain rights
regarding their personal information:
- the right to access: you have the right to confirmation as to
whether or not we process your Personal Data and, where we do, to access the
Personal Data. Providing that the rights and freedoms of others are not
affected, we will supply to you a copy of your Personal Data. The first copy
will be provided free of charge, but additional copies may be subject to a
reasonable fee;
- the right to object to processing: you have the right to object
to us processing your Personal Data, citing personal reasons; however,
understand that we may still process your Personal Data if we have lawful
grounds to do so, but only if our interests in processing your Personal Data are
not overridden by your rights, interests, or freedoms;
- the right to rectification: you have the right to have any
inaccurate Personal Data about you rectified and, taking into account the
purposes of the processing, to have any incomplete Personal Data about you
completed;
- the right to data portability: you have the right to obtain and
reuse your Personal Data for your own purposes across different services. It
allows you to move, copy or transfer Personal Data easily from one IT
environment to another in a safe and secure way, without hindrance to usability;
- the right to erasure: you have the right to request that the
Company erase your Personal Data under certain conditions;
- the right to restrict processing: you have the right to request
that the Company restrict the processing of your Personal Data under certain
conditions;
- the right to withdraw consent: to the extent that the legal
basis for our processing of your Personal Data is consent, you have the right to
withdraw that consent at any time. However, withdrawal will not affect the
lawfulness of processing of your Personal Data before the withdrawal.
- You may exercise any of your rights in relation to your Personal Data by contacting
our Customer Support. You must note that prior to accessing and making changes to
your Рersonal Data, we will need to verify your identity properly.
- We will aim to respond to your requests regarding your Personal Data within 1 (one)
month of receipt of any such request.
12. INTERNATIONAL TRANSFER OF PERSONAL DATA
- We may need to transfer your Рersonal Data to countries which are located outside
the European Economic Area (“EEA”), for the purpose of providing the Services to
you. You may be located in a country outside of the EEA and therefore we may have no
choice but to transfer your Personal Data outside of the EEA.
- Any transfer of your personal information outside of the EEA will be subject to a
GDPR-compliant guarantee (such a Model Contract Clause approved by the European
Commission) that will safeguard your privacy rights and give you remedies in the
unlikely event of a security breach.
13. COOKIES POLICY
- We use cookies and similar technologies like pixels, tags, and other identifiers in
order to remember your preferences, to understand how our Website is used, and to
customize our marketing offerings.
- A cookie is a small data file containing a string of characters that is sent to your
computer when you visit a website. When you visit the websites again, the cookie
allows that site to recognize your browser. The length of time a cookie will stay on
your computer or mobile device depends on whether it is a “persistent” or “session”
cookie. For further information regarding cookies, visit allaboutcookies.org.
- We use the following types of cookies on our Website:
- Strictly necessary cookies: these are essential for you to
browse our Website and use its features. Without these cookies, some online
services cannot be provided.
- Performance cookies: these collect information about how you
use our Website. This data may be used to help optimize our Website and make it
easier for you to navigate.
- Functional cookies: these allow our Website to remember the
choices you make while browsing the Website and to personalize your experience.
- Third-party cookies: these are placed by websites and/or
parties other than us. These cookies may be used on our Website to improve our
services or to help us provide more relevant advertising. These cookies are
subject to the respective privacy policies for the relevant external services.
- Analytics cookies: these are offered by services like Google
Analytics, to help us understand how long a visitor stays on our Website, what
pages they find most useful, and how they arrived at AML Check .
- Most web browsers allow you to control cookies through their settings preferences.
However, if you limit the ability of our Website to set cookies, you may impair your
overall user experience, as it will no longer be personalized to you.
- In addition to cookies, we sometimes use small graphics images known as pixels (also
known as web beacons, clear GIFs, or pixel tags). We use pixels in our email
communications to you (if you have selected to receive such communications) to help
us to understand whether our email communication has been viewed. We also use
third-party pixels (such as those from Google, YouTube, and other networks) to help
us provide advertising that is relevant to your interests.
14. CHANGES TO THE PRIVACY POLICY
- We may update this Privacy Policy from time to time and we encourage you to
periodically review this page. If we make any material changes in the way we
collect, use, and/or share your Personal Data, we will notify you by posting notice
of the changes in a clear and conspicuous manner on the Wallet Checker Website at
AML Check .
15. CONTACT INFORMATION
- Should you have any questions regarding this Privacy Policy, please do not hesitate to
contact us at [email protected] .