logo-guardarian

1. PRIVACY POLICY

This Privacy Policy describes how Guardarian OÜ ("Guardarian ", "we", "us" and "our") handles your information when you visit our website located at https://guardarian.com/ ("website"), and/or any of our API or third party applications relying on such an API, and/or interact with our online advertisements or marketing emails (collectively the "services").

2. IMPORTANT INFORMATION

Guardarian respects your privacy and values its importance, and is wholly committed to keeping your information safe and secure. We process your personal data in accordance with privacy laws and this Privacy Policy to make sure your data protection rights are implemented and enforceable. We have implemented different technical and organizational solutions to comply with applicable legislation related to the processing of personal data, privacy, and data security in countries where we operate or where the applicable law applies to us. The Privacy Policy sets forth the basic rules and principles by which we process your personal data, and mentions our responsibilities while processing your personal data according to transparency obligations.

We do not intend to collect personal data of children or persons under the age of 13 (thirteen) years old.

Accordingly, the purpose of this Policy is to set out the basis on which we will process your Personal data when:

  1. You visit and use any page of our Website Platform, regardless of where you visit or use them from;
  2. You apply for, receive, pay and/or use any of our Services.
  3. You communicate with us or leave a query;
  4. You subscribe to our newsletters/updates;
  5. We need to share your personal data with the authorized third-parties to provide the services, especially for conducting KYC and AML procedure; and
  6. We measure or analyze the Website’s traffic.

3. COLLECTED CATEGORIES OF PERSONAL DATA AND WHY WE NEED IT

We collect the following categories of personal data:

  • your identification information necessary for your identification such as name, address, etc.;
  • your phone number for authentication purposes;
  • documents and information necessary for compliance with KYC and AML rules such as copies of your identification documents (passport, ID card, driving license or other documents for the compliance) and information from external sources such as public databases, credit bureaus, ID verification partners, resellers and channel partners, joint marketing partners, and social media platforms;
  • data that identifies you such as your IP address, language, country, browser type, and version, time zone setting, browser plug-in types, some location information about where you might be, operating system and version;
  • data on how you use the Website such as your URL clickstreams (the path you take through the Website), page response times, download errors, how long you stay on web pages, what you do on those pages, how often, and other actions;
  • other personal data you share with us or personal data that we may legally obtain from some sources.

Please note that we do not store your credit card information and KYC documents you submit for identification purposes , our payment service provider stores this information. Agreeing to this privacy policy gives our partners the right to collect and store these data

We never collect sensitive data. We do not use automated decision making or any kind of automated profiling. The recipients of the collected data are

    (1) the highest management level of our company for whom it is necessary to process personal data for the functionality of the company and


    (2) third-party service providers

4. THIRD PARTY SERVICE PROVIDERS

Our third party service providers are indicated below:

  • Sum&Substance: https://sumsub.com for KYC/AML verification;
  • Twilio: https://www.twilio.com/ for phone authentication;
  • Powercash21: https://powercash21.com/ card payment service provider;
  • Globitex: https://globitex.com/ for SEPA payment;
  • Maxmind: https://www.maxmind.com/ services providing fraud-preventing and risk modeling tools;
  • website analytics companies to analyze data and improve our services and the Website such as Google Analytics which is a part of the EU-U.S. Privacy Shield Frameworks which allow to transfer personal data outside the EU;
  • advertising companies for marketing purposes such as Google AdWords;
  • social media companies to promote and be present in social media such as Facebook, Instagram, LinkedIn, Twitter, YouTube, Telegram, GitHub, Discord, medium, Reddit.

Guardarian Website may contain links to third-party sites. This Privacy Policy does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their sites, features or policies. Please read their privacy policies before you submit any data to them. Please familiarize yourself with these providers and their privacy and liability policies. If you find any of these may not work for you, please do not access any of the Websites and do not use any of our Services.

5. LEGAL GROUNDS FOR THE PROCESSING

There are legal grounds necessary for the processing of personal data and we count on them to process your personal data.When we process personal data, we have obligations according to the applicable laws. We act as a data controller when we determine the purposes and means of the processing of your personal data. We use the main four grounds to process your personal data: consent, contract, legal obligation, and legitimate interests.

Consent – the freely given, informed, and unambiguous indication of your wishes to the processing of your personal data for a specific purpose which signifies agreement to the processing of personal data.

Contract – a legal ground for the processing of your personal data necessary for us to perform a contract or terms and conditions to which you are a party or in order to take steps at your request prior to entering into the contract or terms and conditions.

Legal obligations – a legal ground for the processing of your personal data when it is necessary for compliance with a legal obligation to which we are subject;

Legitimate Interests – a legal ground for the processing of your personal data when it is based on our legitimate interests or the legitimate interests of a third party, provided that those interests are not outweighed by your rights and interests and those interests have a specific purpose, they are necessary, and they are balanced.

6. PURPOSES AND LEGAL BASIS FOR THE PROCESSING

We process the data for:

DATA PROCESSING LEGAL BASIS
Providing services. We need to provide services via the WebsiteContract
Accepting payments and provision of the servicesContract
Providing newsletters/offers/updates which may be interesting to youConsent for newsletters; Legitimate Interests for offers and updates.
Registering you as a userContract
Compliance with applicable anti-money laundering and know your client rulesLegal obligation
Keeping the Website running (managing your requests, remembering your settings, hosting, and back-end infrastructure)Legitimate Interests
Preventing frauds, illegal activity, or any violation of the terms or Privacy Policy. We may disable access to the Website, erase or correct personal data in some casesLegitimate Interests
Improving the Website (testing features, interacting with feedback platforms, managing landing pages, heat mapping the Website, traffic optimization, and data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using third parties to do this)Legitimate Interests
Customer support (notifying you of any changes to the Website, services, solving issues, any bug fixing)Legitimate Interests

7. YOUR RIGHTS AS DATA SUBJECT

You can exercise the following rights by contacting us.

  • You have the right to access information about you, especially:
    • the categories of data;
    • the purposes of data processing;
    • third parties to whom the data disclosed;
    • how long the data will be retained and the criteria used to determine that period;
    • other rights regarding the use of your data.

The right to access information may be performed only by you or your legal representative. In case if you request the right to access information via a legal representative, you have to provide proof of whether such a person may represent you.

  • You have the right to make us correct any inaccurate personal data about you.
  • You can object to using your personal data for profiling you or making automated decisions about you. We may use your data to determine whether we should let you know the information that might be relevant to you.
  • You have the right to the data portability of your data to another service or website. We will give you a copy of your data in a readable format so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you.
  • You have the right to be “forgotten”. You may ask us to erase any personal data about you if it is no longer necessary for us to store the data for purposes of your use of the Website. Please note that we cannot grant this request if the data was collected for regulatory purposes for example AML/CFT purposes.
  • You have the right to lodge a complaint regarding the use of your data by us. You can address a complaint to your national regulator (the list of the regulators are accessible via https://edpb.europa.eu/about-edpb/board/members_en).

Once we receive any of your requests we will consider and decide on it within one month unless there is a justified requirement to provide such information faster. This term may be extended according to the applicable law. We may request specific information from you to confirm your identity when necessary and reasonable. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. You do not need to pay a fee to access information or other rights but we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or refuse to comply with your request in these circumstances.

8. RETENTION POLICY

We store personal data as long as we need it and the retention practice depends on the type of data we collect, regulatory burden, and how we use the personal data. The retention period is based on criteria that include legally mandated retention periods, pending or potential litigation, tax and accounting laws, intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving.

In some circumstances, we may anonymize your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you. For the purposes of the KYC/AML, we will store and process your personal data for 5 (five) years.

9. SECURITY

We have security and organizational measures and procedures to secure the data collected and stored and to prevent it from being accidentally lost, used, altered, disclosed, or accessed without authorization. We allow disclosure of your personal data only to those employees and companies who have a business need to know such data. They will process the personal data on our instructions and they are obliged to do it confidentially.

You acknowledge that no data transmission is guaranteed to be 100% secure and there may be risks. You are responsible for your login information and password. You shall keep them.

10. RECOMMENDATIONS FOR YOU

Please read this Privacy Policy carefully. We want to make sure that you understand all your rights. It is important for both of us that you maintain your personal data confidential and secure.

11. CONTACT INFORMATION

If you still have any question or need clarification with regard to our privacy practice, please contact us: Guardarian OÜ, a private limited company incorporated in Rotermanni 2, 10111, Tallinn , Estonia. Email: [email protected]