1. Introduction

At Guardarian OÜ we process your personal data in accordance with privacy laws and this Privacy Policy to make sure your data protection rights are implemented and enforceable. We have implemented different technical and organizational solutions to comply with applicable legislation related to the processing of personal data, privacy, and data security in countries where we operate or where the applicable law applies to us. The Privacy Policy sets forth the basic rules and principles by which we process your personal data, and mentions our responsibilities while processing your personal data according to transparency obligations. We do not intend to collect personal data of children or persons under the age of 13 (thirteen) years old.

2. Legal grounds for the processing

There are legal grounds necessary for the processing of personal data and we count on them to process your personal data. We use the main four grounds to process your personal data: consent, contract, legal obligation, and legitimate interests.

Consent – the freely given, informed, and unambiguous indication of your wishes to the processing of your personal data for a specific purpose which signifies agreement to the processing of personal data.

Contract – a legal ground for the processing of your personal data necessary for us to perform a contract or terms and conditions to which you are a party or in order to take steps at your request prior to entering into the contract or terms and conditions.

Legal obligations – a legal ground for the processing of your personal data when it is necessary for compliance with a legal obligation to which we are subject;

Legitimate Interests – a legal ground for the processing of your personal data when it is based on our legitimate interests or the legitimate interests of a third party, provided that those interests are not outweighed by your rights and interests and those interests have a specific purpose, they are necessary, and they are balanced.

Applicable laws have other legal grounds for the processing and when they are applicable we will count on such grounds.

3. Consent rule and interrelation with other legal grounds

If you have given consent to the processing of your data you can freely withdraw such consent at any time by contacting us.

If you do withdraw your consent, and if we do not have another legal basis for the processing of your data, then we will stop the processing of your personal data and will delete in specific situations, including in case if you request the deletion of your personal data and we are obliged to delete your personal data according to the applicable law.

If we have another legal basis for the processing of your data, then we will continue to do so, subject to your legal interests and rights.

4. Our responsibilities

When we process personal data, we have obligations according to the applicable laws. We act as a data controller when we determine the purposes and means of the processing of your personal data.

5. Recommendations for you

Please read this Privacy Policy carefully. We want to make sure that you understand all your rights. It is important for both of us that you maintain your personal data confidential and secure.

6. Processed data

We process personal data when you interact with our website (the “Website”) or use our services, especially when:

  • - we provide our services;
  • you browse any page of the Website;
  • you communicate with us or leave a query;
  • you sign-up or login on the Website;
  • you subscribe to our newsletters/updates;
  • you receive notification from us;
  • we need to share your personal data with the authorized third-parties to provide the services, especially for conducting KYC and AML procedure; and
  • we measure or analyze the Website’s traffic.

7. Collected categories of personal data and recipients

We collect the following categories of personal data:

  • your identification information necessary for your identification such as name, address, etc.;
  • documents and information necessary for compliance with KYC and AML rules such as copies of your identification documents (passport, ID card, driving license or other documents for the compliance) and information from external sources such as public databases, credit bureaus, ID verification partners, resellers and channel partners, joint marketing partners, and social media platforms;
  • data that identifies you such as your IP address, language, country, browser type, and version, time zone setting, browser plug-in types, some location information about where you might be, operating system and version;
  • data on how you use the Website such as your URL clickstreams (the path you take through the Website), page response times, download errors, how long you stay on web pages, what you do on those pages, how often, and other actions;
  • other personal data you share with us or personal data that we may legally obtain from some sources.

We never collect sensitive data. We do not use automated decision making or any kind of automated profiling. The recipients of the collected data are (1) the highest management level of our company for whom it is necessary to process personal data for the functionality of the company and (2) third-party service providers indicated below.

8. Purposes and legal basis for the processing

We process the data for:

  • Providing services. We need to provide services via the Website. Legal basis: Contract. Accepting payments and provision of the services. Legal basis: Contract.
  • Providing newsletters/offers/updates which may be interesting to you. Legal basis: Consent for newsletters; Legitimate Interests for offers and updates.
  • Registering you as a user. Legal basis: Contract.
  • Compliance with applicable anti-money laundering and know your client rules. Legal basis: Legal obligation.
  • Keeping the Website running (managing your requests, remembering your settings, hosting, and back-end infrastructure). Legal basis: Legitimate Interests.
  • Preventing frauds, illegal activity, or any violation of the terms or Privacy Policy. We may disable access to the Website, erase or correct personal data in some cases. Legal basis: Legitimate Interests.
  • Improving the Website (testing features, interacting with feedback platforms, managing landing pages, heat mapping the Website, traffic optimization, and data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using third parties to do this). Legal basis: Legitimate Interests.
  • Customer support (notifying you of any changes to the Website, services, solving issues, any bug fixing). Legal basis: Legitimate Interests.

9. Your rights as data subject

You can exercise the following rights by contacting us.

You have the right to access information about you, especially:

  • the categories of data;
  • the purposes of data processing;
  • third parties to whom the data disclosed;
  • how long the data will be retained and the criteria used to determine that period;
  • other rights regarding the use of your data.

The right to access information may be performed only by you or your legal representative. In case if you request the right to access information via a legal representative, you have to provide proof of whether such a person may represent you.

You have the right to make us correct any inaccurate personal data about you.

You have the right to the data portability of your data to another service or website. We will give you a copy of your data in a readable format so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you.

You can object to using your personal data for profiling you or making automated decisions about you. We may use your data to determine whether we should let you know the information that might be relevant to you.

You have the right to be “forgotten”. You may ask us to erase any personal data about you if it is no longer necessary for us to store the data for purposes of your use of the Website.

You have the right to lodge a complaint regarding the use of your data by us. You can address a complaint to your national regulator (the list of the regulators are accessible via https://edpb.europa.eu/about-edpb/board/members_en).

Once we receive any of your requests we will consider and decide on it within one month unless there is a justified requirement to provide such information faster. This term may be extended according to the applicable law.

We may request specific information from you to confirm your identity when necessary and reasonable. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

You do not need to pay a fee to access information or other rights but we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or refuse to comply with your request in these circumstances.

10. Security

We have security and organizational measures and procedures to secure the data collected and stored and to prevent it from being accidentally lost, used, altered, disclosed, or accessed without authorization. We allow disclosure of your personal data only to those employees and companies who have a business need to know such data. They will process the personal data on our instructions and they are obliged to do it confidentially.

You acknowledge that no data transmission is guaranteed to be 100% secure and there may be risks. You are responsible for your login information and password. You shall keep them confidential. In case if your privacy has been breached, please contact us immediately. We have procedures in place to handle any potential data breach and we will inform a regulator of a breach if we are legally required to do so.

11. Location of the processing of the personal data and third-party service providers

The personal data is collected and processed by the company incorporated in Estonia and the servers are located in Germany.

The Website contains links to third-party sites. The Privacy Policy does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their sites, features or policies. Please read their privacy policies before you submit any data to them.

There are the following third parties:

  • email service providers to notify you and for direct marketing purposes such as SendGrid or Mailchimp;
  • card payment provider;
  • Banks(for SEPA payment);
  • KYC/AML service provider such as Sum&Substance;
  • services providing fraud-preventing and risk modeling tools such as MaxMind;
  • website analytics companies to analyze data and improve our services and the Website such as Google Analytics which is a part of the EU-U.S. Privacy Shield Frameworks which allow to transfer personal data outside the EU;
  • advertising companies for marketing purposes such as Google AdWords;
  • social media companies to promote and be present in social media such as Facebook, Instagram,

LinkedIn, Twitter, YouTube, Telegram, GitHub, Discord, medium, Reddit.

12. Retention policy

We store personal data as long as we need it and the retention practice depends on the type of data we collect, regulatory burden, and how we use the personal data. The retention period is based on criteria that include legally mandated retention periods, pending or potential litigation, tax and accounting laws, intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving.

In some circumstances, we may anonymize your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you. For the purposes of the KYC/AML, we will store and process your personal data for 5 (five) years.

13. Cookie policy

The Website uses cookies to collect information about your access to and use of the Website. Cookies are pieces of information that include a unique reference code that we transfer to your device to store and sometimes track information about you.

A few of the cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to the Website and will last for longer.

We use cookies that allow us to monitor and analyze web traffic and can be used to keep track of your behavior. They are provided by Google Analytics that is a web analysis service provided by Google LLC (“Google”). Google utilizes information collected to track and examine the use of this Website, to prepare reports on its activities, and to share them with other Google services. Place of processing of Google: United States; its policy: Privacy Policy. Google is a Privacy Shield participant that allows to transfer data to the United States.

Most browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that. You can prevent the setting of cookies by adjusting the settings on your browser. Alternatively, you may wish to visit https://aboutcookies.org, which contains comprehensive information on how to do this on a wide variety of browsers. Please note, however, that by blocking or deleting cookies you may not be able to take full advantage of the Website.

14. Contact information

If you still have any question or need clarification with regard to our privacy practice, please contact us: Guardarian OÜ, a private limited company incorporated in Rotermanni 2, 10111, Tallinn , Estonia. Email: [email protected]