Privacy policy
- Scope of this Privacy Policy
- Who are we and how to contact us?
- What data, for what purposes, for how long, and based on what grounds do we process as Controller?
- How do we store your personal information?
- Who do we share your data with?
- Automated decisions
- Your rights
- Changes to this Policy
Scope of this Privacy Policy
Credex Multipay UAB is committed to protecting Your privacy.
This Privacy Policy explains how we handle data, including what we collect and how we obtain it, how we use it, when and if we disclose it, and some of your options for managing your data with Credex Multipay UAB with regard to our app.
Who are we and how to contact us?
This Privacy Policy explains how personal data is processed by Credex Multipay UAB.
Credex Multipay UAB is a company incorporated in the Republic of Lithuania having registered office at Eisiskiu Sodu18-oji g.11, LT-02194 Vilnius, Republic of Lithuania.
The words “we”, “our”, “us” refer to Credex Multipay UAB.
You may contact them by emailing our Data Protection Officer email address: [email protected].
If you have questions, please contact us at [email protected].
What data, for what purposes, for how long, and based on what grounds do we process as Controller?
Purpose of Processing How we collect the data Data Subjects: Categories of Data Storage Period Legal BasisOnboarding and service provision Directly from you User: Phone number; country of residence; IP address; analytical data. Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law We will not be able to provide you with our service if you fail to provide the data
How do we store your personal information?
Your information is securely stored on our servers located in the EU.
We keep your personal information for the time period specified above for each type of data. We will then dispose this information by deleting rows from the database.
In cases specified by the legislation of the EU or other applicable law we may store and handle your personal information after achieving the original purposes of data processing or the end of time period specified above.
According to art. 1.125 Civil Code of the Republic of Lithuania, of July 18, 2000, № VIII-1864 we reserve the right to extend the term of storage your data if we have any reasons to consider that the processing is necessary to initiate or defend against any actions to claim rights or legal proceedings, or related to judicial or security procedures. According to the art. 1.125 Civil Code of the Republic of Lithuania General prescription comprises a period of ten (10) years.
Who do we share your data with?
We use third-party service providers to help us provide the Services and give support.
They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party.
We prohibit our service providers from selling data they receive from us or receive on our behalf.
We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide client support. The information they may receive as part of providing that support cannot be used by them for anything else.
Acting as Controller we share your data with the following processors and categories of processors:
Processors, their Location and the Link to Privacy Policy / Website if applicable | Purpose of Transfer | Safeguards for restricted transfers (outside the LT) |
|---|---|---|
| Contractors | Human Resources | We use International Data Transfer Agreements, Standard contractual clauses to ensure that your data is properly protected |
| MessageBird B.V. | SMS and 2fa services | Adequate country (NL) |
| Google LLC (the USA) | Push notifications, Mobile analytics (Firebase), Web Analytics Service Provider (Google Analytics) | We conclude a contract that obliges the Processor to implement the provisions, measures, controls and requirements set out in the EU legislation, including provisions related to imposing appropriate measures to protect personal data and provide you with legally recognised and enforceable measures to protect your rights as well as recognised and enforceable legal remedies |
| Amplitude INC. (the USA) | Web Analytics Service Provider (Amplitude) | We conclude a contract that obliges the Processor to implement the provisions, measures, controls and requirements set out in the EU legislation, including provisions related to imposing appropriate measures to protect personal data and provide you with legally recognised and enforceable measures to protect your rights as well as recognised and enforceable legal remedies |
Automated decisions
We do not make any automated decisions about you that would result in legal or other similarly significant effects on you.
Your rights
You have the following rights under the GDPR concerning personal data: the right to information, right to access, right to rectification, right to withdraw consent, right to object against processing for specific purposes (such as direct marketing), right to object to automated processing, right to be forgotten and right for data portability (copy of personal data in a commonly used machine–readable format).
You may also exercise the mentioned rights by contacting us via email at [email protected].
You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or where an alleged infringement of the GDPR has taken place.
Changes to this Policy
We regularly update this Policy in case there are significant changes in the way we process your personal data.
You will receive a notification prior to such significant changes become effective by email if you provided us with your email address, by our mobile app or by pop-up notice on our website.
- Scope of this Privacy Policy
- Who are we and how to contact us?
- What data, for what purposes, for how long, and based on what grounds do we process as Controller?
- How do we store your personal information?
- Who do we share your data with?
- Automated decisions
- Your rights
- Changes to this Policy
Scope of this Privacy Policy
Credex Multipay UAB is committed to protecting Your privacy.
This Privacy Policy explains how we handle data, including what we collect and how we obtain it, how we use it, when and if we disclose it, and some of your options for managing your data with Credex Multipay UAB with regard to our app.
Who are we and how to contact us?
This Privacy Policy explains how personal data is processed by Credex Multipay UAB.
Credex Multipay UAB is a company incorporated in the Republic of Lithuania having registered office at Eisiskiu Sodu18-oji g.11, LT-02194 Vilnius, Republic of Lithuania.
The words “we”, “our”, “us” refer to Credex Multipay UAB.
You may contact them by emailing our Data Protection Officer email address: [email protected].
If you have questions, please contact us at [email protected].
What data, for what purposes, for how long, and based on what grounds do we process as Controller?
Purpose of Processing How we collect the data Data Subjects: Categories of Data Storage Period Legal Basis Directly from you User: ID photo; selfie; proof of address; video; country; tax number; taxpayer residence; occupation; type of future transactions; monthly turnover of incoming payments (in EUR equivalent); monthly turnover of outgoing payments (in EUR equivalent); number of outgoing payments per month. Five (5) years after onboarding Compliance with a legal obligation User: Email; profile ID; photo; username; currency; network; user's wallet address; buyer's or seller's wallet address; transaction amount; risk score; number of confirmations; network fee; service fee. Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law Processing is necessary for the performance of a contract to which you are a party. We will not be able to provide you with our service if you fail to provide the data Directly from you Automatically through your use of our service Our users: Data about your account and data from the message to the support; email. Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law Our legitimate interests to improve the quality of our Service AML/KYC compliance: transaction information storage Directly from you Automatically through your use of our service User: Information about transaction, including sum of transaction, time, corresponding account. Compliance with a legal obligation Directly from you Automatically through your use of our service User: Information about transaction, including sum of transaction, time, corresponding account. Compliance with a legal obligation Directly from you User: Content of the correspondence. Five (5) years after receiving (sending) the correspondence Compliance with a legal obligationOnboarding Service provision Directly from you In-service communication, such as communication with the support team Five (5) years after the transaction AML/KYC compliance: Suspicious Activity Report (SAR) Five (5) years after the event AML/KYC compliance: business correspondence with user
How do we store your personal information?
Your information is securely stored on our services located in the EU.
We keep your personal information for the time period specified above for each type of data. We will then dispose this information by deleting rows from the database.
In cases specified by the legislation of the EU or other applicable law we may store and handle your personal information after achieving the original purposes of data processing or the end of time period specified above.
According to art. 1.125 Civil Code of the Republic of Lithuania, of July 18, 2000, № VIII-1864 we reserve the right to extend the term of storage your data if we have any reasons to consider that the processing is necessary to initiate or defend against any actions to claim rights or legal proceedings, or related to judicial or security procedures. According to the art. 1.125 Civil Code of the Republic of Lithuania General prescription comprises a period of ten (10) years.
Who do we share your data with?
We use third-party service providers to help us provide the Services and give support.
They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party.
We prohibit our service providers from selling data they receive from us or receive on our behalf.
We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide client support. The information they may receive as part of providing that support cannot be used by them for anything else.
Acting as Controller we share your data with the following processors and categories of processors:
| Processors, their Location and the Link to Privacy Policy / Website if applicable | Purpose of Transfer | Safeguards for restricted transfers (outside the LT) |
| Contractors | Human Resources | We use International Data Transfer Agreements, Standard contractual clauses to ensure that your data is properly protected |
| Sum and Substance LTD, UK | Remote identity verification, fraud prevention, enforcement of AML/CFT laws and regulations, internal risk management and due diligence procedures | Adequate country (UK) |
| MessageBird B.V. | SMS and 2fa services | Adequate country (NL) |
| Google LLC (the USA) | Google play, push notifications, Mobile analytics, Web Analytics Service Provider (Google Analytics) | We conclude a contract that obliges the Processor to implement the provisions, measures, controls and requirements set out in the EU legislation, including provisions related to imposing appropriate measures to protect personal data and provide you with legally recognised and enforceable measures to protect your rights as well as recognised and enforceable legal remedies |
| APPLE INC. (the USA) | App Store Connect | We conclude a contract that obliges the Processor to implement the provisions, measures, controls and requirements set out in the EU legislation, including provisions related to imposing appropriate measures to protect personal data and provide you with legally recognised and enforceable measures to protect your rights as well as recognised and enforceable legal remedies |
| Amplitude INC. (the USA) | Web Analytics Service Provider (Amplitude) | We conclude a contract that obliges the Processor to implement the provisions, measures, controls and requirements set out in the EU legislation, including provisions related to imposing appropriate measures to protect personal data and provide you with legally recognised and enforceable measures to protect your rights as well as recognised and enforceable legal remedies |
Automated decisions
We do not make any automated decisions about you that would result in legal or other similarly significant effects on you.
Your rights
You have the following rights under the GDPR concerning personal data: the right to information, right to access, right to rectification, right to withdraw consent, right to object against processing for specific purposes (such as direct marketing), right to object to automated processing, right to be forgotten and right for data portability (copy of personal data in a commonly used machine–readable format).
You may also exercise the mentioned rights by contacting us via email at [email protected].
You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or where an alleged infringement of the GDPR has taken place.
Changes to this Policy
We regularly update this Policy in case there are significant changes in the way we process your personal data.
You will receive a notification prior to such significant changes become effective by email if you provided us with your email address, by our mobile app or by pop-up notice on our website.
- Scope of this Privacy Policy
- Who are we and how to contact us?
- What data, for what purposes, for how long, and based on what grounds do we process as Controller?
- How do we store your personal information?
- Who do we share your data with?
- Automated decisions
- Cookies
- Your rights
- Changes to this Policy
Scope of this Privacy Policy
Credex Multipay UAB is committed to protecting Your privacy.
This Privacy Policy explains how we handle data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) (hereafter, GDPR),the Republic of Lithuania Law on Legal Protection of Personal Date No I-1374 (hereafter, Personal Data Protection Law) and the Directive on privacy and electronic communications (Directive 2002/58/EC) (hereafter, ePrivacy Directive), including what we collect and how we obtain it, how we use it, when and in what case we disclose it, and some of your options for managing your data with Credex Multipay UAB with regard to:
● our services;
● our websites.
Who are we and how to contact us?
Credex Multipay UAB is incorporated in the Republic of Lithuania, having registered office at Eišiškių Sodų 18-oji g. 11, LT-02194, Vilnius.
The words “we”, “our”, “us” refer to Credex Multipay UAB.
You may contact them by emailing our Data Protection Officer email address: [email protected].
If you have questions, please contact us at [email protected].
What data, for what purposes, for how long, and based on what grounds do we process as Controller?
Purpose of Processing How we collect the data Data Subjects: Categories of Data Storage Period Legal Basis Directly from you Our merchants: Contact information provided by you within the Service, such as email address and mobile number. Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law Processing is necessary to perform a contract to which the Data Subject is a party or to take, at the request of the Data Subject, procedures for concluding, amending or terminating a contract (art. (2) (1) 5 Personal Data Protection Law) We will not be able to provide you with our service if you fail to provide the data Directly from you Our merchants: Email; merchant's bank account details; merchant's wallet address. Authorised persons: name, surname; date of birth; place of birth; ID; mobile number; address of residency; address of citizenship; PEP status; base for authorisation; email. Beneficiary: name, surname; date of birth; place of birth; ID; address; address of residency; address of citizenship; PEP status; share in company; source of wealth; source of fund; experience. 5 years after the end of business relationship The Processing is necessary to fulfil obligations imposed on us by the legislation of Lithuania (art. (3) (1) 5 Personal Data Protection Law) Our merchants: Email; wallet address; merchant's bank account details; transaction amount; currency; network; order ID; invoice ID. Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law Processing is necessary to perform a contract to which the Data Subject is a party or to take, at the request of the Data Subject, procedures for concluding, amending or terminating a contract (art. (2) (1) 5 Personal Data Protection Law) We will not be able to provide you with our service if you fail to provide the data Directly from you Automatically through your use of our service Our users: Data about your account and data from the message to the support; email. Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law Processing is necessary to perform a contract to which the Data Subject is a party or to take, at the request of the Data Subject, procedures for concluding, amending or terminating a contract (art. (4) (1) 5 Personal Data Protection Law) We will not be able to provide you with our service if you fail to provide the data Our website visitors: IP-address, OS type and version, browser type and version, type of device and its display resolution. 2 years or until you withdraw your consent whichever happened earlier Your consent to store cookies in your browser (art. (25) ePrivacy Directive and art. (30) GDPR) You may withdraw your consent at any time by changing the settings of your web browser as set in our Cookie PolicyRegistration Onboarding Service provision Directly from you In-service communication, such as communication with the support team To better understand your preferences, to help you navigate our website, to personalise and provide a more convenient experience to you, to analyse which pages you visit, and to measure advertising and promotional effectiveness Automatically through your use of our websites
How do we store your personal information?
Your information is securely stored on partner cloud servers and located in Lithuania.
We keep your personal information for the time period specified above for each type of data. We will then dispose this information by deleting rows from the database.
In cases specified by the legislation of Lithuania or other applicable law we may store and handle your personal information after achieving the original purposes of data processing or the end of time period specified above.
According to art. 24 GDPR and art. 5 Personal Data Protection Law we reserve the right to extend the term of storage your data if we have any reasons to consider that the processing is necessary to initiate or defend against any actions to claim rights or legal proceedings, or related to judicial or security procedures. According to the art. 1.125 of the Civil Code of the Republic of Lithuania from 18 July 2000 No. VIII-1864 the limitation period for civil claims for rights arising from contractual relationship is ten (10) years.
Who do we share your data with?
We use third-party service providers to help us provide the Services and give support.
They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party.
We prohibit our service providers from selling data they receive from us or receive on our behalf.
We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide client support. The information they may receive as part of providing that support cannot be used by them for anything else.
We contractually oblige our service providers to provide sufficient guarantees to apply technical and organisational measures in a manner that ensures that the processing meets the requirements, rules and controls stipulated in GDPR and Personal Data Protection Law, and other applicable legislation, statutory instruments, administrative acts and guidelines.
Acting as Controller we share your data with the following processors and categories of processors:
| Processors, their Location and the Link to Privacy Policy / Website if applicable | Purpose of Transfer | Safeguards for restricted transfers (outside the EEA and ‘adequate’ jurisdictions) |
| Microsoft Ireland Operations Limited | Hosting Service Provider | Adequate country |
| Contractors | Human resources | We use Data processing agreements to ensure that your data is properly protected |
| Sum and Substance LTD, UK | Remote identity verification, fraud prevention, enforcement of AML/CFT laws and regulations, internal risk management and due diligence procedures | Adequate country |
| Amplitude Inc (the USA) | Web Analytics Service Provider (Amplitude) | We conclude a contract that obliges the Processor to implement the provisions, measures, controls and requirements set out in UAE Law N 45 / 2021, including provisions related to imposing appropriate measures to protect personal data and provide you with legally recognised and enforceable measures to protect your rights as well as recognised and enforceable legal remedies |
AML/KYC compliance: transaction information storage
| Directly from you Automatically through your use of our service | User: Information about transaction, including sum of transaction, currency, time, corresponding account |
| AML/KYC compliance: Suspicious Activity Report (SAR) | Directly from you Automatically through your use of our service | User: Information about transaction, including sum of transaction, currency, time, corresponding account |
| AML/KYC compliance: business correspondence with user | Directly from you
| User: Content of the correspondence |
Automated decisions
We do not make any automated decisions about you that would result in legal or other similarly significant effects on you.
Cookies
Please read our Cookie Policy for information about cookies.
Your rights
You have the following rights under the GDPR and the Personal Data Protection Law concerning personal data: the right to obtain information (art. (c) (1) 13 GDPR and art. (1) (1) 23 Personal Data Protection Law), right to request personal data transfer (art. (2) (1) 23 Personal Data Protection Law), right to correction or erasure personal data and right to restrict processing and right to stop processing (art. (3) (1) 23 Personal Data Protection Law), right to object against the processing (art. (4) (1) 23 Personal Data Protection Law).
You may also exercise the mentioned rights by contacting us via email at [email protected].
You also have the right to lodge a complaint with the State Data Protection Inspectorate (SDPI) if you have reasons to believe that your personal data has been processed unlawfully or any of your rights as a data subject violated. The procedures and rules regarding to complaints are to be established by the State Data Protection Inspectorate (SDPI).
Changes to this Policy
We regularly update this Policy in case there are significant changes in the way we process your personal data.
You will receive a notification prior to such significant changes become effective by email if you provided us with your email address, by our mobile app or by pop-up notice on our website.
- Scope of this Privacy Policy
- Who are we and how to contact us?
- What data, for what purposes, how long, and based on what grounds do we process as a Controller?
- How do we store your personal information?
- Who do we share your data with?
- Automated decisions
- Cookies
- Your rights
- Changes to this Policy
Scope of this Privacy Policy
HAWEX GROUP LTD is committed to protecting your privacy.
This Privacy Policy explains how we handle data, including what we collect and how we obtain it, how we use it, when and if we disclose it, and some of your options for managing your data with HAWEX GROUP LTD with regard to:
● our services;
● our websites.
Who are we and how to contact us?
This Privacy Policy explains how personal data is processed by HAWEX GROUP LTD.
HAWEX GROUP LTD is a company incorporated in the United Kingdom and having its registered office at 23047 Suite, 8 Shepherd Market, Mayfair, London, W1J 7JY, United Kingdom.
The words “we”, “our”, “us” refer to HAWEX GROUP LTD.
You may contact them by emailing our Data Protection Officer email address: [email protected].
If you have questions, please contact us at [email protected].
What data, for what purposes, how long, and based on what grounds do we process as a Controller?
Purpose of Processing How we collect the data? Data Subjects: Categories of Data Storage Period Legal Basis Directly from you Our website visitors: Contact information provided by you before you start using the Service, such name; mobile number; email address; telegram nickname. Within the terms specified by law We will not be able to provide you with our service if you fail to provide the data Directly from you Our Customers: Email. Authorized persons: name, surname; date of birth; place of birth; ID; mobile number; address of residency; address of citizenship; PEP status; base for authorization; email. Beneficiary: name, surname; date of birth; place of birth; ID; address of residency; address of citizenship; PEP status; share in company; source of wealth; source of fund; experience. 5 years after the termination of a contract Compliance with a legal obligation Customer: Email. Customer’s assistants: Email; mobile number; name. Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law Processing is necessary for the performance of a contract to which you are a party. We will not be able to provide you with our service if you fail to provide the data Directly from you Automatically through your use of our service Our users: Data about your account and data from the message to support; email. Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law Our website visitors: IP-address, OS type and version, browser type and version, type of device and its display resolution. 2 years or until you withdraw your consent whichever happened earlier Your consent to store cookies in your browser You may withdraw your consent at any time by changing the settings of your web browser as set in our Cookie PolicyApplication Onboarding Service provision Directly from you In-service communication, such as communication with the support team Our legitimate interests to improve the quality of our Service To better understand your preferences, to help you navigate our website, to personalize and provide a more convenient experience to you, to analyze which pages you visit, and to measure advertising and promotional effectiveness Automatically through your use of our websites
How do we store your personal information?
Your information is securely stored on our services located in United Kingdom.
We keep your personal information for the time period specified above for each type of data. We will then dispose this information by deleting rows from the database.
In cases specified by the legislation of UK or other applicable law we may store and handle your personal information after achieving the original purposes of data processing or the end of time period specified above.
According to art. 5 Limitation Act 1980 we reserve the right to extend the term of storage your data if we have any reasons to consider that the processing is necessary to initiate or defend against any actions to claim rights or legal proceedings, or related to judicial or security procedures. According to the art. 5 Limitation Act 1980 an action founded on simple contract shall not be brought after the expiration of six (6) years from the date on which the cause of action accrued.
Who do we share your data with?
We use third-party service providers to help us provide the Services and give support.
They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party.
We prohibit our service providers from selling data they receive from us or receive on our behalf.
We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide client support. The information they may receive as part of providing that support cannot be used by them for anything else.
Acting as a Controller we share your data with the following processors:
| Processors, their Location and the Link to Privacy Policy / Website if applicable | Purpose of Transfer | Safeguards for restricted transfers (outside the EEA and ‘adequate’ jurisdictions) |
Microsoft Ireland Operations Limited
| Hosting Service Provider | Adequate country |
| Contractors | Human Resources | We use International Data Transfer Agreements, Standard contractual clauses to ensure that your data is properly protected |
| amoCRM JSC | CRM Provider | We use International Data Transfer Agreement to ensure that your data is properly protected |
| Sum and Substance LTD | Remote identity verification, fraud prevention, enforcement of AML/CFT laws and regulations, internal risk management and due diligence procedures | UK |
| Decta Limited | Internet acquiring provider | UK |
| Nuvei Limited | Internet acquiring provider | Adequate country |
| Paycore.io Limited | Payment gateway provider | UK |
| Roistat Inc. | Web Analytics Service Provider | We use International Data Transfer Agreement to ensure that your data is properly protected |
| Meta Platforms Inc. | Web Analytics Service Provider (Facebook Analytics) | We use International Data Transfer Agreement to ensure that your data is properly protected |
| Yandex Oy | Web Analytics Service Provider (Yandex.Metrika) | Adequate country |
| Google LLC (the USA) | Web Analytics Service Provider (Google Analytics) | We use International Data Transfer Agreement to ensure that your data is properly protected |
Automated decisions
We do not make any automated decisions about you that would result in legal or other similarly significant effects on you.
Cookies
Please read our Cookie Policy for information about cookies.
Your rights
You have the following rights under the UK GDPR concerning personal data: the right to information, right to access, right to rectification, right to withdraw consent, right to object against processing for specific purposes (such as direct marketing), right to object to automated processing, right to be forgotten and right for data portability (copy of personal data in a commonly used machine–readable format).
You may also exercise the mentioned rights by contacting us via email at [email protected].
If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected].
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Changes to this Policy
We regularly update this Policy in case there are significant changes in the way we process your personal data.
You will receive a notification prior to such significant changes become effective by email if you provided us with your email address, by our mobile app or by pop-up notice on our website.
- Scope of this Privacy Policy
- Who are we and how to contact us?
- What data, for what purposes, how long, and based on what grounds do we process as a Controller?
- How do we store your personal information?
- Who do we share your data with?
- Automated decisions
- Cookies
- Your rights
- Changes to this Policy
Scope of this Privacy Policy
HAWEX GROUP LTD is committed to protecting your privacy.
This Privacy Policy explains how we handle data, including what we collect and how we obtain it, how we use it, when and if we disclose it, and some of your options for managing your data with HAWEX GROUP LTD with regard to:
● our services;
● our websites.
Who are we and how to contact us?
This Privacy Policy explains how personal data is processed by HAWEX GROUP LTD.
HAWEX GROUP LTD is a company incorporated in the United Kingdom and having its registered office at 23047 Suite, 8 Shepherd Market, Mayfair, London, W1J 7JY, United Kingdom.
The words “we”, “our”, “us” refer to HAWEX GROUP LTD.
You may contact them by emailing our Data Protection Officer email address: [email protected].
If you have questions, please contact us at [email protected].
What data, for what purposes, how long, and based on what grounds do we process as a Controller?
Purpose of Processing How we collect the data? Data Subjects: Categories of Data Storage Period Legal Basis Directly from you Our website visitors: Contact information provided by you before you start using the Service, such name; mobile number; email address; telegram nickname. Within the terms specified by law We will not be able to provide you with our service if you fail to provide the data Directly from you Our Customers: Email. Authorized persons: name, surname; date of birth; place of birth; ID; mobile number; address of residency; address of citizenship; PEP status; base for authorization; email. Beneficiary: name, surname; date of birth; place of birth; ID; address of residency; address of citizenship; PEP status; share in company; source of wealth; source of fund; experience. 5 years after the termination of a contract Compliance with a legal obligation Customer: Email. Customer’s assistants: Email; mobile number; name. Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law Processing is necessary for the performance of a contract to which you are a party. We will not be able to provide you with our service if you fail to provide the data Directly from you Automatically through your use of our service Our users: Data about your account and data from the message to support; email. Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law Our website visitors: IP-address, OS type and version, browser type and version, type of device and its display resolution. 2 years or until you withdraw your consent whichever happened earlier Your consent to store cookies in your browser You may withdraw your consent at any time by changing the settings of your web browser as set in our Cookie PolicyApplication Onboarding Service provision Directly from you In-service communication, such as communication with the support team Our legitimate interests to improve the quality of our Service To better understand your preferences, to help you navigate our website, to personalize and provide a more convenient experience to you, to analyze which pages you visit, and to measure advertising and promotional effectiveness Automatically through your use of our websites
How do we store your personal information?
Your information is securely stored on our services located in United Kingdom.
We keep your personal information for the time period specified above for each type of data. We will then dispose this information by deleting rows from the database.
In cases specified by the legislation of UK or other applicable law we may store and handle your personal information after achieving the original purposes of data processing or the end of time period specified above.
According to art. 5 Limitation Act 1980 we reserve the right to extend the term of storage your data if we have any reasons to consider that the processing is necessary to initiate or defend against any actions to claim rights or legal proceedings, or related to judicial or security procedures. According to the art. 5 Limitation Act 1980 an action founded on simple contract shall not be brought after the expiration of six (6) years from the date on which the cause of action accrued.
Who do we share your data with?
We use third-party service providers to help us provide the Services and give support.
They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party.
We prohibit our service providers from selling data they receive from us or receive on our behalf.
We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide client support. The information they may receive as part of providing that support cannot be used by them for anything else.
Acting as a Controller we share your data with the following processors:
| Processors, their Location and the Link to Privacy Policy / Website if applicable | Purpose of Transfer | Safeguards for restricted transfers (outside the EEA and ‘adequate’ jurisdictions) |
Microsoft Ireland Operations Limited
| Hosting Service Provider | Adequate country |
| Contractors | Human Resources | We use International Data Transfer Agreements, Standard contractual clauses to ensure that your data is properly protected |
| amoCRM JSC | CRM Provider | We use International Data Transfer Agreement to ensure that your data is properly protected |
| Dzing finance LTD | Principal for issuing IBAN and payment cards | UK |
| Sum and Substance LTD | Remote identity verification, fraud prevention, enforcement of AML/CFT laws and regulations, internal risk management and due diligence procedures | UK |
| Roistat Inc. | Web Analytics Service Provider | We use International Data Transfer Agreement to ensure that your data is properly protected |
| Meta Platforms Inc. | Web Analytics Service Provider (Facebook Analytics) | We use International Data Transfer Agreement to ensure that your data is properly protected |
| Yandex Oy | Web Analytics Service Provider (Yandex.Metrika) | Adequate country |
| Google LLC (the USA) | Web Analytics Service Provider (Google Analytics) | We use International Data Transfer Agreement to ensure that your data is properly protected |
Automated decisions
We do not make any automated decisions about you that would result in legal or other similarly significant effects on you.
Cookies
Please read our Cookie Policy for information about cookies.
Your rights
You have the following rights under the UK GDPR concerning personal data: the right to information, right to access, right to rectification, right to withdraw consent, right to object against processing for specific purposes (such as direct marketing), right to object to automated processing, right to be forgotten and right for data portability (copy of personal data in a commonly used machine–readable format).
You may also exercise the mentioned rights by contacting us via email at [email protected].
If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected].
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Changes to this Policy
We regularly update this Policy in case there are significant changes in the way we process your personal data.
You will receive a notification prior to such significant changes become effective by email if you provided us with your email address, by our mobile app or by pop-up notice on our website.