Last modified on 24 May 2018 (Version 1.1)
2. Acknowledgements and Consents Given by the User
2.1. You shall read the following paragraphs with the greatest care because your Personal Data are concerned, and your consent is sought to proceed further.
2.2. We want to give you as transparent a view as possible in connection with you and your activities on the Platform; therefore, your acknowledgment, understanding and consent prior to the use of the Services is necessary.
2.3. You acknowledge, understand and give consent to all below, and it shall be deemed as being provided each time you use the Platform or the Services:
2.3.1. Upon your registration with this Platform, you agree and permit the Operator to collect and further process your Personal Data in the scope necessary to provide you with the Services offered by this Platform and, at the same time, to ensure compliance with all applicable laws;
2.3.2. Throughout your use of the Services and the Platform, you must provide to the Operator accurate, complete, current, truthful and valid data, and you are obliged to timely update any information, if so required by the Operator, or which was provided but was wrong, changed, incomplete or outdated;
2.3.3. The Operator may always request proof in a substantial nature, and you are bound to provide it, to verify any information you have provided. Any costs from such requests and collections or possible adverse consequences resulting from shall be solely borne by you;
2.3.4. When you use the Services, the Operator will process your information for the purposes of authentication, customer service, security, fraud monitoring, archiving, and backup, as to ensure the integrity and security of the Services and the Platform;
2.3.5. Your Personal Data may be used by the Operator for aggregation, automated decision-making, direct marketing and mailing. The Operator may seek and engage third party services for any such activities, provided it shall not further distribute, disseminate, or transfer any of your Personal Data to other third parties;
2.3.6. You agree to cooperate with all requests made by the Operator or by any third party or service provider acting on behalf of the Operator, in connection with your Personal Data, to identify you or to authenticate your identity, or to validate your funding sources;
2.3.7. The Operator may conduct ongoing monitoring of your activity including scrutiny of transactions undertaken throughout the course of your use of the Service to ensure that the transactions being conducted are consistent with the obliged entity's knowledge of the customer, the business and risk profile, including, where necessary, the source of funds and ensuring that the documents, data or information held are kept up-to-date;
2.3.8. For the purpose of your identification and identity verification, the Operator may use third party services, in part or in full. Such Personal Data exchange, provision or transfer shall be limited to actual need, minimised to the lowest extent possible or allowed to be compliant with the applicable laws or policies of either the Operator or the third party;
2.3.9. The Operator may confidentially verify the information you provide or obtain information about you through third parties from secure databases, and perform additional assessing, as appropriate, obtaining information about you for the purpose and intended nature of safeguarding the integrity of the Platform;
2.3.10. According to the policies undertaken by the Operator following the provisions of Article 8 of MLD4, we shall keep all data provided by you or collected about you during your use of the Services documented, up-to-date to the extent necessary to be knowledgeable, and, if need be, make it available for disclosure to the competent authorities, including the self-regulatory bodies and law enforcement;
2.3.11. With the exception of the rule set out in paragraph 7.9.4. (possession of Personal Data after Termination of Services), you have the right to control your own Personal Data and to seek their protection, during safekeeping and processing, including but not limited to the right to be forgotten;
2.3.12. If you fail to comply with any of the above-mentioned requirements, the Operator is free to announce a Discontinuing Action against you, and you will be solely responsible for the loss or costs arising therefrom.
3. Adhering to GDPR
3.1. As the GDPR Controller, the Operator shall undertake every reasonable technical and organisational measure to ensure and to be able to demonstrate that the processing of your Personal Data is performed responsibly and transparently, and in full compliance with the effective legislation.
3.2. For the purpose of running its Services, the Operator declares all group entities within Token Holdings Group as a group of undertakings, as defined under Article 4 (19) of the GDPR, and declares the company Tokens ID Limited as the GDPR Controller with the mandate of collecting, recording, processing and safeguarding of Personal Data.
3.3. The GDPR Controller may appoint a GDPR Processor to act on behalf of the GDPR Controller, taking into consideration that Personal Data are processed lawfully, fairly and in a transparent manner, and shall collect and provide to the GDPR Processor Personal Data to the level adequate, relevant and limited to what is necessary to conduct the activities foreseen by KYC and AML, to the degree of self-regulating standards, or as requested by other applicable laws, and the GDPR Processor must not forward or keep in possession or disclose any Personal Data, except to comply with any applicable law, regulation, regulatory or supervisory body, or in connection with any court or regulatory proceeding.
3.4. In accordance with the obligation set out in Article 39 (1) of MLD4, none of the Operator’s employees, directors or officers from any entity within Token Holdings Group shall disclose to the User concerned or to other third persons the fact that information, which may include Personal Data, is being, will be or has been transmitted in accordance with Articles 33 or 34 of GDPR or that a money laundering or terrorist financing analysis is being, or may be, carried out.
3.5. For the purpose of preventing, detecting and investigating User data with respect to MLD4, all data shall be kept, without limitation for Personal Data, for 10 years after the commencement of transactions.