The privacy and security of your personal information is important to us. We implement the privacy concepts provided by the applicable laws and regulations including the General Data Protection Regulation (GDPR) to ensure that your Personal Data (as defined below) will be collected, processed, used and shared in the appropriate manner and in accordance with the purpose we set out as follows.
For all our services, the data controller – the company that’s responsible for your privacy – is TECHNOHEFAZ, LLC with its address at Las Vegas Technology Center, 2500 N Buffalo Dr, Las Vegas, NV 89128.
If you have any questions about how we protect your privacy, get in touch here: email@example.com.
1. Personal data we collect
This Policy covers our collection, processing and treatment of the Personal Data on four (4) main categories:
- account registration;
- visiting and interacting with our Services;
- transaction executing on Minerium; and
- the Company’s marketing communication.
For some of the uses of your personal data (as described in detail below), there is a legal basis under applicable data protection laws for us to use such personal data. The relevant legal ground is specified per category listed below.
1.1 Account registration
Data we collect and why: We may need to identify all users using and transacting on our platform. In order to do so, we may, if applicable, proceed with know your customer procedures by strictly complying with the laws and regulations (related to anti-money laundering, terrorist financing, proliferation of weapons of mass destruction financing and other financial crimes) and our know your customer/customer due diligence (KYC/CDD) policy. Therefore, all users may be requested to provide us with the following Personal Data before accessing and using our Services:
- full name;
- ID card or passport;
- address (both registered address and current address) with proof of address;
- email address;
- date of birth;
- photograph (for face biometrics/face scan);
- telephone number;
- occupation and work address;
- other information we are required to collect under the applicable law.
If you are a corporate user, we will collect your constitutional information (e.g. certificate of incorporation, affidavit, memorandum and articles of association, proof of good standing, list of directors and shareholders) including the Personal Data of the representatives or directors (e.g. their full names, ID cards or passports, registered address and contact addresses
The legal ground on which this processing is based is therefore (i) that the processing is necessary for compliance with law (as envisaged in in Article 6(1)(c) GDPR). Method of data collection: We collect your Personal Data during our KYC process through documents and information given to us via our website or through our third-party KYC provider (“KYC Provider”).
Data storage, processing and sharing: We verify, process and store the Personal Data provided by each individual on the Company’s protected system in the United States. Your Personal Data will be disclosed and shared by and between the Company and our KYC Provider to verify your identity. During the identity review process, the Personal Data may also be shared with other service providers engaged by the Company as well as the competent government authorities and similar bodies and organizations if we are required by the applicable laws and regulations.
In any case where we need to transfer your Personal Data to any of our service providers, including our KYC Provider, we will ensure that adequate safeguards for protection of your Personal Data is in place, and this through relevant Data Processing Agreements and/or Data Sharing Agreements.
Data retention: Subject to regulatory requirements including GDPR, we will keep the Personal Data of each user during the term of the Services and five (5) years after such user closes the account opened on Minerium with us per our Terms and Conditions. After this period we will promptly delete or destroy such Personal Data from our system.
1.2 Visiting and interacting with our services
Data we collect and why: When visiting our website, we will record in our web server logs system of your Personal Data as follows:
- browser information (e.g. browser type and version, operating system, etc.) through user agent strings and metadata provided during the access request by your system;
- Internet protocol (IP) Addresses and their associated location including your use of any VPN service;
- date and time of visit;
- referral uniform resources locator (URL); and
- pages visited by such visitor on our website.
For our website visitor analysis systems we will also additionally collect:
- Email address (when signing up);
- Google UUID (Unique User ID).
The legal ground on which this processing is based is therefore (i) that the processing is necessary for the legitimate interests pursued by Us (as envisaged in in Article 6(1)(f) GDPR).
Data processing and sharing: Access to the Company’s website is logged to monitor system security as part of our intrusion detection program. We store the Personal Data that we collected for the purpose under this section on Google Data Centers.
Data Retention: The retention of the Personal Data collected for profiling is governed:
- by Google Analytics where it will be retained for 38 months; and
- by Facebook Insights where it will be retained in accordance with the retention policy of Facebook.
Retention of logged access data that only provides IP and browser information of the accessing user, may be kept for one (1) year. Access to logs is strictly controlled and protected.
1.3 Trading or transaction executing on Minerium
Data we collect and why:
- On Minerium you can mine Digital Assets as described in our Terms and Conditions you agreed before opening your account with us. Whenever you create orders or make transactions this transactional Personal Data will be stored and processed by us.
- When making transactions inbound or outbound we may request information in regard to your External Account (source or destination of funds) in compliance with our Terms and Conditions.
The legal ground on which this processing is based is therefore (i) that the processing is necessary for the performance of Our contract with You (as envisaged in Article 6(1)(b) GDPR); and (ii) that the processing is necessary for compliance with a legal obligation (as envisaged in Article 6(1)(c) GDPR).
Data processing and sharing:
- On the blockchain: By nature of the service, all transactions on the blockchain, that is all transfers from and to an External Account (i.e. an account, digital wallet or address hosted and controlled by other service providers) will be public forever and available to anyone. Processing is determined by the algorithms of the digital asset you are transferring from or to. This algorithm may or may not provide anonymity.
- On our system: All transaction mining data will be stored and processed directly on the relevant protocol blockchain. Such mining data may be hosted on Google Cloud Data Centers or similar cloud based data centers.
- Transaction data on the blockchain cannot be deleted or removed.
- Transaction data on Minerium cannot be removed to guarantee correctness of our operations. However, the link between a transaction and a user may be removed. We will retain this data for your convenience as long as you keep an account with us and five (5) years thereafter. Afterwards that, the transactions will be anonymized.
- Information about your external accounts are retained for five (5) years after the transaction involving such account happened.
Profiling: We will use trading information internally to analyse trading behaviours and find suspicious account activities. This is done internally and no information that is a result of this profiling is shared with any third party.
1.4 Company’s marketing communication
As part of our marketing and promotional plan, we may communicate with you through the channels (email, social media platform, telephone number and others) that you shared with us:
- to provide information regarding our system and Services including on trading, financing features, new products and enhancement; and
- to advertise, deliver or promote our Services or our affiliates’ services.
- to ask for user feedback using surveys.
Data retention and Sharing: We will retain the contact details and communication information under this section as we deem appropriate, to the extent provided by the applicable laws and regulations, and will not share such information to any persons, except with our affiliate companies.
Your rights: At any time, you may contact us to cease to send and deliver you any marketing and promotional information. We will promptly remove your contact and communication information for such purpose upon your request.
2. Sharing of your Personal Data
We do not, and will not, sell any of your personal data to any third party – it is not our business to do so, and we want to earn your trust and confidence.
However, we share your data with third parties as an essential part of being able to provide our services to you, in the following cases only:
- where expressly indicated in the previous sections;
- the Personal Data is provided through a business transfer by way of merger or other similar transactions;
- the Company is required to cooperate with state or local governmental organizations or their agents to perform their duties or obligations pursuant to applicable laws and regulations, and such performance is likely to be precluded if the consent of the user must be obtained;
When we do share data, we do so on an understanding with the other entities that the data is to be used only for the purposes for which we originally intended – again, we don’t want you to have any surprises.
We may also provide third parties with aggregated but anonymized information and analytics about our customers and, before we do so, we will make sure that it does not identify you. Anonymous information means it is anonymous.
If we ever have to share data with other entities that are outside of the EEA, we will be sure to do so in a manner that complies with the requirements established by the GDPR.
3. Your Rights
You enjoy several rights relating to your personal information:
- The right to be informed about how your personal information is being used;
- The right to access the personal information we hold about you;
You can access the personal data we hold on you by contacting us at firstname.lastname@example.org.
To process your request, we will ask you to send us proof of identity so that we can be sure we are releasing your personal data to the right person.
We will carry out our best efforts to process your request within one month or, if the request is particularly complex, two months. We can provide you with a copy of your personal data in electronic format or hard copy.
If we consider the frequency of your requests as being unreasonable, we may refuse to comply with your request. In those circumstances, if you disagree, you can complain to the data protection.
- The right to request the correction of inaccurate personal information we hold about you;
We appreciate feedback from you to ensure our records are accurate and up-to-date.
If you think that the information we hold about you is inaccurate or incomplete please ask us to correct it by contacting us here [insert].
- The right to request that we delete your data, or stop processing it or collecting it;
You can ask us to delete your personal data; however, this is not an absolute right.
In spite of a request for erasure, we may be justified to keep personal data which we need to keep, e.g. (i) to comply with a legal obligation; and (ii) in relation to the exercise or defense of any legal claims.
When you ask us to delete your personal data, we assume that you do not want to hear from us again. To ensure that we do not send you any special offers in the future (for example, if we purchased your details from a third party list), we will retain just enough of your personal data solely for suppression purposes. Other than as described above, we will always comply with your request and do so promptly. We would carry out our best efforts to notify any third parties with whom we have shared your personal data about your request so that they could also comply.
- The right to stop direct marketing messages;
- The right to object to certain processing based on legitimate interest;
You have a right to object to our use of your personal information including where we use it for our legitimate interests or where we use your personal information to carry out profiling using automated means.
- The right to request human intervention if automated processing without human intervention is used to make decisions having legal or similar effects on you;
- The right to withdraw consent for other consent-based processing at any time;
- The right to request that we transfer or port elements of your data either to you or another service provider;
You have the right to move, copy or transfer your personal data from one organization to another. If you do wish to transfer your personal data we would be happy to help.
If you ask for a data transfer, we will give you a copy of your personal data in a structured, commonly used and machine-readable form (e.g. a CSV file format). We can provide the personal data to you directly or, if you request, to another organization.
Please note that we are not required to adopt processing systems that are compatible with another organization, so it may be that the recipient organization cannot automatically use the personal data we provide.
When making a transfer request, it would be helpful if you can identify exactly what personal data you wish us to transfer.
- The right to complain to your data protection regulator — in Malta – the Information and Data Protection Commissioner (IDPC)
If you want to exercise your rights, have a complaint, or just have questions, please contact us at email@example.com.
Please appreciate that the rights must be exercised within some limitation – for example, if you ask us for information we can only give you what relates to you and not what relates to other persons. When we receive requests, we may also request that you identify yourself and provide documentation or information for verification (we would not want to disclose information to the wrong person). Unreasonable requests may be subjected to a reasonable fee or refusal to respond.
4. Protecting children’s personal data
We do not intend to provide our Services to individuals under the age of eighteen (18). We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce this Policy by instructing their children never to provide their Personal Data through the website or our Services without their permission.
5. Dispute resolution
Any claim or dispute arising from or in connection with this Policy shall be resolved by the dispute resolution method available in the Terms and Conditions.
Should you have any suggestions, questions, complaints, or other inquiries in connection with this Policy, please do not hesitate to communicate with our data protection officer at our contact points as follows.
Data Protection Officer
Las Vegas Technology Center, 2500 N Buffalo Dr, Las Vegas, NV 89128
7. Changes to this Policy
The Company may amend this Policy from time to time. Such changes will be highlighted when accessing the Services and you may access to the latest version of our Policy on our website.