Processing of personal data
Institut Digital OÜ (registry code 16279524), address Narva mnt 7, 10117 Tallinn, Estonia, email firstname.lastname@example.org (hereinafter referred to as the Service Provider), processes personal data in accordance with the requirements of the Personal Data Protection Act of Estonia.
Upon establishing a business relationship and providing the services the Service Provider has the right and is obliged to collect and process the personal data of a person (hereinafter referred to as a User) who submits a request to use the services provided by the Service Provider and is entitled to keep, hold and retain the personal data within a period of time and limit provided by the applicable legislation.
The Service Provider processes personal information only for providing the service the User has ordered. The Service Provider does not transmit, sell or disclose User’s data to third parties without User’s prior consent or in the cases provided by law. The Service Provider is considered also as the data controller who shall determine the purpose and measures of personal data processing. Submission of information at the request of a regulatory authority or in cases provided by law shall not require User’s consent nor notification.
The User understands that the Service Provider is subject to supervision of the Financial Intelligence Unit of Estonia which is a regulatory authority with its aim to prevent money laundering and terrorist financing and to conduct general supervision over licensed market participants. The User agrees to provide additional information concerning its activities within the scope of the provision of services and information that is deemed necessary from the perspective of anti-money laundering and terrorist financing prevention based on the request of the Service Provider.
1. What type of personal and general data is collected?
1.1. The Service Provider processes the following data:
1.1.1. first name and surname;
1.1.3. ID document number;
1.1.4. personal identification number (if issued);
1.1.5. date of birth;
1.1.6. ID document expiration date;
1.1.7. ID document photograph;
1.1.10. biometrical data/face photograph;
1.1.12. source and ownership of funds;
1.1.13. device information and location;
1.1.14. all types of correspondence between the Service Provider and User;
1.1.15. data concerning financial transactions (account owner, amount), use of services and all data related to payments, returns to settlement accounts and transfers both in cryptocurrencies and fiat;
1.1.16. other personal data (beneficial owners, right of representation, information whether the person is a politically exposed person) that is required to be collected and verified by the Service Provider according to the requirements of the jurisdiction and legislation of residence of the Service Provider.
2. How do we collect your data?
2.1. The User directly provides the Service Provider with most of the data is being collected. The Service Provider collects and processes data when the User:
2.1.1. submits a request to open or update an account for the use of the services and when using the services;
2.1.2. Voluntarily completes a customer survey or provide feedback on any of our message boards or via email;
2.1.3. uses or views the Service Provider’s website via browser’s cookies.
3. What is the purpose of data processing?
3.1. The Service Provider collects data for:
3.1.1. Identifying the person, i.e. contractual party, to whom the service is provided
3.1.2. Providing services according to the agreed terms and conditions and user agreement
3.1.3. Ensuring safe facilitation of transactions, safety of the assets and the account
3.1.4. Ensuring a well-functioning service provision
3.1.5. Identifying illegal and suspicious activities
3.1.6. Preventing fraud and illicit acquisition
3.1.7. Preventing money laundering and the financing of terrorism
3.1.8. Analyzing outgoing and incoming payments and transactions in cryptocurrencies and fiat
3.1.9. Processing orders
3.1.10. Contacting and informing persons involved about exceptional circumstances regarding the order or transactions
3.1.11. Executing reimbursements
3.1.12. Managing and solving order related errors, refunds and feedback
3.1.13. Analyzing user behaviour and user statistics
3.1.14. Improving the website by making it more user friendly and carrying out technical improvements
3.1.15. Notifying you about special offer on products that you might like
3.2. Legal basis:
3.2.1. The data subject, i.e. User, has given consent to the processing
3.2.2. Processing is necessary for performance of a contract between the two parties
3.2.3. Processing is necessary for compliance with a legal obligation
3.2.4. Processing is necessary to protect the data subject’s, i.e. User’s, vital interests
3.2.5. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
4. How do we store your data?
4.1. The Service Provider securely stores User’s data at Amazon Web Services’ cloud, provided by [**] (registry code [**]), located at [**].
4.2. The Service Provider will retain User’s personal data for a period of 5 years after termination of customer relationship with the User. Once this time period has expired, we will delete the User’s data by removing and erasing it from the company’s database and records.
4.3. Accountancy related data (invoices and payment records) shall be retained for 7 years.
5.1. The Service Provider is the holder and controller of the collected data. The access to User’s personal data is provided only to staff members of the Service Provider or those of affiliated Third-Party Service Providers for processing orders and managing order related errors, refunds and feedback while taking the relevant pr ecautions and measures in order to avoid disclosure, unauthorized access, loss and unlawful use of personal data by irrelevant third parties.
5.2. The Service Provider may and can transmit personal data to relevant third parties to, including process payments through a payment gateway service provider, manage service provider’s accountancy operations and provide identification services, proportionately to what is necessary to perform the relevant action.
5.3. The Service Provider transmits the personal data necessary for making payments to an authorized debit and credit card payment processor. [I don’t like identifying suppliers for competitive reasons and also because we then have to update the Agreement if you decide to change supplier]
5.4. The Service Provider uses for collecting and processing personal data that is derived from the Service Provider’s obligation provided by the jurisdiction and legislation of residence of the Service Provider and the Anti Money Laundering and Terrorist Financing Prevention Act of Estonia.
6.1. The Service Provider is entitled to send the User information about products and services if the User has given a corresponding consent. If the User has agreed to receive marketing, the User has the right to always opt out at a later date.
6.2. The User has the right at any time to stop the Service Provider from contacting the User for marketing purposes.
6.3. If the User no longer wishes to be contacted for marketing purposes, the User can inform the Service Provider at email@example.com and the User will be removed from the mailing list.
7. What are User’s data protection rights?
7.1. The Service Provider would like to make sure that the User is fully aware of all of his/her data protection rights. Every user is entitled to the following:
7.1.1. The right to access – Have the right to request the service provider for copies of your personal data.
7.1.2. The right to rectification – Have the right to request that the service provider correct any information you believe is inaccurate. Also have the right to request the service provider to complete the information you believe is incomplete.
7.1.3. The right to erasure – Have the right to request that the service provider erase your personal data, under certain conditions.
7.1.4. The right to restrict processing – Have the right to request that the service provider restrict the processing of user’s personal data, under certain conditions.
7.1.5. The right to object to processing – Have the right to object to the service provider’s processing of your personal data.
7.1.6. The right to data portability – Have the right to request that the service provider’s transfers the data that the service provider has collected to another organization, or directly to the user, under certain conditions.
7.2. Upon receiving a reqeuest from the User, the Service Provider has one (1) month to provide an appropriate response to the User. If the User wishes to exercise any of the rights above, the Service Provider can be contacted at its email firstname.lastname@example.org.
7.3. Privacy policies of other websites:
9. How to contact the Service Provider?
9.2. The User has the right to have access to his/her personal data at any time and to have it corrected, closed or deletion, unless otherwise provided by law.
10. Complaints and Disputes
10.1. If the User wishes to report a complaint or feels that the Service Provider has not addressed User’s concern in a satisfactory manner, User may contact the supervisory authority – Estonian Data Protection Inspectorate at email@example.com.
What are Cookies?
Cookies are small text files placed on your computer to collect standard internet log information and visitor behavior information. When you visit our website, we may collect information from you automatically through cookies or similar technology. We use the following cookies on our website:
● session cookies which are temporary and expire once you close your browser (or once your session ends)
● persistent cookies which are cookies that remain on your hard drive until you erase them or your browser does, depending on the cookie’s expiration date.
For further information, visit https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
o Collecting anonymous and general statistics about the number of website visitors
o Understanding how you use our website
o Making the website more user-friendly
o To carry out technical improvements
o To enable certain functions of the service
o To provide analytics
o To store your preferences
What types of cookies do we use?
When you use and access the service, we may place a number of cookie files in your web browser. We use both functionality and advertising cookies on the website and different types of cookies to run the website.
There are a number of different types of cookies, however, our website uses:
Functionality cookies – The service provider uses these cookies so that we recognize you on our website and remember your previously selected preferences. These include what language you prefer and location you are in. These cookies are temporary and expire once you close your browser (or once your session ends).
Advertising cookies – The service provider owner uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. The service provider may share some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.
How to manage cookies?
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.