1.2. The Data controller sets as its most important goal and condition for the implementation of its activities - respect for human and civil rights and freedoms when processing his personal data, including the protection of the rights to privacy, personal and family confidentiality.
1.3. This Data controller 's policy regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Data controller can obtain from the https://garantex.org/ website about the visitors.
2. Basic concepts used in the Policy
2.1. Automated processing of personal data — processing of personal data using computer technology;
2.2. Blocking of personal data — temporary termination of the processing of personal data (except for cases where processing is necessary to clarify personal data);
2.3. Cross-border transfer of personal data — the transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or foreign legal entity;
2.4. Cookie — a small text file that is stored on a user’s computer for record keeping purposes;
2.5. Criminal offence data — personal data relating to criminal convictions and offences;
2.6. Data controller — for the purpose of the General Data Protection Regulation and European privacy laws the data controller is Garantex Europe OÜ with company registration number 14850239 and the registered address Harju maakond, Tallinn, Kesklinna linnaosa, J. Poska tn 51a/1-3, 10150, Estonia and its data processors;
2.7. Data processor — any person (other than an employee of the data controller) who processes the data on behalf of the data controller;
2.8. Depersonalization of personal data — actions as a result of which it is impossible to determine, without the use of additional information, the belonging of personal data to a specific User or other subject of personal data;
2.9. Dissemination of personal data — any actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or at acquaintance with the personal data of an unlimited number of persons, including the disclosure of personal data in the media, posting on information and telecommunication networks or providing access to personal data in any other way;
2.10. Destruction of personal data — any actions as a result of which personal data is destroyed irrevocably with the impossibility of further restoring of the content of personal data in the personal data information system and (or) material carriers of personal data are destroyed;
2.11. Personal data — any information relating directly or indirectly to a specific or identifiable User of the website https://garantex.org/ any information relating to an identifiable person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2.12. Personal data information system — a set of personal data contained in databases, including technologies and technical means providing its processing;
2.13. Processing of personal data — any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
2.14. Personal data provision — actions aimed at disclosing personal data to a certain person or a certain circle of persons;
2.15. Special categories data — personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
2.16. User — any individual or legal entity who registered on the website https://garantex.org/;
2.17. Visitor — any individual or legal entity who visits the website https://garantex.org/ and does not have the right to use the services provided on the website;
2.18. Website — a set of graphic and information materials, as well as computer programs and databases, ensuring their availability on the Internet at the network address https://garantex.org/;
3. Personal information of the User that might be collected
3.1. Most of the personal information Garantex process is provided to Garantex directly by User for the following reasons:
- Garantex collects the information provided by User to operate effectively and provide User the best experiences with Garantex Website, products and services.
- Garantex collects information required by Garantex Rules of procedure and internal audit rules compiled pursuant to the Money Laundering and Terrorist Financing Prevention Act, which were approved by the Financial Intelligence Unit of Estonia, and according to Estonian Money Laundering and Terrorist Financing Prevention Act.
- User provides some of this information voluntarily by filling forms on Garantex Website, creating an account at Garantex Website. This includes information User provides if User subscribes to any service Garantex offers through Garantex Website, sends Garantex a query or feedback, signs up for information on events, uploads a document with User’s enquiry, make via the Website, participates in discussion boards or other social media functions on Garantex Website, promotion or survey, provide User’s postcode to help Garantex to find nearest branch to User’s location, or when User reports a problem with Garantex Website.
3.2. The information that Garantex collects from User includes:
- Full name, residential address and contact details (e.g. email address, telephone number, fax etc.);
- Addresses on blockchains User uses to make transactions;
- Date of birth, place of birth, gender, citizenship;
- Bank account information, credit card details, including details about User’s source of funds, assets and liabilities;
- Trading account balances, trading activity, User’s inquiries and Garantex responses;;
- Information on whether you hold a prominent public function (PEP);
- Verification information, which includes information necessary to verify User’s identity (passport, driver’s license or Government-issued identity card);
- Photo/ video of User with ID;
- Other Personal Information or commercial and/or identification information – Whatever information Garantex, in sole discretion, deem necessary to comply with Garantex legal obligations.
3.3. Information Garantex collects about User automatically includes:
- Information that is automatically collected via analytics systems providers to determine User’s location, including User’s IP address and domain name and any external page that referred User to us, User’s login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform;
- Information that is generated by User’s use of Garantex Website that is automatically collected and stored in Garantex server logs. This may include, but is not limited to, device-specific information, location information, system activity and any internal and external information related to pages that User visits, including the full Uniform Resource Locators (URL) clickstream to, through and from Garantex Website (including date and time; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page;
Garantex obtains information about User in a number of ways through your use of Garantex services, including through any of Garantex Websites, the account opening process, sign-up forms, event subscribing, news and updates subscribing, and from information provided in the course of on-going support service communications. Garantex also receives information about User from third parties such as User payment providers, online identification providers and through publicly available sources.
3.4. Information Garantex receives about User from other sources:
- The banks, EMIs or payment systems User uses to transfer money to Garantex will provide Garantex with User’s basic personal information, such as User’s name and address, as well as User’s financial information such as User’s bank account details;
- User’s business partners may provide Garantex with your name and address, as well as financial information;
- Advertising networks, analytics providers and search information providers may provide Garantex with anonymized or de-identified information about User, such as confirming how User found Garantex Website;
- Identity verification providers may provide Garantex with User’s name, email, citizenship, age or birthdate, public keys / public keys certificates;
Personal Information User provides during the account creation process will be retained for one year, even if User registration is incomplete or abandoned.
4. Data processors
4.1. Garantex uses a combination of industry-standard security technologies, procedures, and organizational measures to help protect your Personal Data from unauthorized access, use or disclosure.
4.2. The data processing consisting in hosting provider services (storage and maintenance of databases containing your personal data, protected by password) is performed on Garantex behalf and underwritten confidentiality agreements by Garantex authorized data processors. Once this contract is terminated, data processors will return data to Garantex or transmit to another processor appointed by Garantex, and erase any copy in its possession. However, the processor may keep the data locked to address possible administrative or jurisdictional responsibilities.
4.3. Trusted partners (data processors) who work on Garantex behalf under confidentiality agreements and might store, maintain or process your data.
4.3.1. Garantex has partnered with a number of authorized service providers (data processors), whose services and solutions complement, facilitate and enhance our own under written confidentiality agreements that guarantees that the requirements of the GDPR will be met and the rights of data subjects are protected. Data processors only act on behalf of Garantex documented instructions. They have direct responsibilities under the GDPR and may be subject to fines or other sanctions if they don’t comply.
4.3.2. Data processors may receive or otherwise have access to your identifiable or non-identifiable personal data, in its entirety or in part – depending on each of their particular roles and purposes in facilitating and enhancing our Services and business, and may only use it for such purposes.
5. Usage of personal information
5.1. Garantex may use information that Garantex collects about you to:
5.1.1. deliver the products and services that you have requested;
5.1.2. manage your account and provide you with customer support;
5.1.3. perform research and analysis about your use of, or interest in, Garantex products, services, or content, or products, services or content offered by others;
5.1.4. communicate with you by email, postal mail, telephone and/or mobile devices about products or services that may be of interest to you either from Garantex or other third parties;
5.1.5. enforce Garantex terms and conditions;
5.1.6. manage Garantex business and perform functions as otherwise described to you at the time of collection.
5.2. Garantex may use financial information or payment method to protect against or identify possible fraudulent transactions, and otherwise as needed to manage our business.
5.3. Garantex may share your personal information with our authorized service providers that perform certain services on our behalf. These services may include fulfilling orders, processing credit card payments, delivering packages, providing customer service and marketing assistance, performing business and sales analysis, supporting Garantex website functionality, and supporting contests, sweepstakes, surveys and other features offered through Garantex Website. These service providers may have access to personal information needed to perform their functions but are not permitted to share or use such information for any other purposes.
6. Disclosure of personal information
6.1. Garantex also may disclose your information:
6.1.1. in response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency;
6.1.2. to establish or exercise our legal rights;
6.1.3. to defend against legal claims;
6.1.4. when Garantex believes disclosure is appropriate in connection with efforts to investigate, prevent, or takes other action regarding illegal activity, suspected fraud or other wrongdoing;
6.1.5. to protect and defend the rights, property or safety of Garantex, our users, our employees, or others;
6.1.6. to comply with applicable law or cooperate with law enforcement;
6.1.7. to enforce Garantex website terms of services or other agreements or policies;
6.1.8. or as otherwise required by law.
6.2. Disclosure of information to third parties
6.1.1. Garantex does not rent, sell, or share personal information about you with other people or non-affiliated companies without your consent except to provide products or services you’ve requested, when Garantex have your permission, or under the following circumstances:
6.1.2. Garantex provides the information to trusted partners who provide Garantex services under confidentiality agreements as described in Paragraph “Trusted partners (data processors) who work on our behalf under confidentiality agreements and might store, maintain or process your data. These companies do not have any independent right to share this information.
7.1. Garantex do not provide any services for children (individuals under 18 years old).
8. Purposes of processing personal data
8.1. The purpose of processing the User's personal data is - conclusion, execution and termination of civil law contracts; providing the User with access to services, information and / or materials contained on the website.
8.2. Also, the Data controller has the right to send the User notifications about new products and services, special offers and various events. The user can always refuse to receive informational messages by sending a letter to the email address firstname.lastname@example.org marked "Refuse to receive notifications about new products, services and special offers."
8.3. Anonymized User data collected using Internet statistics services are used to collect information about the actions of Users on the Website, improve the quality of the site and its content.
9.1. Garantex might use the cookie types to recognize User when User visits Garantex Website or uses Garantex Services, remember User’s preferences, and gives User a personalized experience:
9.1.1. AUTHENTICATION COOKIES. If User is signed in to Garantex Website, these cookies will help Garantex show User the right information and personalize User’s experience.
9.1.2. SESSION COOKIES. These cookies store the ID of a User’s session. The cookie is set when a User signs in and is used to restore the session without entering the personal data.
9.1.4. PREFERENCE, FEATURES AND SERVICES. These cookies help Garantex to customize User’s preferences, such as which language User prefers and what User’s communications preferences are or to fill out forms on Garantex faster.
9.1.6. THIRD-PARTY COOKIES. Garantex may allow Garantex authorized service providers to serve cookies from Garantex Website to allow them to assist Garantex in various activities, such as doing analysis and research on the effectiveness of Garantex Website, content and advertising.
9.2. Garantex is also using Google analytics cookies on Garantex Website which might register a unique ID that is used to generate statistical data on how the Users uses the website, and cookies sending data to Google Analytics about the User’s device and behavior which track the User across devices and marketing channels.
10. Legal grounds for the processing of personal data
10.1. The Data controller processes the User's personal data only if it is filled in and / or sent by the User independently through special forms located on the website https://garantex.org/. By filling out the appropriate forms and / or sending his personal data to the Data controller, the User agrees with this Policy.
11. The procedure for collecting, storing, transferring and other types of processing of personal data
11.1. The security of personal data processed by the Data controller is ensured through the implementation of legal, organizational and technical measures necessary to fully comply with the requirements of the current legislation in the field of personal data protection.
11.2. The Data controller ensures the safety of personal data and takes all possible measures to exclude access to personal data by an unauthorized person.
11.3. The User's personal data will never, under any circumstances, be transferred to third parties, except in cases related to the implementation of the existing legislation.
11.4. In case of revealing inaccuracies in personal data, the User can update them independently by sending a notification to the Data controller to the Data controller 's email address email@example.com marked "Personal data update".
11.5. The period for processing personal data is unlimited. The user can withdraw his consent to the processing of personal data at any time by sending a notification to the Data controller via e-mail to the Data controller 's email address firstname.lastname@example.org marked "Withdrawal of consent to the processing of personal data."
12. International transfers
12.1. Before starting the cross-border transfer of personal data, the Data controller is obliged to make sure that the foreign state, to whose territory it is supposed to transfer personal data, provides reliable protection of the rights of subjects of personal data.
12.2. Cross-border transfer of personal data on the territory of foreign states that do not meet the above requirements can be carried out only if there is a written consent of the subject of personal data for the cross-border transfer of his personal data and/or execution of an agreement to which he is a party.
13. Final provisions
13.1. The user can receive any clarifications on issues regarding the processing of his personal data by contacting the Data controller via e-mail email@example.com.
13.2. This document will reflect any changes in the personal data processing policy by the Data controller. The policy is valid indefinitely until it is replaced by a new version.
13.3. The current version of the Policy is freely available on the Internet at https://garantex.org/privacy.
WARNING: User can modify browser setting to decline cookie. If User chooses to decline cookie User not be able to sign in and User most of the features offered on Garantex website.