RULES OF PROTECTION OF PERSONAL DATA
Processed in accordance with the wording of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in the processing of personal data and on the free movement of such data, which repeals Directive 95/46/EC (General Data Protection Regulation data) (hereinafter referred to as "GDPR").
1. RULES OF PROTECTION OF PERSONAL DATA
1.1. These Personal Data Protection Rules (hereinafter referred to as the "Personal Data Protection Rules") represent the basic limits, rights and obligations for the processing of all personal data obtained in connection with the conclusion and performance of the Agreement between the user and Stablecoin, s.r.o., as well as the use of the Platform.
1.2. For the purposes of the GDPR, the operators of any information systems in which personal data of Users are processed, or the natural person through whom the User, who is a legal entity, acts, is the company Stablecoin, s.r.o., with its registered office at Mlynské Nivy 5, 821 09 Bratislava - the Old Town district, ID number: 53 230 728, registered in the Commercial Register of the Bratislava I District Court, Department: Sro, Insert No.: 147245/B (hereinafter referred to as "Operator" or "we" in the appropriate grammatical form).
1.3. For the purposes of the GDPR, the affected person whose personal data is processed by the Operator is the User, or the natural person through whom the User, who is a legal entity, acts (hereinafter also referred to as the "Data Subject" or "You" in the appropriate grammatical form).
1.4. Any activity that involves the processing of personal data is carried out in accordance with the GDPR and the Personal Data Protection Rules.
2. PRINCIPLE OF PROTECTION OF PERSONAL DATA
2.1. The operator processes your personal data in accordance with the following principles established by the GDPR:
Legality, fairness and transparency - We process your personal data in a legal, fair and transparent manner.
Limitation of purpose – We obtain your personal data for specific, explicitly stated and legitimate purposes, while we do not further process your personal data in a way that is not compatible with these purposes.
Data minimization - the personal data we process is adequate, relevant and limited to the extent necessary in view of the purposes for which it is processed.
Correctness – We keep your personal data correct and updated as necessary.
Minimization of storage – We store your personal data in a form that enables your identification for as long as it is necessary for the purposes for which we process your personal data.
Integrity and confidentiality - we guarantee adequate security of your personal data, including protection against unauthorized or illegal processing and accidental loss, destruction or damage.
Responsibility - we carry out any processing of your personal data responsibly and in accordance with the GDPR.
3. SOURCES AND SCOPE OF PROCESSED PERSONAL DATA
3.1. We obtain your personal data primarily directly from you. During the process of registering and setting up an Account, you will provide us with your e-mail address (your login name) and set a password for the Account.
3.2. After setting up an Account, and before we provide you with any Services, we will ask you to provide additional information for the purpose of verifying your identification, risk assessment and verification of possible fraudulent activity, legalization of income from criminal activity, financing of terrorism or other illegal activities. In this context, we will especially ask you to provide Personal Data, e.g. to fill in your name, surname and the country of your residence, or headquarters, for the purpose of fulfilling our legal obligations, especially obligations arising from the Act.
3.3. Furthermore, we collect and process your payment information whenever you pay us. If you provide us with bank account details, we will use them exclusively to collect your payment to us and make our payments to you.
3.4. Pursuant to the Agreement, in connection with the fulfillment of our obligations under the Act, other legal regulations or internal guidelines, we may request additional information from you for the purpose of verifying your identification and assessing the business risk in accordance with the relevant legislation in the field of combating money laundering, such as copy:
a) identity document; in the case of a legal entity, also the identity document of the statutory bodies and the identity document of the final users of the benefits of the legal entity,
b) confirmation of permanent residence or other authorized residence (e.g. a duly issued invoice for the supply of energy), or a statement from a bank account with identification data and a consent address, a statement from the register of residents, a statement from the Commercial Register of the Slovak Republic or a similar register,
c) image recording of the affected person's face together with clearly legible data from the identity document, and
d) information on the origin of the funds that are the subject of the Deposit according to the terms of the Agreement.
3.5. For this purpose, we are authorized to use some information from public registers or other publicly available sources for the purpose of verifying your identification, assessing business risk, checking potential illegal or unethical activity, legalization of income from criminal activity or other illegal actions.
3.6. If you visit the Operator's Platform, we may automatically collect information about you using Google Analytics to understand how you use the Platform. This information is collected and provided to us by Google LLC., as our data processor. If you do not want Google Analytics to be used in your browser, you can install the Google Analytics Opt-Out Browser Add-On or another similar tool.
4. DETAILS ABOUT THE PROCESSING OF YOUR PERSONAL DATA
4.1. We use your personal data in accordance with the Personal Data Processing Rules. Unless you give us your express consent, and at the same time there is no other legal basis for this according to the GDPR, we do not process your personal data or provide it to a third party
5. LEGAL BASIS OF THE PROCESSING AND USE OF PERSONAL DATA
5.1. We are authorized to use your personal data only on the basis of the following legal bases:
Performance of the Agreement
We process your personal data if it is necessary to conclude, fulfill, change or terminate the Agreement. In this regard, we process your name, surname, address and your bank account details. The conclusion and fulfillment of the Agreement is possible only after opening your Account, and therefore we also process your e-mail address (your login name) and password for the Account. The duration of the processing of your personal data is determined by the duration of the Agreement. We may continue to process your personal data even after the termination of the Agreement on the basis of another legal basis.
Compliance with legal obligations
We process your personal data if it is necessary to fulfill our legal obligations. We process your personal data for the purpose of our compliance with applicable laws on fraud detection, prevention of money laundering and terrorist financing, or any other crime. In this context, we may ask you to upload a copy of your identity document (citizen's card or passport) and fill in the relevant Personal Data or provide other information in accordance with the Agreement. We may provide your personal data further if necessary to comply with our legal obligations under legislation, court order or legal process. The duration of the processing of your personal data is determined by the duration of specific legal obligations.
We may also process your personal data when it is necessary for the purposes of our legitimate interests, except when these interests are overridden by your interests or fundamental rights and freedoms. Our legitimate interests include the following:
a) Protection of our rights
We may retain your personal data if this is necessary to protect our rights under the Agreement or applicable law. We will keep your personal data only for an unavoidably long period of time, which will not exceed 10 (in words: ten) years from the termination of the Agreement.
b) Prevention of fraudulent behavior
We may store your personal data, if necessary for the purpose of preventing fraud, which may cause damage to us and damage our interests, for a period of 5 (in words: five) years from the termination of the Agreement.
c) Enforcement of claims
We keep your personal data if it is necessary to enforce the claims we may have against you. We store personal data until the statute of limitations expires according to the relevant generally binding legal regulations.
d) Direct marketing
We use your name and email address to provide you with information about our Products and Services. If you have not objected to this or will not object at any time in the future, we will send you an e-mail newsletter in order to provide this information.
7. RECIPIENTS AND INTERMEDIARIES OF YOUR PERSONAL DATA
7.1. We can designate third parties - intermediaries who are authorized to perform specific actions related to the processing of your personal data according to the agreement on the processing of personal data. We will appoint only such intermediaries who provide a sufficient guarantee for the implementation of adequate technical and organizational measures in such a way that the processing will meet the requirements of the GDPR and ensure the protection of your rights. We use the following intermediaries who may collect and process your personal data on our behalf: Google LLC (hereinafter referred to as "Google"), 1600 Amphitheater Parkway, Mountain View, CA 94043, United States of America.
7.2. We are authorized to transfer your personal data to an intermediary or other recipient in third countries only if (i) the European Commission has decided that the third country, territory or one or more designated sectors in that third country will guarantee an adequate level of protection; or (ii) the intermediary has provided adequate guarantees, and on the condition that the affected persons have available enforceable rights and effective legal remedies.
8. YOUR RIGHTS
8.1. According to the GDPR, you have the following rights regarding the processing of your personal data:
The right to be informed
You have the right to be informed about the processing of your personal data. We provide you with information about such processing in these Personal Data Protection Rules.
The right to access your personal data
If you wish to gain access to the personal data we have about you, contact us.
Right to rectification
If the personal data we have about you is incorrect or incomplete, you have the right to ask us to correct it. If this personal data has been transferred to a third party with your consent or due to a legal obligation, we must ask them to correct such data.
Right to erasure
You have the right to ask us to delete all your personal data, but only if one of the following reasons occurs:
a) personal data are no longer necessary for the purposes for which they were obtained or otherwise processed;
b) you revoke the consent on the basis of which the processing is carried out and if there is no other legal basis for the processing;
c) you object to the processing and there are no legitimate reasons for the processing on our side or the person concerned objects to the processing;
d) personal data were processed illegally;
e) personal data must be deleted based on a legal obligation.
Right to restriction of processing
You have the right to ask us to limit the way we process your personal data if:
a) you object to the correctness of your personal data;
b) the processing is unlawful and you object to the deletion of personal data and request instead the restriction of their use;
c) we no longer need personal data for the purpose of processing, but the data subject needs them to demonstrate, exercise or defend legal claims;
d) you objected to the processing according to Article 21 paragraph 1 GDPR during the verification of whether the legitimate reasons on the part of the operator prevail over the legitimate reasons of the person concerned
The right to correct data
We are obliged to enable you to obtain and reuse your personal data for your own purposes in all services in a secure manner, without affecting the usability of your data.
The right to object
You have the right to object to the processing of your personal data if it is based on our legitimate interests. Unless we demonstrate legitimate reasons for processing that outweigh your interests, rights and freedoms, or reasons for proving, exercising or defending legal claims, we will not process your personal data further.
Right to withdraw consent
If you give us your consent to process your data, but later change your mind, you have the right to withdraw your consent at any time and we will stop processing your data, but this does not affect the processing carried out based on the consent valid until then. At the same time, we state that in general we do not process your personal data on the basis of your consent, but on the basis of the Agreement.
Right to file a complaint
You have the right to file a complaint with the relevant data protection authority if you feel that we are processing your data in a manner inconsistent with the GDPR or if you feel that we are not respecting your rights. The competent authority for the Slovak Republic is the Personal Data Protection Office of the Slovak Republic (https://dataprotection.gov.sk/uoou/).
8.2. You can exercise all of the above-mentioned rights (except for the right to complain, which should be exercised by directly contacting the competent authority for the protection of personal data) by sending the relevant request. In this regard, please contact us by email at: firstname.lastname@example.org.
9. LINKS TO OTHER WEBSITES
10. METHOD OF PROTECTING YOUR PERSONAL DATA
10.1. We use a number of security technologies and procedures to protect your personal data from unauthorized access, use or disclosure. We secure your personal data on computer servers in a controlled and secure environment, protected from unauthorized access, use or provision.
10.2. Despite the fact that we strive to provide the most secure environment for processing your personal data, we cannot completely exclude the possibility of unauthorized access, use or provision of personal data. In the event of such a breach of personal data protection, we will immediately inform the relevant supervisory authority and promptly resolve the situation. If it is likely that a breach of personal data protection may cause you harm, we will also immediately inform you of the breach of personal data protection.
11. CHANGES TO THE OPERATOR'S POLICY ON THE PROTECTION OF PERSONAL DATA
11.1. We can continuously supplement the Personal Data Protection Rules, in which case a modified version of the Personal Data Protection Rules will be published in the same way, with which you are obliged to familiarize yourself.