INTRODUCTION
Ensuring the safeguarding of your privacy and personal data is a top priority at Exomoon SIA. In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data, commonly known as the GDPR, along with other pertinent legal obligations of the European Union and Latvia, as well as recommendations from the financial sector and best practice guidelines, we have crafted this Privacy Protection Policy.
In this policy, we aim to furnish you with comprehensive details concerning the handling of your personal data, which encompasses any information directly or indirectly associated with you, and to underscore your entitlement to privacy and its safeguarding.
TERMS
· Data subject - an individual whose personal data is processed.
· Controller - a legal entity that independently or jointly with others determines the objectives and methods of personal data processing; Exomoon SIA, registration number No. 45403059075, located at Dzirnavu iela 83-34, Rīga, LV-1011, Latvia; email address: info@exomoon.lv.
· Personal data - any information pertinent to the data subject, including but not limited to name, surname, personal identification number, address, contact information, video surveillance, and economic behaviors specific to the data subject.
· Processing of personal data - any actions carried out with the personal data of the data subject, including collection, recording, organization, storage, adaptation, retrieval, usage, disclosure, transmission, and deletion.
· Terms - this Privacy Protection Policy.
· Consent - voluntary and informed agreement provided by the data subject for the processing of their personal data for specific purposes.
· Profiling - usage of personal data to evaluate the data subject's behaviors, preferences, interests, reliability, and other characteristics.
PRINCIPLES OF PERSONAL DATA PROCESSING
Exomoon SIA and any processors adhere to the following principles when processing personal data:
· Legality, integrity, and transparency: personal data is processed lawfully, ethically, and transparently for the data subject.
· Purpose limitation: personal data is collected for specific, explicit, and legitimate purposes and is not further processed in a manner incompatible with these purposes.
· Data minimization: personal data collected is adequate, relevant, and limited to what is necessary for the purposes of processing.
· Accuracy: personal data is accurate, and steps are taken to rectify or erase inaccurate data without delay.
· Storage limitation: personal data is stored for no longer than necessary for the purposes for which it was processed.
· Integrity and confidentiality: personal data is processed securely to prevent unauthorized access, disclosure, or loss.
WHAT PERSONAL DATA IS PROCESSED?
Exomoon SIA processes the following categories of personal data, as required by the specified purposes:
1) Identification data: name, surname, personal identification number, date of birth, and details from personal identification documents.
2) Contact information: address, telephone number, and email address.
3) Tax residence information: country of birth, residency, taxpayer number, citizenship, and tax residence address.
4) Correspondence information: information from letters, emails, and phone calls.
5) Physical and electronic document information.
6) Investment Portfolio and Virtual Currency Wallet data.
7) Financial knowledge data, including education and experience in finance.
8) Transactional data within Exomoon SIA.
9) Financial data, including origin of funds, accounts, payment documents, and expenses.
10) Economic activity data, such as employment details and business partnerships.
ON WHAT BASIS ARE WE PROCESSING YOUR PERSONAL DATA?
Personal data processing by Exomoon SIA is grounded on the following legal bases:
· To fulfill contractual obligations or to enter into agreements with the data subject.
· To comply with legal obligations stipulated by laws and regulations.
· With the consent of the data subject.
· To pursue legitimate interests, ensuring proportionality with the rights of the data subject.
FOR WHAT PURPOSES DO WE PROCESS YOUR DATA?
Primary objectives:
· Delivering contractual services.
· Identifying risks, conducting assessments, documenting transactions, and providing services to customers.
· Safeguarding our clients' Cryptographic Assets.
· Carrying out our economic and administrative operations.
In addition to these primary purposes, we process your Personal Data for the following secondary purposes:
1) Personal identification: We process your name, surname, personal identification number, date of birth, and personal identification document details (including creating and storing a copy of your personal identification document) to establish your identity.
2) Service provision: We process your general personal and identifying information to offer services, evaluate service applications, and fulfill contractual and legal obligations.
3) Product suitability assessment: We collect Personal Data regarding your financial knowledge, income, financial goals, and plans to assess the relevance of our products to your interests and provide advice on digital payment matters.
4) Security measures: To ensure the safety of our employees, visitors, and properties, as well as to prevent and detect legal violations, we conduct video surveillance and process image data at our customer service locations.
5) Service quality improvement: We gather and utilize Personal Data related to our services, including inquiries, complaints, and similar information, to enhance service quality and manage customer relationships.
6) Marketing activities: For most marketing endeavors, such as disseminating information about our services, we process your Personal Data with your consent, if mandated by law.
7) Anti-money laundering compliance: To adhere to anti-money laundering regulations and assess you as a potential customer, we process Personal Data concerning your employer, position, citizenship, business affiliations, and fund origins, among other information necessary for customer due diligence and detecting suspicious transactions.
8) Legal compliance: We process your Personal Data to fulfill our legal obligations, such as reporting to public authorities, investigative bodies, and law enforcement agencies as required by applicable laws and regulations. Additionally, we utilize your Personal Data for various solvency, accounting, and auditing purposes.
HOW DO WE COLLECT YOUR PERSONAL DATA?
Personal data is collected through direct provision by the data subject, usage of services, and third-party sources such as cooperation partners, databases maintainers, and state institutions.
RECIPIENTS OF PERSONAL DATA
Personal data may be shared with service intermediaries, relevant authorities, state institutions (State Revenue Service, Financial Intelligence Unit, Consumer Rights Protection Centre of Republic of Latvia) and authorized personnel of Exomoon SIA and its partners.
Access to personal data is restricted to authorized employees and partners who require it for their duties, in compliance with data protection laws.
DO WE CONDUCT AUTOMATED DECISION MAKING AND PROFILING?
Exomoon SIA may employ automated individual decision-making and profiling to evaluate and forecast personal preferences, interests, reliability, and behavior. This aids in tailoring services and offers to meet the needs of clients effectively. However, individuals have the right to object to such processing, particularly if it could result in legal or negative consequences for them.
DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EU/EEA?
Personal data is stored within the European Union and European Economic Area, ensuring compliance with data protection regulations.
HOW LONG DO WE STORE YOUR PERSONAL DATA?
1) The necessity to retain your Personal Data to fulfill obligations under valid service agreements.
2) The requirement to retain your Personal Data to comply with legal obligations, such as those stipulated in the "Law on the Prevention of Money Laundering and Terrorist and Proliferation Financing," typically for a period of 5 years, and other specified timeframes outlined in relevant legal regulations.
3) The retention of your Personal Data to safeguard our interests in the event of potential claims following the conclusion of our business relationship, often for a duration of 10 years in line with general limitation periods for liability rights.
4) Our or a third party's legitimate interests that may be compromised if your Personal Data is deleted, particularly regarding your right to restrict data processing.
5) The necessity to retain your Personal Data to substantiate the lawful processing of Personal Data during previous periods, such as documenting your consent to previous processing activities.
6) In cases where the processing of your Personal Data is based on your Consent, we retain it as long as your Consent remains valid for the relevant processing purposes, unless another legal basis for processing your Personal Data is available.
If, upon assessment, we identify varying reasonable retention periods for your Personal Data, such as those between statutory retention periods and periods necessary to protect our interests, this serves as sufficient grounds for extending the storage duration of your Personal Data.
Should one or more of the aforementioned criteria be met, we undertake to ensure the deletion or anonymization of your Personal Data.
WHAT ARE YOUR RIGHTS TO THE PROCESSING OF PERSONAL DATA, AND WHAT DO WE DO?
1) You can withdraw consent for the processing of your Personal Data at any time (if consent was given), notifying us via email using an e-signature.
2) You have the right to access your Personal Data and receive:
· Confirmation or denial of whether we process your Personal Data.
· Information regarding the Personal Data we process.
· Additional details about the processing of your Personal Data to verify accuracy and compliance with legal requirements.
3) You can rectify your Personal Data if you reasonably believe it to be inaccurate or incomplete, considering the processing purposes. Should you notice any inaccuracies or incompleteness in your Personal Data, please inform us for correction, with a possible requirement for supporting documents.
4) Your Personal Data can be deleted if:
· It's no longer necessary or usable for the original processing purposes.
· There are reasonable grounds to believe it's being processed unlawfully.
· Legal retention periods mandate its deletion.
We'll ensure deletion of your Personal Data in our possession, including from our partners, if it's no longer necessary. However, deletion may be refused if mandated by law or if it involves disproportionate effort.
5) You can request restriction of processing if:
· You dispute the accuracy of your Personal Data, with the restriction lasting until accuracy verification.
· You believe processing is unlawful, opting for restriction instead of deletion, with the duration specified by you.
· We no longer need your Personal Data, but you require it to exercise or defend legal rights and interests.
· You object to our processing of your Personal Data based on legitimate interests, with the restriction applicable until reevaluation of said interests.
However, we retain the right to process your Personal Data in certain cases, such as for legal rights defense. We'll ensure your Personal Data is restricted unless disproportionate effort is required.
6) You can transfer your Personal Data, received based on consent and contractual obligations and processed by automated means, for personal use or to another service provider if feasible. We'll assess the impact on third-party rights and freedoms.
7) You can object to the processing of your Personal Data based on our legitimate interests. However, you can't exercise this right if consent was given or if processing is necessary for agreement performance.
8) You can opt out of automated individual decision-making, including Profiling, with potential legal or negative consequences. This right can be exercised where necessary for agreement performance, as specified by law, or with explicit Consent to such processing of your Personal Data.
SUBMISSION OF A REQUEST
You may submit your request via email info@exomoon.lv or by sending the signed request to our legal address.
We commit to responding to your request promptly, within one month of receiving it. However, if the scope of your request warrants, we reserve the right to extend this deadline by an additional two months. Should an extension be necessary, we will notify you within one month of receiving your request, providing the reasons for the delay.
We will furnish you with the requested information via encrypted email.
There is no charge for processing your request.
Nevertheless, if we observe that your requests are repetitive, clearly unfounded, or excessive, considering the administrative costs involved (including staff resources), we may evaluate them accordingly.
SECURITY OF PROCESSING
Exomoon SIA implements organizational, physical, and technological measures to ensure the security of personal data in alignment with risk assessments. Staff members receive appropriate training on personal data handling, and processors adhere to instructions and legal requirements.
OTHER ISSUES
These terms may be amended or supplemented unilaterally due to changes in regulatory enactments or operational adjustments. Notice of changes unrelated to legal requirements will be provided at least 90 days in advance, and information regarding amendments is available on the Exomoon SIA website.
Last update: 11 March 2024