for AMLBot Website (https://amlbot.com)
- Your Personal Data is processed in accordance with the General Data Protection Regulation (Regulation EU 2016/679, further - “the GDPR”), the Data Protection Act 2018 and other relevant legislation with respect to the accepted principles of good information handling (collectively referred to as the “Data Protection Legislation”).
“Company” means SAFELEMENT LIMITED, a company registered in Hong Kong with registration number 3148041, having its registered office at Room 747, 7/F Star House 3, Salisbury Road Tst, Hong Kong (the “Company”, “We”), which operates AMLBot website available at https://amlbot.com (referred to as “we” and “us” hereinafter);
- “Website” means the AMLBot website operated by the Company and available at https://amlbot.com ;
- “Personal Data” means any information relating to the User, which identifies or may identify the User;
SCOPE OF THE POLICY
The purpose of this policy is to ensure that the Safelement’s staff shall comply with the provisions of Hong Kong law and the EU GDPR when processing personal data. Any serious infringement will be treated seriously and may be considered under disciplinary procedures. The company adheres to the principles of data protection as laid down by the EU GDPR. In accordance with those principles personal data shall be:
- Processed fairly and lawfully and in a transparent manner in relation to the data subject;
- Processed for specified, explicit and legitimate purposes only and not further processed in a manner that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and up to date;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- Not kept longer than necessary;
- Processed in a manner that ensures appropriate security of the personal data;
- Not transferred outside the countries of the European Economic Area or the EU without adequate protection.
(a) SAFELEMENT responsibilities. Safelement is responsible for establishing policies and procedures in order to comply with the EU GDPR.
(b) Data Protection Officer’s responsibilities. Data Protection Officer holds responsibility for:
- drawing up guidance and promoting compliance with this policy in such a way as to ensure the easy, appropriate and timely retrieval of information;
- the appropriate compliance with subject access rights and ensuring that data is processed in accordance with the Data Protection Act 2018 and the EU GDPR;
- ensuring that any data protection breaches are resolved, catalogued and reported appropriately in a swift manner;
- investigating and responding to complaints regarding data protection including requests to cease processing personal data.
(c) Staff responsibilities. Staff members who process personal data must comply with the requirements of this policy. Staff members must ensure that:
- all personal data is kept securely;
- no personal data is disclosed either verbally or in writing, accidentally or otherwise, to any unauthorised third party;
- any queries regarding data protection, including subject access requests and complaints, are promptly directed to the Data Protection Officer;
- any data protection breaches are swiftly brought to the attention of the Governance Team and that they support the Data Protection Officer in resolving breaches;
- where there is uncertainty around a Data Protection matter advice is sought from the Data Protection Officer.
Software and network security
The Company holds regular vulnerability scans against our full infrastructure. We also have external, independent, penetration tests conducted on a periodic basis.
- Our dashboard supports several regimes of secrecy, so that our clients could monitor the status of processing without learning any personal data of the their customers.
- Code changes are always peer reviewed and static source code reviews are performed systematically and at a high frequency.
- All engineering and development operations staff are regularly trained on system, application and network security.
- Our IT and container infrastructure is continuously monitored and audited for change.
- Critical systems and information are protected with strong authentication mechanisms.
- All networks connections are protected by firewalls and are monitored by cyber security solutions to detect intrusions and suspicious activity.
- Machine learning is used to discover malicious behaviour of network endpoints and applications.
- All our computers, laptops and servers utilise full disk/volume encryption and are installed with antivirus/malware protection which is automatically updated to the latest version and signatures available.
INFORMATION WE COLLECT
When you engage with us, we collect and process your Personal Data, which includes as follows:
- Personal identification information, including: name, e-mail address, phone number, country, full address, date of birth, registered address, banking details;
- Data collected in connection with “Know Your Customer” (KYC) compliance, “Anti-Money Laundering” (AML) compliance and “Counter-Terrorist Financing” (CTF) compliance;
- Device and website usage data, including: IP addresses; language preferences and other device identifiers; information relating to your access to the Platforms, such as device characteristics, date and time.
- The Company subjects the personal data to automated reading, verification of the authenticity and other automated processing of photos and scanned copies of documents and with further check against the data in multiple databases, including inter alia International politically exposed persons (PEPs) and Sanctions, Country Specific Sanctions Lists, Criminal Lists and Financial Lists. Once the personal data is not any more necessary for the purposes of applicable compliance rules, the Company shall erase the data completely off its servers without leaving any backup copies or, based on the same condition, transfer the data to the relevant Controller.
HOW WE COLLECT YOUR DATA
- We collect Personal Data directly from you when you use our Website or services, communicate with us, or interact directly with us. For example, when you complete the contact form on our Website, Application or when you contact us via email.
- We also may collect information about you from third-party sources, including but not limited to, the following channels:
- 5.3.1. marketing partners and resellers;
- 5.3.2. advertising partners and analytics providers;
- 5.3.3. public databases, credit bureaus and ID verification partners;
- 5.3.4. social networks (for example, Twitter).
DATA SUBJECT’S RIGHTS
Each Data Subject providing his/her personal data to the Company has the following rights that the Company fully respects:
- Right to obtain confirmation as to whether or not his or her personal data are being processed (Article 15 EU GDPR);
- Right to obtain rectification of inaccurate personal data without undue delay (Article 16 EU GDPR);
- Right to erase personal data or “right to be forgotten” (Article 17 EU GDPR);
- Right to restrict data processing, in particular when the accuracy of the data is contested (Article 18 EU GDPR);
- Right to receive communications as to rectification or erasure of personal data or restriction on processing (Article 19 EU GDPR);
- Right to receive personal data in the form that is machine-¬readable and ready for transmission to another controller (Article 20 EU GDPR);
- Right to object data processing (Article 21 EU GDPR);
- Right not to be subject to a decision based solely on automated processing (Article 22 EU GDPR).
THE PURPOSES OF COLLECTING YOUR PERSONAL DATA
- The Company collects your Personal Data for the following purposes:
- to enable you to use our Website and the Services provided through them, to create an account or profile, to process information you provide via our Website (including verifying that your email address is active and valid) in accordance with Article 6(1)(a) GDPR;
- to detect and prevent potentially prohibited or illegal activity relating to the Company’s services in accordance with Article 6(1)(b),(c) and (f) GDPR;
- to tailor content, recommendations, and advertisements that we and third parties display to you, both on the Platforms and elsewhere online in accordance with Article 6(1)(a) GDPR;
- to contact you in response to your inquiries, comments and suggestions in accordance with Article 6(1)(b) GDPR;
- with your consent, to provide you with information, products, or services that we otherwise believe will interest you, including special opportunities from us and our third-party partners in accordance with Article 6(1)(a) GDPR;
- for internal business purposes, such as to improve our Website or Application in accordance with Article 6(1)(b) GDPR;
- to issue invoices and collect fees in accordance with Article 6(1)(f),(b) GDPR;
- to comply with our policies and obligations, including, but not limited to, disclosures and responses in response to any requests from law enforcement authorities and/or regulators in accordance with any applicable law, rule, regulation, judicial or governmental order in accordance with Article 6(1)(c),(b) GDPR.
- Your Personal Data, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the purpose of delivering the requested services and improving our services.
PROVIDING YOUR PERSONAL DATA TO THE THIRD PARTIES
- For behaviour statistics and business intelligence we use the services of Google LLC (“Google Analytics”), a company located in the United States. Your Personal Data that we may provide to Google Analytics may include your IP address, and that data is used by Google Analytics to generate information about your usage of our service.
- We may share your Personal Data with the following third parties:
- Third-party vendors providing services on our behalf, including advertising, analytics, research, customer service, service support, data storage, validation, security, fraud prevention, and legal services. Such third-party vendors have access to perform these services but are prohibited from using your Personal Data for other purposes;
- 8.3.2. External services or authorities when such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests and/or the vital interests of a third-party;
- 8.3.3. Other third parties subject to your consent.
- When we disclose your Personal Data to a third party, we take all reasonable steps to ensure that those third parties are bound by confidentiality and privacy obligations with respect to the protection of your Personal Data. The disclosure is conducted in compliance with legal requirements, including entering into data processing agreements with the relevant third parties, to ensure that Personal Data is only processed in accordance with our instructions, applicable laws and regulations and for the purpose specified by us and to ensure adequate security measures.
STORAGE AND DELETION OF PERSONAL DATA
- The Company will retain your Personal Data for as long as we deem it necessary to enable you to use the Website and to provide Services to you, to comply with applicable laws (including those regarding document retention), resolve disputes with any parties and otherwise as necessary to allow us to conduct our business.
- The legal basis for retaining your Personal Data is the Company’s legitimate interest under GDPR Article 6(1)(f) to protect our rights in the light of potential legal disputes during the limitation period under law.
- Notwithstanding anything to the contrary in this Section, we may retain your Personal Data where such retention is necessary for compliance with a legal obligation to which we are subject to, or in order to protect your vital interests or the vital interests of another natural person in accordance with GDPR Article 6(1)(c).
- When the Company no longer needs to keep your Personal Data, it will securely delete or destroy it.
PROTECTION OF PERSONAL DATA
- Your Personal data integrity is of high concern to us. We follow the standard practices within the industry to protect the Personal Data that we collect and maintain, including using Transport Layer Security (TLS) to encrypt information as it travels over the internet. We have therefore implemented technology and security policies and procedures intended to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to, such information, reasonably appropriate to the nature of the data concerned; unfortunately, however, no data transmission over the Internet can be guaranteed to be 100% secure.
- We implemented a number of additional security measures to ensure that your Personal Data is not lost, abused, or altered, including, but not limited to:
- Physical measures, which means that materials containing your Personal Data will be stored in a locked place.
- Electronic measures, which means that computer data containing your Personal Data will be stored in the computer systems and storage media that are subject to strict log-in restrictions.
- Management measures, which means that only authorized employees are permitted to come into contact with your Personal Data and such employees must comply with our internal confidentiality rules for Personal Data. We have also imposed strict physical access controls to buildings and files.
- Technical measures.
- If you suspect that your Personal Data has been compromised, please immediately contact our Customer Support Team at firstname.lastname@example.org .
- Users residing in certain countries, including the EU, are afforded certain rights regarding their personal information:
- the right to access: you have the right to confirmation as to whether or not we process your Personal Data and, where we do, to access the Personal Data. Providing that the rights and freedoms of others are not affected, we will supply to you a copy of your Personal Data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee;
- the right to object to processing: you have the right to object to us processing your Personal Data, citing personal reasons; however, understand that we may still process your Personal Data if we have lawful grounds to do so, but only if our interests in processing your Personal Data are not overridden by your rights, interests, or freedoms;
- the right to rectification: you have the right to have any inaccurate Personal Data about you rectified and, taking into account the purposes of the processing, to have any incomplete Personal Data about you completed;
- the right to data portability: you have the right to obtain and reuse your Personal Data for your own purposes across different services. It allows you to move, copy or transfer Personal Data easily from one IT environment to another in a safe and secure way, without hindrance to usability;
- the right to erasure: you have the right to request that the Company erase your Personal Data under certain conditions;
- the right to restrict processing: you have the right to request that the Company restrict the processing of your Personal Data under certain conditions;
- the right to withdraw consent: to the extent that the legal basis for our processing of your Personal Data is consent, you have the right to withdraw that consent at any time. However, withdrawal will not affect the lawfulness of processing of your Personal Data before the withdrawal.
- You may exercise any of your rights in relation to your Personal Data by contacting our Customer Support. You must note that prior to accessing and making changes to your Рersonal Data, we will need to verify your identity properly.
- We will aim to respond to your requests regarding your Personal Data within 1 (one) month of receipt of any such request.
INTERNATIONAL TRANSFER OF PERSONAL DATA
- We may need to transfer your Рersonal Data to countries which are located outside the European Economic Area (“EEA”), for the purpose of providing the Services to you. You may be located in a country outside of the EEA and therefore we may have no choice but to transfer your Personal Data outside of the EEA.
- Any transfer of your personal information outside of the EEA will be subject to a GDPR-compliant guarantee (such a Model Contract Clause approved by the European Commission) that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
- A cookie is a small data file containing a string of characters that is sent to your computer when you visit a website. When you visit the websites again, the cookie allows that site to recognize your browser. The length of time a cookie will stay on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. For further information regarding cookies, visit allaboutcookies.org.
- We use the following types of cookies on our Website:
- Strictly necessary cookies: these are essential for you to browse our Website and use its features. Without these cookies, some online services cannot be provided.
- Performance cookies: these collect information about how you use our Website. This data may be used to help optimize our Website and make it easier for you to navigate.
- Functional cookies: these allow our Website to remember the choices you make while browsing the Website and to personalize your experience.
- Third-party cookies: these are placed by websites and/or parties other than us. These cookies may be used on our Website to improve our services or to help us provide more relevant advertising. These cookies are subject to the respective privacy policies for the relevant external services.
- Analytics cookies: these are offered by services like Google Analytics, to help us understand how long a visitor stays on our Website, what pages they find most useful, and how they arrived at https://amlbot.com/ .
- Most web browsers allow you to control cookies through their settings preferences. However, if you limit the ability of our Website to set cookies, you may impair your overall user experience, as it will no longer be personalized to you.
- In addition to cookies, we sometimes use small graphics images known as pixels (also known as web beacons, clear GIFs, or pixel tags). We use pixels in our email communications to you (if you have selected to receive such communications) to help us to understand whether our email communication has been viewed. We also use third-party pixels (such as those from Google, YouTube, and other networks) to help us provide advertising that is relevant to your interests.