This Privacy Policy explains how Breinrock Ltd and its affiliates (Breinrock, We) process the personal data of the users of Breinrock’s website (Website) and any services or products made available through the website (collectively, Services). This Privacy Policy applies to residents of the EEA or to the processing of personal data by an EEA-established entity.
Breinrock Ltd is a company incorporated in Cyprus with registration number HE 39080, registered in Cyprus, at the address: 35 Thekla Lysiotis, Eagle Star House, 5th floor 501, 3030 Limassol, Cyprus.
Breinrock Ltd’s affiliates include: Breinrock Ltd, FINTRAC license number M20573902 a company incorporated under the laws of Canada and having its place of business at 100 King Street West Suite 5700, Toronto, permitted to act as money transfer business; Esettlements LTD, License number FRN929896 a company incorporated under the laws of United Kingdom and having its place of business at 73 Mornington Street, London, NW1 7QE; Breinrock S.R.O License number 043 86 329, a company registered in Czech Republic, and having its place of business at Evropská 2758/11, Dejvice, 160 00 Prague 6; Breinrock DIFC Tech limited, trade license number CL5927 a company registered in UAE, and having its place of business at Emirates Financial Tower S21109, DIFC, Dubai.
Breinrock will be the “data controller” or “controller” in relation to any personal data provided to us directly via email, phone, chatbot, and post or via the Services, including the Website, or any other available communication channel offered by Breinrock to you. This means that we are responsible for deciding how we will hold and use personal data about you.
By using or navigating the Website and the Services, you acknowledge that you have read, understand, and agree to be bound by this Privacy Policy. You should not provide us with any of your information or use the Website or Services if you do not agree with the terms of this Privacy Policy. This Privacy Notice is incorporated into our terms of use.
We encourage you to review and check the Services, including the Website regularly for any updates to this Privacy Policy. We will publish the updated version on the Website and by continuing to deal with us, you accept this Privacy Policy as it applies from time to time.
Persons under the age of 16 cannot provide any personal information through our Website, Services, social media account. If you are a person below the age of 16, before submitting personal information, you must obtain the consent of your parents or other legal guardians.
Contact
You may contact our Data Protection Officer:
By email at: [email protected]
- DATA PROTECTION PRINCIPLES
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is any information about you that enables us to identify you or the beneficiary of your transaction with us, either directly or indirectly. Personal data covers information such as your name and contact details, but also information such as identification numbers, electronic location data, and other online identifiers.
We are committed to complying with applicable data protection laws and will ensure that personal data is:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- Accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about;
- Kept securely.
- What personal information we collect about you
We only collect the most relevant, proportionate for each purpose and strictly necessary personal information from you in the course of our business when you access, visit or use our Services. We collect data that are:
- necessary to provide our services to you, such as when you sign-up and open an account with us, when we carry out the necessary KYC checks, and when you use our Services;
- information necessary to verify your age and identity;
- information about your preferences and interests;
- information about your use of the Services;
- information about the device you are using.
The personal information that we collect, and process includes:
- Data that have to do with your identity and your personal and contact information, such as your first name, last name, username, title, date of birth, personal number/code, date and place of birth, nationality, registered address, correspondence address, details of the personal identity documents (such as passport, identity documents), workplace contact information, the company you work for, images and selfie, signature, tax identification number, tax residency, email address, mobile phone number and other contact details, occupation, PEP status, and other commercial and/or identification information, such as details of your transactions or other information that may be needed under anti-money laundering obligations
- Data connected to your account with us, such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Payment information – such as details of any transactions carried out using any of the Services, bank account number, e-wallet information, details about payments and transfers made using the Services,
- Data that have to do with the technical aspects of your visit to, and use of, the Services, such as the IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices that you use to access and use the Services. This could also include your precise geolocation.
- How we collect your data
We collect your data in various ways. These include the following:
- We may collect information that you provide directly.
Typically, this will happen when you register or sign-up with us, where you create an account with us, when you fill in any application form, when you subscribe to our newsletter, when you participate in surveys, when you send us an email, when you sign a contract with us
- We may collect information about you automatically.
When you use our Services, including when you interact with our website without logging in your account, we will automatically collect technical-related data about you, your equipment, browsing actions and patterns.
Every time you use or access the Services, and our website, data is collected. This data is stored in log files on the server and can include, the temporary storage of data and log files. The IP address is temporarily stored in the system as it is necessary to provide website access to your computer or other device. The IP address is retained while that website is being accessed. These log files are stored to ensure website functionality, optimize the content of our website, and ensure the security of our IT system.
Typically, automatic collection of data will happen when you browse and use our Services and Website, social media pages, (usually with the use of cookies and other similar tracking technologies).
- We may acquire information about you from third parties.
We do this where we are permitted by law. This may be the information provided by our partners, marketing agencies, your public profile information such as in social media platforms, like LinkedIn, Facebook, Twitter, Instagram). We may associate the information we receive about you from yourself, public and commercial sources with other information we receive from you or about you.
These are the typical ways in which we collect information about you. We may collect information about you in other cases that are not covered by this Privacy Policy or using other methods not covered by this Policy. If this happens, we will inform you additionally.
- How we use your personal information and basis for such use
Purposes for which we will use your personal data
We will use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- When we have your consent,
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
We do not generally rely on consent to process your personal data. We rely on other grounds for processing. We only rely on consent where this is required by law or where we consider that processing data is necessary, and we cannot rely on other grounds.
Purposes and Bases for Processing
In general, we may use your personal data to carry out, provide, fix, and improve our Services, develop new Services, and market our Services.
Below, we explain the ways we plan to use your personal data and the grounds we rely on. We may rely on more than one ground to use your data. You can contact us any time to ask for more details on the grounds we are relying on to use your data.
Purpose |
Legal Basis |
Personal Information |
To enable you to register and sign-up with us and to administer your account, to contact you and to update our records about you |
Perform of our contract with you |
Personal and Contract information such as your first name, last name, username, title, date of birth, personal number/code, date and place of birth, nationality, registered address, correspondence address, details of the personal identity documents (such as passport, identity documents), workplace contact information, the company you work for, images and selfie, signature, tax identification number, tax residency, email address, mobile phone number and other contact details, occupation, PEP status, and other relevant details Data connected to your account with us, such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
|
To provide you, carry out and perform the Services and to carry out our obligations related to the provision of the |
Legal Obligation Performance of our contract with you |
Personal and Contract information such as your first name, last name, username, title, date of birth, personal number/code, date and place of birth, nationality, registered address, correspondence address, details of the personal identity documents (such as passport, identity documents), workplace contact information, the company you work for, images and selfie, signature, tax identification number, tax residency, email address, mobile phone number and other contact details, occupation, PEP status, and other relevant details Payment information – such as details of any transactions carried out using any of the Services, bank account number, e-wallet information, details about payments and transfers made using the Services,
|
To confirm Client’s identity and verify personal and contact details in order to confirm Client’s eligibility to use our products and services and to comply with any applicable legal and/or regulatory requirements |
Legal Obligation Legitimate Interest |
Personal and Contract information such as your first name, last name, username, title, date of birth, personal number/code, date and place of birth, nationality, registered address, correspondence address, details of the personal identity documents (such as passport, identity documents), workplace contact information, the company you work for, images and selfie, signature, tax identification number, tax residency, email address, mobile phone number and other contact details, occupation, PEP status, and other relevant KYC details |
To communicate with you regarding the Services, and any updates and developments thereof |
Necessary to perform legal obligations Legitimate Interest
|
Name, surname, email address, telephone number, social media information. |
To respond to and process your queries and requests. |
Legitimate interest |
Name, surname, e-mail address, social media information and any other contact you ask us to respond you to |
To provide information about the Services |
Performance of the contract with you |
name and surname, email address, mobile phone number. |
To monitor and record your telephone calls |
Legal Obligation Performance of the contract with you |
Personal and Contract information such as your first name, last name, username, title, date of birth, personal number/code, date and place of birth, nationality, registered address, correspondence address, details of the personal identity documents (such as passport, identity documents), workplace contact information, the company you work for, images and selfie, signature, tax identification number, tax residency, email address, mobile phone number and other contact details, occupation, PEP status, and other relevant details Payment information – such as details of any transactions carried out using any of the Services, bank account number, e-wallet information, details about payments and transfers made using the Services,
|
To find out how people use our Services, including our Website, in order to improve them and create new content, products and services. |
Legitimate interest to monitor the quality of the services provided, develop and improve the content that we provide, and ensure the security of the Website and Services. |
IP address, operating system version and parameters of the device you use to access content / products, the usage time and duration of your session, query terms that you enter on our website, and any information stored in the cookies that we have detected on your device, GPS signal of the device, or information about the closest Wi-Fi access points and cellular towers that may be passed to us when you are using our website content. |
Defend our interests in court or other institution |
Legal obligation Legitimate interest in defending against claims |
Any personal data that is relevant to the claim and is needed to defend ourselves |
We reserve the right to offer you supplemental documents to this privacy policy that will describe the ways in which we process your personal data, other than as described above in the table.
Change of Purpose
We will use your personal data for the purposes for which we collect it or where we reasonably consider that we need to use it for another reason only if this reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
- How long we keep your personal information
Personal data is used for different purposes, and is subject to different standards and regulations. In general, personal data is retained for as long as necessary to provide you with services you request, to comply with applicable legal, accounting or reporting requirements, and to ensure that you have a reasonable opportunity to access the personal data.
To determine the appropriate retention period for personal data, we consider the applicable legal requirements, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means. For example,
- we will retain your personal data if we are required to comply with legal and regulatory obligations, compliance procedures and legal limitation periods. We will retain your personal data for a period after closure of your account with us or the last transaction we carried out for you. (Legal requirements)
- Personal data provided to us for marketing purposes may be retained until you opt out or until we become aware the data is inaccurate.
- Who we share your personal information with
We may disclose your information to our employees, agents, and Affiliates to perform services for us.
We may also disclose your information to third parties, such as:
- Service Providers who provide services to us as we request them, such as IT and system administration services, cloud storage service providers, fraud detection, customer support, remote ID verification providers, strong customer authentication, e-signature providers,
- Companies that assist in payment transactions such as financial institutions, like banks, payment service providers like electronic money and payment institutions, international payment service organizations like SWIFT and TARGET 2.
- Relevant business partners, like banking partners and intermediaries, international payments services provider, as well as card manufacturing/personalisation and delivery companies, fraud and risk mitigation service provider.
- Professional advisers including lawyers, auditors, and insurers who provide relevant services,
- Governmental agencies or entities, regulatory authorities, or other persons in line with applicable rules, orders, subpoenas, official requests, or similar processes as either required or permitted by applicable law.
- Advertising networks that help organise competitions and promotions,to support and display ads on our website, apps and other social media tools.
- Third party service providers to assist us with client insight analytics, such as Google Analytics.
Please note the following:
- This list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide our services as effectively as we can.
- We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
- How we protect your personal information
We use a variety of technical and organisational measures to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction consistent with the applicable data protection laws and the EU General Data Protection Regulation. We have also implemented appropriate information security policies, rules and technical measures to secure your personal information collected by us. Your personal information is saved in an encrypted form.
All of our partners, employees, consultants, workers and data processors (i.e. those who process your personal information on our behalf,), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of such personal information, keep it secure and protect it.
- Which countries we transfer your personal information to
In order to provide our Services, we may need to transfer your personal information to locations outside the EEA. For any transfer of data outside the EEA, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws and the EU General Data Protection Regulation.
In specific, we only transfer personal data outside the EEA where we implement the appropriate measures to ensure a level of protection that is equivalent to that of the EU. To that end, we rely on either of the following measures:
- We transfer data to a jurisdiction that is recognised by the European Commission as applying adequate data protection standards,
- The data recipient has signed an agreement based on the Standard Contractual Clauses, or where the data recipient is a group company, the binding corporate rules apply, subject to any applicable additional safeguarding measures, if necessary, or
- Any other ground recognised at EU level as proper for third country transfers.
- Direct Marketing
We may sometimes contact you (by email, SMS text, letter or phone) in order to provide targeted marketing about our Services. Such marketing communications will only be sent to you if you gave your consent (when you registered for our Services or at another point) and you have not withdrawn such consent or if there is another basis to send such communications to you (for example, in certain circumstances, we may send marketing communications solely about our Services to existing customers using contact details we have obtained directly from the customer during the course of registration or the provision of our Services to them, provided they have not previously unsubscribed from such communications).
You have the right to object where we are processing your personal information for direct marketing purposes. This means you can opt-out from receiving direct marketing from us at any time.
How to stop Marketing Messages from Us
You can ask us to stop sending you marketing material and messages any time. You can use any of the following methods:
- By following the unsubscribe or opt-out links in any marketing email or marketing message, or
- By adjusting your marketing preferences where we provide relevant links in your account, or
- By contacting us at any time at [email protected] or via any other means of communication (including social media messages).
Where you opt out of receiving marketing messages, you will not stop receiving service communications, such as updates regarding the Services you use.
You should note that we are opposed to third-party spam mail activities and do not participate in such mailings,
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our Services may be come inaccessible or not function properly.
For more details, see our Cookie Policy [LINK].
- Profiling
We do not carry out any automated decision-making about you where this has a legal or similar significant effect, including profiling. In case we carry out any such profiling, we will let you know. Please note that you have the right not to be subject to profiling, and you can exercise this right by contacting us in writing at [email protected].
- Your rights regarding your personal information
You have the following rights in relation to the personal information we hold about you. Please note that some of these rights will only apply in certain circumstances and some of them may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to reasons of confidentiality obligations.
- Access: you are entitled to ask us if we are processing your data and, if we are, you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and certain other information about it;
- Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected;
- Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims;
- Restriction: you are entitled to ask us to suspend the processing of certain of your personal data about you, for example if you want us to establish its accuracy or the reason for processing it;
- Transfer: you may us to help you request the transfer certain of your personal data to another party;
- Objection: where we are processing your personal data based on legitimate interests (or those of a third party) and you may challenge this. However, we may be entitled to continue processing your information. You also have the right to object where we are processing your personal information for direct marketing purposes;
- Automated decisions: you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.
- Consent: where we are processing personal data with consent, you can withdraw your consent.
If you want to exercise any of these rights, please contact us at [email protected]. Please note that you also have a right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus, which is the competent authority.
- Links to third party websites
Our Services may include links to third-party websites, plug-ins (such as social media plug-ins) and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
- Changes to this Policy
We may make changes to this Privacy Policy from time to time. To ensure that you are always aware of how we use your personal information we will update this Privacy Policy from time to time to reflect any changes to our use of your personal information. We may also make changes as required to comply with changes in applicable law or regulatory requirements. Where it is practicable, we will notify you by email of any significant changes. However, we encourage you to review this Privacy Policy periodically to be informed of how we use your personal information.
Last updated: July 1, 2024