Scope of this Privacy Policy

Credex Multipay UAB is committed to protecting Your privacy.

This Privacy Policy explains how we handle data, including what we collect and how we obtain it, how we use it, when and if we disclose it, and some of your options for managing your data with Credex Multipay UAB with regard to our app.

Who are we and how to contact us?

This Privacy Policy explains how personal data is processed by Credex Multipay UAB.

Credex Multipay UAB is a company incorporated in the Republic of Lithuania having registered office at Eisiskiu Sodu18-oji g.11, LT-02194 Vilnius, Republic of Lithuania.

The words “we”, “our”, “us” refer to Credex Multipay UAB.

You may contact them by emailing our Data Protection Officer email address:

dpo@credexmultipay.com

.

If you have questions, please contact us at

admin@credexmultipay.com

.

What data, for what purposes, for how long, and based on what grounds do we process as Controller?

Purpose of Processing

How we collect the data

Data Subjects: Categories of Data

Storage Period

Legal Basis

Onboarding and service provision

Directly from you

User: Phone number; country of residence; IP address; analytical data.

Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law

We will not be able to provide you with our service if you fail to provide the data

How do we store your personal information?

Your information is securely stored on our servers located in the EU.

We keep your personal information for the time period specified above for each type of data. We will then dispose this information by deleting rows from the database.

In cases specified by the legislation of the EU or other applicable law we may store and handle your personal information after achieving the original purposes of data processing or the end of time period specified above.

According to art. 1.125 Civil Code of the Republic of Lithuania, of July 18, 2000, № VIII-1864 we reserve the right to extend the term of storage your data if we have any reasons to consider that the processing is necessary to initiate or defend against any actions to claim rights or legal proceedings, or related to judicial or security procedures. According to the art. 1.125 Civil Code of the Republic of Lithuania General prescription comprises a period of ten (10) years.

Who do we share your data with?

We use third-party service providers to help us provide the Services and give support.

They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party.

We prohibit our service providers from selling data they receive from us or receive on our behalf.

We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide client support. The information they may receive as part of providing that support cannot be used by them for anything else.

Acting as Controller we share your data with the following processors and categories of processors:

Processors, their Location and the Link to Privacy Policy / Website if applicable

Purpose of Transfer

Safeguards for restricted transfers (outside the LT)

Contractors

Human Resources

We use International Data Transfer Agreements, Standard contractual clauses to ensure that your data is properly protected

MessageBird B.V.

SMS and 2fa services

Adequate country (NL)

Google LLC (the USA)

Push notifications, Mobile analytics (Firebase), Web Analytics Service Provider (Google Analytics)

We conclude a contract that obliges the Processor to implement the provisions, measures, controls and requirements set out in the EU legislation, including provisions related to imposing appropriate measures to protect personal data and provide you with legally recognised and enforceable measures to protect your rights as well as recognised and enforceable legal remedies

Amplitude INC. (the USA)

Web Analytics Service Provider (Amplitude)

We conclude a contract that obliges the Processor to implement the provisions, measures, controls and requirements set out in the EU legislation, including provisions related to imposing appropriate measures to protect personal data and provide you with legally recognised and enforceable measures to protect your rights as well as recognised and enforceable legal remedies

Automated decisions

We do not make any automated decisions about you that would result in legal or other similarly significant effects on you.

Your rights

You have the following rights under the GDPR concerning personal data: the right to information, right to access, right to rectification, right to withdraw consent, right to object against processing for specific purposes (such as direct marketing), right to object to automated processing, right to be forgotten and right for data portability (copy of personal data in a commonly used machine–readable format).

You may also exercise the mentioned rights by contacting us via email at

dpo@credexmultipay.com

.

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or where an alleged infringement of the GDPR has taken place.

Changes to this Policy

We regularly update this Policy in case there are significant changes in the way we process your personal data.

You will receive a notification prior to such significant changes become effective by email if you provided us with your email address, by our mobile app or by pop-up notice on our website.

Scope of this Privacy Policy

Credex Multipay UAB is committed to protecting Your privacy.

This Privacy Policy explains how we handle data, including what we collect and how we obtain it, how we use it, when and if we disclose it, and some of your options for managing your data with Credex Multipay UAB with regard to our app.

Who are we and how to contact us?

This Privacy Policy explains how personal data is processed by Credex Multipay UAB.

Credex Multipay UAB is a company incorporated in the Republic of Lithuania having registered office at Eisiskiu Sodu18-oji g.11, LT-02194 Vilnius, Republic of Lithuania.

The words “we”, “our”, “us” refer to Credex Multipay UAB.

You may contact them by emailing our Data Protection Officer email address:

dpo@credexmultipay.com

.

If you have questions, please contact us at

admin@credexmultipay.com

.

What data, for what purposes, for how long, and based on what grounds do we process as Controller?

Purpose of Processing

How we collect the data

Data Subjects:

Categories of Data

Storage Period

Legal Basis

Onboarding

Directly from you

User:

ID photo; selfie; proof of address; video; country; tax number; taxpayer residence; occupation; type of future transactions; monthly turnover of incoming payments (in EUR equivalent); monthly turnover of outgoing payments (in EUR equivalent); number of outgoing payments per month.

Five (5) years after onboarding

Compliance with a legal obligation

Service provision

Directly from you

User:

Email; profile ID; photo; username; currency; network; user's wallet address; buyer's or seller's wallet address; transaction amount; risk score; number of confirmations; network fee; service fee.

Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law

Processing is necessary for the performance of a contract to which you are a party.

We will not be able to provide you with our service if you fail to provide the data

In-service communication, such as communication with the support team

Directly from you

Automatically through your use of our service

Our users:

Data about your account and data from the message to the support; email.

Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law

Our legitimate interests to improve the quality of our Service

AML/KYC compliance: transaction information storage

Directly from you

Automatically through your use of our service

User:

Information about transaction, including sum of transaction, time, corresponding account.

Five (5) years after the transaction

Compliance with a legal obligation

AML/KYC compliance: Suspicious Activity Report (SAR)

Directly from you

Automatically through your use of our service

User:

Information about transaction, including sum of transaction, time, corresponding account.

Five (5) years after the event

Compliance with a legal obligation

AML/KYC compliance: business correspondence with user

Directly from you

User:

Content of the correspondence.

Five (5) years after receiving (sending) the correspondence

Compliance with a legal obligation

How do we store your personal information?

Your information is securely stored on our services located in the EU.

We keep your personal information for the time period specified above for each type of data. We will then dispose this information by deleting rows from the database.

In cases specified by the legislation of the EU or other applicable law we may store and handle your personal information after achieving the original purposes of data processing or the end of time period specified above.

According to art. 1.125 Civil Code of the Republic of Lithuania, of July 18, 2000, № VIII-1864 we reserve the right to extend the term of storage your data if we have any reasons to consider that the processing is necessary to initiate or defend against any actions to claim rights or legal proceedings, or related to judicial or security procedures. According to the art. 1.125 Civil Code of the Republic of Lithuania General prescription comprises a period of ten (10) years.

Who do we share your data with?

We use third-party service providers to help us provide the Services and give support.

They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party.

We prohibit our service providers from selling data they receive from us or receive on our behalf.

We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide client support. The information they may receive as part of providing that support cannot be used by them for anything else.

Acting as Controller we share your data with the following processors and categories of processors:

Processors, their Location and the Link to Privacy Policy / Website if applicable

Purpose of Transfer

Safeguards for restricted transfers (outside the LT)

Contractors

Human Resources

We use International Data Transfer Agreements, Standard contractual clauses to ensure that your data is properly protected

Sum and Substance LTD, UK

Remote identity verification, fraud prevention, enforcement of AML/CFT laws and regulations, internal risk management and due diligence procedures

Adequate country (UK)

MessageBird B.V.

SMS and 2fa services

Adequate country (NL)

Google LLC (the USA)

Google play, push notifications, Mobile analytics, Web Analytics Service Provider (Google Analytics)

We conclude a contract that obliges the Processor to implement the provisions, measures, controls and requirements set out in the EU legislation, including provisions related to imposing appropriate measures to protect personal data and provide you with legally recognised and enforceable measures to protect your rights as well as recognised and enforceable legal remedies

APPLE INC. (the USA)

App Store Connect

We conclude a contract that obliges the Processor to implement the provisions, measures, controls and requirements set out in the EU legislation, including provisions related to imposing appropriate measures to protect personal data and provide you with legally recognised and enforceable measures to protect your rights as well as recognised and enforceable legal remedies

Amplitude INC. (the USA)

Web Analytics Service Provider (Amplitude)

We conclude a contract that obliges the Processor to implement the provisions, measures, controls and requirements set out in the EU legislation, including provisions related to imposing appropriate measures to protect personal data and provide you with legally recognised and enforceable measures to protect your rights as well as recognised and enforceable legal remedies

Automated decisions

We do not make any automated decisions about you that would result in legal or other similarly significant effects on you.

Your rights

You have the following rights under the GDPR concerning personal data: the right to information, right to access, right to rectification, right to withdraw consent, right to object against processing for specific purposes (such as direct marketing), right to object to automated processing, right to be forgotten and right for data portability (copy of personal data in a commonly used machine–readable format).

You may also exercise the mentioned rights by contacting us via email at

dpo@credexmultipay.com

.

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or where an alleged infringement of the GDPR has taken place.

Changes to this Policy

We regularly update this Policy in case there are significant changes in the way we process your personal data.

You will receive a notification prior to such significant changes become effective by email if you provided us with your email address, by our mobile app or by pop-up notice on our website.

Scope of this Privacy Policy

Credex Multipay UAB is committed to protecting Your privacy.

This Privacy Policy explains how we handle data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) (hereafter, GDPR),the Republic of Lithuania Law on Legal Protection of Personal Date No I-1374 (hereafter, Personal Data Protection Law) and the Directive on privacy and electronic communications (Directive 2002/58/EC) (hereafter, ePrivacy Directive), including what we collect and how we obtain it, how we use it, when and in what case we disclose it, and some of your options for managing your data with Credex Multipay UAB with regard to:

● our services;

● our websites.

Who are we and how to contact us?

Credex Multipay UAB is incorporated in the Republic of Lithuania, having registered office at Eišiškių Sodų 18-oji g. 11, LT-02194, Vilnius.

The words “we”, “our”, “us” refer to Credex Multipay UAB.

You may contact them by emailing our Data Protection Officer email address:

dpo@credexmultipay.com

.

If you have questions, please contact us at

admin@credexmultipay.com

.

What data, for what purposes, for how long, and based on what grounds do we process as Controller?

Purpose of Processing

How we collect the data

Data Subjects:

Categories of Data

Storage Period

Legal Basis

Registration

Directly from you

Our merchants:

Contact information provided by you within the Service, such as email address and mobile number.

Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law

Processing is necessary to perform a contract to which the Data Subject is a party or to take, at the request of the Data Subject, procedures for concluding, amending or terminating a contract

(art. (2) (1) 5 Personal Data Protection Law)

We will not be able to provide you with our service if you fail to provide the data

Onboarding

Directly from you

Our merchants:

Email; merchant's bank account details; merchant's wallet address.

Authorised persons:

name, surname; date of birth; place of birth; ID; mobile number; address of residency; address of citizenship;

PEP status; base for authorisation; email.

Beneficiary:

name, surname; date of birth; place of birth; ID; address; address of residency; address of citizenship;

PEP status; share in company; source of wealth; source of fund; experience.

5 years after the end of business relationship

The Processing is necessary to fulfil obligations imposed on us by the legislation of Lithuania

(art. (3) (1) 5 Personal Data Protection Law)

Service provision

Directly from you

Our merchants:

Email; wallet address; merchant's bank account details; transaction amount; currency; network; order ID; invoice ID.

Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law

Processing is necessary to perform a contract to which the Data Subject is a party or to take, at the request of the Data Subject, procedures for concluding, amending or terminating a contract

(art. (2) (1) 5 Personal Data Protection Law)

We will not be able to provide you with our service if you fail to provide the data

In-service communication, such as communication with the support team

Directly from you

Automatically through your use of our service

Our users:

Data about your account and data from the message to the support; email.

Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law

Processing is necessary to perform a contract to which the Data Subject is a party or to take, at the request of the Data Subject, procedures for concluding, amending or terminating a contract

(art. (4) (1) 5 Personal Data Protection Law)

We will not be able to provide you with our service if you fail to provide the data

To better understand your preferences, to help you navigate our website, to personalise and provide a more convenient experience to you, to analyse which pages you visit, and to measure advertising and promotional effectiveness

Automatically through your use of our websites

Our website visitors:

IP-address, OS type and version, browser type and version, type of device and its display resolution.

2 years or until you withdraw your consent whichever happened earlier

Your consent to store cookies in your browser

(art. (25) ePrivacy Directive and art. (30) GDPR)

You may withdraw your consent at any time by changing the settings of your web browser as set in our Cookie Policy

How do we store your personal information?

Your information is securely stored on partner cloud servers and located in Lithuania.

We keep your personal information for the time period specified above for each type of data. We will then dispose this information by deleting rows from the database.

In cases specified by the legislation of Lithuania or other applicable law we may store and handle your personal information after achieving the original purposes of data processing or the end of time period specified above.

According to art. 24 GDPR and art. 5 Personal Data Protection Law we reserve the right to extend the term of storage your data if we have any reasons to consider that the processing is necessary to initiate or defend against any actions to claim rights or legal proceedings, or related to judicial or security procedures. According to the art. 1.125 of the Civil Code of the Republic of Lithuania from 18 July 2000 No. VIII-1864 the limitation period for civil claims for rights arising from contractual relationship is ten (10) years.

Who do we share your data with?

We use third-party service providers to help us provide the Services and give support.

They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party.

We prohibit our service providers from selling data they receive from us or receive on our behalf.

We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide client support. The information they may receive as part of providing that support cannot be used by them for anything else.

We contractually oblige our service providers to provide sufficient guarantees to apply technical and organisational measures in a manner that ensures that the processing meets the requirements, rules and controls stipulated in GDPR and Personal Data Protection Law, and other applicable legislation, statutory instruments, administrative acts and guidelines.

Acting as Controller we share your data with the following processors and categories of processors:

Processors, their Location and the Link to Privacy Policy / Website if applicable

Purpose of Transfer

Safeguards for restricted transfers (outside the EEA and ‘adequate’ jurisdictions)

Microsoft Ireland Operations Limited

Hosting Service Provider

Adequate country

Contractors

Human resources

We use Data processing agreements to ensure that your data is properly protected

Sum and Substance LTD, UK

Remote identity verification, fraud prevention, enforcement of AML/CFT laws and regulations, internal risk management and due diligence procedures

Adequate country

Amplitude Inc (the USA)

Web Analytics Service Provider (Amplitude)

We conclude a contract that obliges the Processor to implement the provisions, measures, controls and requirements set out in UAE Law N 45 / 2021, including provisions related to imposing appropriate measures to protect personal data and provide you with legally recognised and enforceable measures to protect your rights as well as recognised and enforceable legal remedies

AML/KYC compliance: transaction information storage

Directly from you

Automatically through your use of our service

User:

Information about transaction, including sum of transaction, currency, time, corresponding account

AML/KYC compliance: Suspicious Activity Report (SAR)

Directly from you

Automatically through your use of our service

User:

Information about transaction, including sum of transaction, currency, time, corresponding account

AML/KYC compliance: business correspondence with user

Directly from you

User:

Content of the correspondence

Automated decisions

We do not make any automated decisions about you that would result in legal or other similarly significant effects on you.

Cookies

Please read our

Cookie Policy

for information about cookies.

Your rights

You have the following rights under the GDPR and the Personal Data Protection Law concerning personal data: the right to obtain information (art. (c) (1) 13 GDPR and art. (1) (1) 23 Personal Data Protection Law), right to request personal data transfer (art. (2) (1) 23 Personal Data Protection Law), right to correction or erasure personal data and right to restrict processing and right to stop processing (art. (3) (1) 23 Personal Data Protection Law), right to object against the processing (art. (4) (1) 23 Personal Data Protection Law).

You may also exercise the mentioned rights by contacting us via email at

admin@credexmultipay.com

.

You also have the right to lodge a complaint with the State Data Protection Inspectorate (SDPI) if you have reasons to believe that your personal data has been processed unlawfully or any of your rights as a data subject violated. The procedures and rules regarding to complaints are to be established by the State Data Protection Inspectorate (SDPI).

Changes to this Policy

We regularly update this Policy in case there are significant changes in the way we process your personal data.

You will receive a notification prior to such significant changes become effective by email if you provided us with your email address, by our mobile app or by pop-up notice on our website.

Scope of this Privacy Policy

HAWEX GROUP LTD is committed to protecting your privacy.

This Privacy Policy explains how we handle data, including what we collect and how we obtain it, how we use it, when and if we disclose it, and some of your options for managing your data with HAWEX GROUP LTD with regard to:

● our services;

● our websites.

Who are we and how to contact us?

This Privacy Policy explains how personal data is processed by HAWEX GROUP LTD.

HAWEX GROUP LTD is a company incorporated in the United Kingdom and having its registered office at 23047 Suite, 8 Shepherd Market, Mayfair, London, W1J 7JY, United Kingdom.

The words “we”, “our”, “us” refer to HAWEX GROUP LTD.

You may contact them by emailing our Data Protection Officer email address:

dpo@hawex.com

.

If you have questions, please contact us at

info@hawex.com

.

What data, for what purposes, how long, and based on what grounds do we process as a Controller?

Purpose of Processing

How we collect the data?

Data Subjects:

Categories of Data

Storage Period

Legal Basis

Application

Directly from you

Our website visitors:

Contact information provided by you before you start using the Service, such name; mobile number; email address; telegram nickname.

Within the terms specified by law

We will not be able to provide you with our service if you fail to provide the data

Onboarding

Directly from you

Our Customers:

Email.

Authorized persons:

name, surname; date of birth; place of birth; ID; mobile number; address of residency; address of citizenship; PEP status; base for authorization; email.

Beneficiary:

name, surname; date of birth; place of birth; ID; address of residency; address of citizenship; PEP status; share in company; source of wealth; source of fund; experience.

5 years after the termination of a contract

Compliance with a legal obligation

Service provision

Directly from you

Customer:

Email.

Customer’s assistants:

Email; mobile number; name.

Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law

Processing is necessary for the performance of a contract to which you are a party.

We will not be able to provide you with our service if you fail to provide the data

In-service communication, such as communication with the support team

Directly from you

Automatically through your use of our service

Our users:

Data about your account and data from the message to support; email.

Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law

Our legitimate interests to improve the quality of our Service

To better understand your preferences, to help you navigate our website, to personalize and provide a more convenient experience to you, to analyze which pages you visit, and to measure advertising and promotional effectiveness

Automatically through your use of our websites

Our website visitors:

IP-address, OS type and version, browser type and version, type of device and its display resolution.

2 years or until you withdraw your consent whichever happened earlier

Your consent to store cookies in your browser

You may withdraw your consent at any time by changing the settings of your web browser as set in our

Cookie Policy

How do we store your personal information?

Your information is securely stored on our services located in United Kingdom.

We keep your personal information for the time period specified above for each type of data. We will then dispose this information by deleting rows from the database.

In cases specified by the legislation of UK or other applicable law we may store and handle your personal information after achieving the original purposes of data processing or the end of time period specified above.

According to art. 5 Limitation Act 1980 we reserve the right to extend the term of storage your data if we have any reasons to consider that the processing is necessary to initiate or defend against any actions to claim rights or legal proceedings, or related to judicial or security procedures. According to the art. 5 Limitation Act 1980 an action founded on simple contract shall not be brought after the expiration of six (6) years from the date on which the cause of action accrued.

Who do we share your data with?

We use third-party service providers to help us provide the Services and give support.

They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party.

We prohibit our service providers from selling data they receive from us or receive on our behalf.

We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide client support. The information they may receive as part of providing that support cannot be used by them for anything else.

Acting as a Controller we share your data with the following processors:

Processors, their Location and the Link to Privacy Policy / Website if applicable

Purpose of Transfer

Safeguards for restricted transfers (outside the EEA and ‘adequate’ jurisdictions)

Microsoft Ireland Operations Limited

Hosting Service Provider

Adequate country

Contractors

Human Resources

We use International Data Transfer Agreements, Standard contractual clauses to ensure that your data is properly protected

amoCRM JSC

CRM Provider

We use International Data Transfer Agreement to ensure that your data is properly protected

Sum and Substance LTD

Remote identity verification, fraud prevention, enforcement of AML/CFT laws and regulations, internal risk management and due diligence procedures

UK

Decta Limited

Internet acquiring provider

UK

Nuvei Limited

Internet acquiring provider

Adequate country

Paycore.io

Limited

Payment gateway provider

UK

Roistat Inc.

Web Analytics Service Provider

We use International Data Transfer Agreement to ensure that your data is properly protected

Meta Platforms Inc.

Web Analytics Service Provider (Facebook Analytics)

We use International Data Transfer Agreement to ensure that your data is properly protected

Yandex Oy

Web Analytics Service Provider (Yandex.Metrika)

Adequate country

Google LLC (the USA)

Web Analytics Service Provider (Google Analytics)

We use International Data Transfer Agreement to ensure that your data is properly protected

Automated decisions

We do not make any automated decisions about you that would result in legal or other similarly significant effects on you.

Cookies

Please read our Cookie Policy for information about cookies.

Your rights

You have the following rights under the UK GDPR concerning personal data: the right to information, right to access, right to rectification, right to withdraw consent, right to object against processing for specific purposes (such as direct marketing), right to object to automated processing, right to be forgotten and right for data portability (copy of personal data in a commonly used machine–readable format).

You may also exercise the mentioned rights by contacting us via email at

dpo@hawex.com

.

If you have any concerns about our use of your personal information, you can make a complaint to us at

dpo@hawex.com

.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website:

https://www.ico.org.uk

Changes to this Policy

We regularly update this Policy in case there are significant changes in the way we process your personal data.

You will receive a notification prior to such significant changes become effective by email if you provided us with your email address, by our mobile app or by pop-up notice on our website.

Scope of this Privacy Policy

HAWEX GROUP LTD is committed to protecting your privacy.

This Privacy Policy explains how we handle data, including what we collect and how we obtain it, how we use it, when and if we disclose it, and some of your options for managing your data with HAWEX GROUP LTD with regard to:

● our services;

● our websites.

Who are we and how to contact us?

This Privacy Policy explains how personal data is processed by HAWEX GROUP LTD.

HAWEX GROUP LTD is a company incorporated in the United Kingdom and having its registered office at 23047 Suite, 8 Shepherd Market, Mayfair, London, W1J 7JY, United Kingdom.

The words “we”, “our”, “us” refer to HAWEX GROUP LTD.

You may contact them by emailing our Data Protection Officer email address:

dpo@hawex.com

.

If you have questions, please contact us at

info@hawex.com

.

What data, for what purposes, how long, and based on what grounds do we process as a Controller?

Purpose of Processing

How we collect the data?

Data Subjects:

Categories of Data

Storage Period

Legal Basis

Application

Directly from you

Our website visitors:

Contact information provided by you before you start using the Service, such name; mobile number; email address; telegram nickname.

Within the terms specified by law

We will not be able to provide you with our service if you fail to provide the data

Onboarding

Directly from you

Our Customers:

Email.

Authorized persons:

name, surname; date of birth; place of birth; ID; mobile number; address of residency; address of citizenship; PEP status; base for authorization; email.

Beneficiary:

name, surname; date of birth; place of birth; ID; address of residency; address of citizenship; PEP status; share in company; source of wealth; source of fund; experience.

5 years after the termination of a contract

Compliance with a legal obligation

Service provision

Directly from you

Customer:

Email.

Customer’s assistants:

Email; mobile number; name.

Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law

Processing is necessary for the performance of a contract to which you are a party.

We will not be able to provide you with our service if you fail to provide the data

In-service communication, such as communication with the support team

Directly from you

Automatically through your use of our service

Our users:

Data about your account and data from the message to support; email.

Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law

Our legitimate interests to improve the quality of our Service

To better understand your preferences, to help you navigate our website, to personalize and provide a more convenient experience to you, to analyze which pages you visit, and to measure advertising and promotional effectiveness

Automatically through your use of our websites

Our website visitors:

IP-address, OS type and version, browser type and version, type of device and its display resolution.

2 years or until you withdraw your consent whichever happened earlier

Your consent to store cookies in your browser

You may withdraw your consent at any time by changing the settings of your web browser as set in our

Cookie Policy

How do we store your personal information?

Your information is securely stored on our services located in United Kingdom.

We keep your personal information for the time period specified above for each type of data. We will then dispose this information by deleting rows from the database.

In cases specified by the legislation of UK or other applicable law we may store and handle your personal information after achieving the original purposes of data processing or the end of time period specified above.

According to art. 5 Limitation Act 1980 we reserve the right to extend the term of storage your data if we have any reasons to consider that the processing is necessary to initiate or defend against any actions to claim rights or legal proceedings, or related to judicial or security procedures. According to the art. 5 Limitation Act 1980 an action founded on simple contract shall not be brought after the expiration of six (6) years from the date on which the cause of action accrued.

Who do we share your data with?

We use third-party service providers to help us provide the Services and give support.

They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party.

We prohibit our service providers from selling data they receive from us or receive on our behalf.

We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide client support. The information they may receive as part of providing that support cannot be used by them for anything else.

Acting as a Controller we share your data with the following processors:

Processors, their Location and the Link to Privacy Policy / Website if applicable

Purpose of Transfer

Safeguards for restricted transfers (outside the EEA and ‘adequate’ jurisdictions)

Microsoft Ireland Operations Limited

Hosting Service Provider

Adequate country

Contractors

Human Resources

We use International Data Transfer Agreements, Standard contractual clauses to ensure that your data is properly protected

amoCRM JSC

CRM Provider

We use International Data Transfer Agreement to ensure that your data is properly protected

Dzing finance LTD

Principal for issuing IBAN and payment cards

UK

Sum and Substance LTD

Remote identity verification, fraud prevention, enforcement of AML/CFT laws and regulations, internal risk management and due diligence procedures

UK

Roistat Inc.

Web Analytics Service Provider

We use International Data Transfer Agreement to ensure that your data is properly protected

Meta Platforms Inc.

Web Analytics Service Provider (Facebook Analytics)

We use International Data Transfer Agreement to ensure that your data is properly protected

Yandex Oy

Web Analytics Service Provider (Yandex.Metrika)

Adequate country

Google LLC (the USA)

Web Analytics Service Provider (Google Analytics)

We use International Data Transfer Agreement to ensure that your data is properly protected

Automated decisions

We do not make any automated decisions about you that would result in legal or other similarly significant effects on you.

Cookies

Please read our Cookie Policy for information about cookies.

Your rights

You have the following rights under the UK GDPR concerning personal data: the right to information, right to access, right to rectification, right to withdraw consent, right to object against processing for specific purposes (such as direct marketing), right to object to automated processing, right to be forgotten and right for data portability (copy of personal data in a commonly used machine–readable format).

You may also exercise the mentioned rights by contacting us via email at

dpo@hawex.com

.

If you have any concerns about our use of your personal information, you can make a complaint to us at

dpo@hawex.com

.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website:

https://www.ico.org.uk

Changes to this Policy

We regularly update this Policy in case there are significant changes in the way we process your personal data.

You will receive a notification prior to such significant changes become effective by email if you provided us with your email address, by our mobile app or by pop-up notice on our website.