2. The data we collect about you
- When you sign up to our services, we will collect personal data that is necessary to sign up a user account for you. We will require you to provide us with your full name and email.
- In case we ask you to follow know you customers and customer due diligence (KYC/CDD) procedures, we will collect personal data as necessary to offer and provide the services you and meet regulatory requirements. We will require you to provide us, where necessary, with your full name, address, telephone number, email address, date of birth, taxpayer identification number, government identification number, billing type, source of funds, government issued documents, marital status, title, gender, residential address, nationality and other identification information. We may require you to provide us with a photograph of yourself with your ID or other additional personal data as you use our services (place of work, salary and financial status, source of income, source of wealth etc.).
- When you use our services for buy, sell, exchange or transfer digital assets and/or NFT, we collect information about transactions, as well as other information associated with the transaction such as amount sent or requested, amount transferred, your positions in fiat and digital assets, merchant information, including bank account and payment card details.
- We can collect information about the device you use, your account, including the hardware model, operating system and version, and unique device identifiers.
- We can log technical information about your use of the services, including the type of browser and version you use, last access time, the Internet Protocol (IP) address used to create the account, and the most recent IP address used to access.
- When you use or ask for our services, we collect personal data you provide us with the other participants associated with the transaction or account.
In order to comply with legislation, we also reserve the right to collect, purchase or otherwise acquire personal data from third party data suppliers.
3. How we use your personal data
We will use your personal data in the following circumstances:
- Where we need to perform agreements, we are about to enter or have entered with you, e.g., the Terms of Service for NFT purchase service and others.
- Where you have consented before the processing e.g. newsletter you subscribe for.
- Where we need to fulfill legal obligations that we are subject to e.g. KYC/CDD.
If you give us a consent to send you direct marketing advertisements, we will send you messages by email, Discord, Telegram or other alternative communications infrastructure. You have the right to withdraw that consent at any time by contacting us.
4. Retention of personal data
We retain personal data in an identifiable format for the least amount of time necessary to fulfill our legal or regulatory obligations and for our business purposes (in general, for up to 3 years after the termination of the relationship). In the case of KYC/CDD we keep the data for 5 years. For accounting purposes, we keep the transactional data for 7 years.
Once the period of retaining your personal data is over, we will delete, or anonymize your personal data. The data which is anonymized (irrevocably detached from you) may be used for our internal purposes.
To use or ask to use our service, including to process your transactions, we may disclose your personal data to third-parties such as financial institutions, third party reference agencies, payment processing providers, data verification service providers, shipping and logistics couriers, warehouses and/or other partners in due course of fulfillment of our agreement with you or on order to comply with our legal or regulatory obligations.
We will also disclose your personal data to other third parties including: regulatory authorities and law enforcement agencies, non-affiliated third parties for payments processing, payments, sales, data analysis, research and surveys, and/or professional advisors such as tax or legal advisors, consultants and accountants.
We also may disclose your personal data to our affiliated parties and partners including, but not be limited to International Chess Federation (FIDE), TON Venture Studio ltd (TON Labs) for the purposes of developing, supporting, marketing and other services. In the case of KYC/CDD we are using third-party services.
6. International transfers
We are an EU-based company. Your personal data may be processed, transferred to, and maintained on servers and databases located within EU and elsewhere where the privacy laws may not be as protective as your jurisdiction. If we need to transfer your personal data to and from any state, province, country, or other governmental jurisdiction we will ensure that transfers of personal data to a third country or an international organization are subject to appropriate safeguards (for example by Standard Contractual Clauses).
7. Automatic processing
8. Your legal rights
You have the following rights under data protection laws in relation to your personal data. You have the right to:
- Request access to your personal data (commonly known as a data subject access request). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information without compelling legal grounds, or where we are required to erase your personal data to comply with local law.
- Object to processing your personal data where we are relying on a legitimate interest (or those of a third party), and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
a. if you want us to establish the data's accuracy; b. where our use of the data is without compelling legal grounds but you do not want us to erase it; c. where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or d. you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it; e. you may prohibit the processing of the personal data for direct marketing purposes as well as to refuse the advertisements and offers at any time by informing us thereof.
- the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information, which you initially provided consent for us to use or where we used the information to perform a contract with you.
- consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You can exercise any of these rights at any time by contacting us.
We reserve the right to decline your request to exercise any of the rights under this section if we are not legally obligated to provide such rights under the laws of the jurisdiction of your residence.
You have a right to lodge a complaint to the Estonian Data Protection Inspectorate (e-mail address: firstname.lastname@example.org; telephone: +372 5620 2341 or +372 627 4135; address: Tatari 39, Tallinn 10134, Estonia) if you consider that processing of your personal data infringes your rights and interests under the law.