This Policy is provided to you to help you understand, as a potential or actual client of Vulture OÜ, registration number 14848194, (the “Company” or “us”) the basic principles that the Company’s employs to discharge its regulatory duties relating to the collection, processing and safeguarding our Users’ personal data. Capitalized terms in this Policy shall have the meaning ascribed to them in the Client Agreement between you and the Company (the “Client Agreement”), unless context requires otherwise. This Policy is an integral part of the Client Agreement.
The protection of privacy and the safeguarding of our Users’ Personal Data is of great importance to us.
This purpose of this Policy is to explain to you:
what Personal Data of yours we collect;
how we use your Personal Data;
how, with whom and when your Personal Data may be shared;
your rights; and
other useful privacy and security related matters.
References in this Policy to “Personal Data” are references to Personal Data as defined in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”). References in this Policy to “Associate” are references to an undertaking, company or other body corporate being an affiliate member of our Group (under common control with the Company), a representative whom we or another undertaking of our Group appoint, or any other person with whom we have a contractual, agency or other relationship that might reasonably be expected to give rise to a community of interest between us and them.
References in this document to “Group” are references to the Company and any entity controlled by or controlling the Company and entities under common ownership and control with the Company. When collecting, processing and storing Personal Data provided by you, we are subject to the provisions of the GDPR and the revenant Personal Data protection laws and regulations of Estonia. We, our Associates, any persons deriving rights from us or our Associates, any members of our Group, agents or sub-contractors which we engage or work through for the purpose of collecting, storing and processing Personal Data and any third parties acting on our or their behalf may collect, process use and store Personal Data provided by you for the purposes of, or related to, carrying out the transactions and other services which we provide to you, operational support and development of our or their businesses, providing us or them with professional or other services, in enforcing our or their contractual or other rights, and for the purposes of enabling compliance with the contractual, legal and regulatory provisions anywhere in the world to which we or our Associates and the aforesaid third parties are subject. By opening an account with the Company, you hereby consent to such collection, processing, storage and use of Personal Data by us, our Associates or the aforesaid third parties in accordance with the provisions of this Policy, and agree that processing and storage of Personal Data provided to us by you may be carried out in or from any jurisdiction within or outside of the European Union including in or to countries or territories which do not offer the same level of protection of Personal Data as is enjoyed within the European Union.
You further represent and undertake that where you are a non-physical person providing to us Personal Data of any individual or where you are an individual providing us with Personal Data of any individual other than yourself, by opening an account with us you thereby undertake and represent that such person, whose Personal Data is collected, stored and processed in accordance with the provisions contained herewith, has been informed of and has given their consent to such collection, storage and processing of their Personal Data in accordance with the provisions contained herein and that they have been informed of their rights in relation to their Personal Data which is held and processed in accordance with the provisions contained herein. You must ensure that you have read and understood the contents of this Policy before you commence any operations on your Wallet Account.
2. COLLECTION OF PERSONAL DATA WHAT PERSONAL DATA DO WE COLLECT?
(I) Information you provide us when you apply for a Wallet Account with us: This is the Personal Data you provide us when registered a Wallet Account at our website www.cratos.net (the “Website”), including but not limited to your name, address, date of birth, email address, phone number(s), your professional background and income source etc. in order for us to facilitate the evaluation of your application and complete the relevant know-your-customer, anti-money laundering and identity verification assessments that we are required to under the laws and regulations applicable to us. We also use this information for the purposes of communicating with you. We may collect details of your e-mail at the moment when you fill them in on the Website’s landing page to create a Wallet Account but before you fully complete the registration process. We may also collect information from you if you require technical assistance or customer support. As a part of our verification procedure which we perform in accordance with the requirements of the
applicable laws and regulations, we also collect information necessary to verify your identity, such as an identification card, passport or driver’s license. This information can also be obtained or verified by matching it with background information we receive about you from public records or from other entities not affiliated with the Company.
(II) Additional information that we may collect:
We may (but not necessary shall) also collect the following information:
(i) name, contact information and message if you contact us or participate in any survey, contest or promotion that we may organize for the Users;
(ii) details such as traffic information, location data and other IT communication data (including IP address and browser type) collected when you access and use our Platform;
(iii) information about devices that you use when accessing the Platform including unique device identifier;
(iv) web pages (including the Website and all of its inner pages or landing pages) visited by you and content viewed, links and buttons clicked, URLs visited before and after you visit our Website (the “Web Data”);
(v) Information about the anticipated and actual volume and value of your transactions on your Wallet Account, payment methods information provided;
(vi) your telephone numbers, Skype IDs or such other contact information as you may provide us with when you correspond with our customer support specialists;
(vii) your responses to our marketing campaigns (e.g. open/click on our promotional or marketing emails whether sent by ourselves or any third-party service providers);
(viii) your social media profile details (name, profile photo and other information you make available to us, if any) when you connect with or contact us through a social media account;
(ix) information from third party databases to comply with our legal and regulatory obligations. Information necessary to verify your identity, such as an identification card, passport or driver’s license. This also includes background information we receive about you from public records or from other entities not affiliated with the Company. The Company collects the necessary information required to open your Wallet Account, to transact with you, to safeguard your assets and your privacy and to provide you with the services you require. To this end, the Company gathers information from you and may, in certain circumstances, gather information from relevant banks and/or credit agencies, and/or other sources (such compliance verification databases and similar service providers) which help us profile your requirements and preferences and provide better
services to you. For the purposes of GDPR, the Company acts as data controller in respect of the Personal Data that we collect from you.
3. HOW DO WE USE YOUR PERSONAL DATA?
The Company processes your Personal Data for the following purposes:
(i) Wallet Account setup, verification and management. We use personal information such as your name, ID/passport details, email address, phone number, and information about your
device to open and administer your Wallet Account, provide you with technical and customer support, verify your identity, process payment information and send you important
information about your Wallet Account with us and our service information. This information is required for the purposes of the Company performing its obligations under the terms of the Client Agreement, and also for the purposes of complying with the laws and regulations applicable to us. In order to verify your identity, age and accuracy of your registration details provided, we may disclose such information to third parties e.g. financial institutions and third party reference agencies and data verification service providers. This is required for the purpose of our complying with our legal obligations. We may also use such personal information to enforce the terms of the Client Agreement and/or in the event this becomes necessary for the purposes of any litigation, action or claim that you or us may have against each other in connection with the Client Agreement or our services.
(ii) Personalisation. We may use your personal information, including but not limited to your professional background details and your Wallet Account transactional history to determine, deliver and/or suggest tailored solutions to you to personalize your experience with our services in line with your background. This type of processing is necessary for the purposes of our legitimate interests in developing, delivering or presenting relevant personalized services and content to our customers.
(iii) Marketing. Subject to any preferences you have expressed (where applicable), we may use your personal information, including but not limited to your name, e-mail, address, phone number, location and Web Data, to deliver marketing and event communications to you across various platforms, such as social networks, email, telephone, text messaging, direct mail, online, push notification or otherwise. We will do this either: (i) until you withdraw your consent (or it ceases to be valid); or (ii) during the period of your relationship with us and, unless specifically instructed otherwise by you, for a reasonable period of time after the relationship has ended in order to inform you about products, services, promotions and special offers which we think may be of interest to you. We may engage our Associates and other third party marketing and advertising service
providers for the purposes of providing marketing solutions to us or running marketing/remarketing activities and advertising campaigns on our behalf. We may provide your Personal Data to such service providers on a limited basis for the purposes of enabling them to perform their aforesaid services.
If we or our Associates send you a marketing email or other marketing communication, it will include instructions on how to opt out of receiving these marketing communications in the future. You can also manage your information and update your marketing preferences in the settings of your account on our Website. We shall require up to 72 hours to process any changes you make to your marketing preferences. We note that even if you opt out of receiving marketing communications, we may still send you important information related to your account(s) with us and our services to you.
We or our Associates may, from time to time, send you marketing materials which may be of particular interest to you based upon your behavior i.e. your trading activity and history, and your background. These marketing messages will provide you with information about the products, services, active promotions or offers (as applicable) available to you by any company within the Group and information about products and services provided by our selected partners and third parties.
We use a combination of information collected such as advertising cookies, your email address/phone number and your onsite activity to show you targeted and relevant advertisement on a selection of whitelisted websites and social media. This information can also be used to measure and analyze the effectiveness and reach of these ads, to help us improve and refine our marketing strategy in accordance with our legitimate interests in promoting our products and services to you. Except where we use your Personal Data for marketing purposes on the basis of your prior express and informed written consent and subject to any opt out preferences you notify to us in respect of marketing communications, we process Personal Data for marketing purposes only as necessary on the lawful basis and for the purpose of our legitimate interests in promoting our products and services to you.
(iv) Risk Management. In order to provide you our services and comply with our regulatory obligations we process your Personal Data as needed to evaluate and manage risks to our
business. The types of Personal Data that we may process for these purposes includes, but it is not limited to, your trading history and patterns (which may be required to identify and prevent abusive trading and other unlawful trading practices), your name, ID, passport and residence details.
(v) Diagnostics, research and development. We may use your personal information for internal research and development purposes, to help diagnose system problems, to administer our websites, to improve and test the features and functions of our services to you, to develop new content, products and services. To carry out testing and analysis. This processing is necessary for the purpose of our legitimate interests.
(vi) Legal and regulatory obligations. We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; or fraud. We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate: (a) under applicable law, which may include laws outside your country of residence; (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; and (c) to enforce the terms of the Client Agreement, or for the purposes of defending any claim you may have against us in connection with your trading with us.
(vii) Profiling. In accordance with our legitimate interests detailed below or, as the case may be, in order to comply with our legal obligations, we may carry out profiling and analysis based upon your location data, address, age, professional background, experience, trading activity and behaviors for the following purposes:
(a) Customer segmentation to offer you products and services which are appropriate for you, and to develop the more relevant marketing;
(b) We or our Associate or marketing service providers may run with lookalikes campaigns in Facebook or other social media. A lookalike campaign is a way to reach out to new
potential customers who are likely to be interested in our business because they have interests similar to our existing customers;
(c) Risk and trading analysis; and
(d) Licensing and legal obligations i.e., anti-money laundering, age verification, prevention of fraud.
(viii) Other purposes. We may be required to use and retain your personal information for loss prevention or to protect our rights, privacy, safety, or property, or those of other persons in accordance with our legitimate interests.
4. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
Once your Client Agreement with us terminates, we shall keep your Personal Data provided to us, including but not limited to your name, address, email, phone number, your trading and transaction history, deposits and withdrawals history, for at least 5 (five) years, as is required under Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing. Where we keep and process your personal data for marketing purposes based on your consent, we shall retain it until your consent is withdrawn or ceases to be valid. Furthermore, depending on your country of residence and/or citizenship, there may be different statutes of limitation in force. This is relevant where we retain your Personal Data for the purposes of defending ourselves in any potential litigation that you may initiate against the Company. A “statute of limitations” is a statute prescribing a period of limitation for bringing of actions or claims of certain kinds, which means that, depending on the jurisdiction, you have the right to bring a claim against the Company in connection with our services only during a certain period of time (the “Limitation Time”). We have a legitimate interest in retaining your personal information (such as your ID, address, transactional and trading history with us and records of your communications with us) in order to enable us to defend ourselves against any such claim that you may have. Accordingly, such personal information shall be retained by us after the date of expiration or termination of the Client Agreement during the Limitation Time.
5. WHOM WE CAN SHARE YOUR PERSONAL DATA WITH?
Your personal information may be transferred or disclosed to any company within the Group or, subject to appropriate agreements and arrangements to ensure data protection, to third parties, for the processing of that personal information based on our instructions and in compliance with this policy and any other appropriate confidentially and security measures
(I) Within the Group The Company may share your Personal Data with our Associates and their respective legal, accounting, tax and financial advisors in the event such information is reasonably required by such Associates for the following purposes:
(i) Wallet Account set up, verification and management;
(ii) Marketing and events campaigns;
(iii) Risk management; and
(iv) Legal and regulatory obligations.
(II) Non-Affiliated Third Parties
We may, from time to time, retain third parties to process your information to provide us with services globally, including for customer support, payments processing, verification information technology, payments, sales, marketing, data analysis, research and surveys. As part of our agreements with our partners, we may be required to share your information for the purposes of such partners being able to provide the aforesaid services to us. We may disclose information as necessary to credit reporting or
collection agencies as reasonably required in order to provide the services to you.
Where you have been introduced to us by a third party business introducer, such business introducer may have access to your personal information, and we may share your personal information with such business introducers for the legitimate purpose of complying with your obligations under the relevant business introducer agreements between us and such business introducers. We will share with third parties your personal information when we believe it is required to so for legal and regulatory reasons, including but not limited to:
(i) To comply with our legal obligations and respond to requests from government agencies, including law enforcement and other public authorities, which may include such authorities outside your country of residence;
(ii) In the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings); and
(iii) To protect our rights, Users, systems, and the Platform. You acknowledge and accepts that the Company is required to disclose information in relation to any US
reportable persons to the relevant authorities, in accordance with the reporting requirements of The Foreign Account Tax Compliance Act of the USA. Countries outside the European Economic Area (“EEA”) do not always have strong data protection laws. Where we transfer your personal information from the EEA to other countries in which applicable laws
do not offer the same level of data privacy protection as the EEA states, we take measures to provide an appropriate level of data privacy protection. For example, we use approved model contractual clauses, other measures designed to ensure that the recipients of your personal information protect it. We take steps to ensure that the information we collect is processed according to this Policy and the requirements of the applicable.
6. YOUR RIGHTS UNDER GDPR
Under the GDPR, you as a data subject have certain rights which are detailed below. Some of these only apply under specific circumstances and are qualified in several respects by exemptions in data protection legislation. We will advise you in our response to your request if we are relying on any such exemptions.
(i) Access to Personal Data: You have a right to request a copy of the personal information that we hold about you. Should you wish to make such a request, please contact our Customer Support on our Contact Us page at our Website. You can also contact our Privacy Office at firstname.lastname@example.org. You should include adequate information to identify yourself and such other relevant information that will reasonably assist us in fulfilling your request. Your request will be dealt with as soon as possible.
(ii) Correction of Personal Data: You can request us to rectify and correct any Personal Data that we are processing about you which is incorrect.
(iii) Right to withdraw consent: Where we have relied upon your consent to process your Personal Data, you have theright to withdraw that consent. To opt out of email marketing,
you can use the unsubscribe link found in the marketing communication you receive from us. To unsubscribe of SMS/push marketing, you can send us a message to the number provided
in the SMS/push marketing communications that you receive from us.
(iv) Right of erasure: You can request us to erase your Personal Data where there s no compelling reason to continue processing. This right only applies in certain circumstances, it is not a guaranteed or absolute.
(v) Right to data portability: This right allows you to obtain your Personal Data that you have provided to us with your consent or which was necessary for us to provide you with our products and services in a format which enables you to transfer that Personal Data to another organisation. You may have the right to have your Personal Data transferred by us directly to the other organisation, if this is technically feasible.
(vi) Right to restrict processing of Personal Data: You have the right in certain circumstances to request that we suspend our processing of your Personal Data. Where we suspend our processing of your Personal Data we will still be permitted to store your Personal Data, but any other processing of this information will require your consent, subject to certain exemptions.
(vii) Right to object to processing of Personal Data: You have the right to object to our use of your Personal Data which is processed on the basis of our legitimate interests. However, we may continue to process your Personal Data, despite your objection, where there are compelling legitimate grounds to do so or we need to process your Personal Data in connection with any legal claims.
(viii) Rights relating to automated decision making and profiling: You have the right not to be subject to a decision which is based solely on automated processing (without human
involvement) where that decision produces a legal effect or otherwise significantly affects you. This right means you can request that we involve one of our employees or representatives in the decision-making process. Currently we do not make automated decisions of this nature.
7. YOUR COMPLAINTS
We are not obligated under GDPR to have a data protection officer appointed. However, the Company has a dedicated data protection team that can be contacted at any time by email at email@example.com. Should you have any complaint related to our handling of your Personal Data, you can contact either our Customer Support team via the contact details provided at our Website or our data protection team via email set out above. Although the above are the recommended contact options for data protection related complaints, it is your right to bring the same to us through whatever means of contact you deem appropriate, including post or email.