Last updated on February 26, 2021
To be fully compliant with personal data protection rules we adhere to the following principles in order to protect your privacy:
- We respect the right of individuals to access their personal data
- We will provide you with choices and means to limit the use and disclosure of your personal data
- We will not rent or sell your personal data to third parties
- Any personal data that you provide to us will be secured with industry standard safety protocols and technology
- We are committed to follow certain principles of personal data received from the EU in compliance with GDPR
- We will collect your personal data only for the purposes set forth herein
- We provide you with the means to contact us regarding inquiries or complaints of yours
1. Collecting your personal information
We may collect from you the following personal data that you share with us when using Website:
- name proven with a photocopy of official government ID document or digital ID document, e.g. (1) personal ID card, e-resident card, residence permit card, (2) national passport or (3) driving license that meets requirements of the Identity Documents Act;
- mobile phone number;
- email address;
- date and place of birth;
- transaction data;
- support team tickets and messages;
- website performance data;
- device-specific information;
- residential address proven with a photocopy of the following documents, e.g. (1) bank statement (2) utility bill (3) tax bill (4) other government issued residential statements or certificates);
- valid travel document;
- biometric data collected via selfie or real-time video interview a working camera, microphone, the hardware and software required for digital identification and an Internet connection of adequate quality.
2. Processing your personal information
Personal data is processed pursuant to the provisions of the Regulation of the European Parliament and of the Council (UE) 2016/679 of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/CE (J. o.L. UE 2016, it. L119) and the Act of 10th May 2018 on the Protection of Personal Data.
In order for us to give you access to the Website we will need to undertake as the collection, recording, organization, storage, adaptation / alteration, retrieval, consultation, use, disclosure / dissemination, along with its erasure or destruction of your personal data, either among our affiliates or other authorized third parties. Our Website does not collect any sensitive personal data about you (i.e. name, surname, citizenship, place of birth, home address, gender, racial origin, financial position).
We are concerned with protecting your privacy and have rigid procedures and systems for data protection by design and default in place to protect the information against unlawful or unauthorised access, accidental loss or destruction, damage, unlawful or unauthorised use and disclosure. We will also take all reasonable precautions to ensure that our staff and employees who have access to personal data about you have received adequate training. We provide sufficient guarantees to implement appropriate technical and organizational measures in such manner that processing will meet the requirements of GDPR and ensure the protection of the rights of data subjects. Indeed, the following specific measures are put in place:
Our Website may contain hyperlinks to websites operated by third parties. Such hyperlinks are provided for your reference only. We do not control these websites and is not accountable for their contents or how they collect and handle your data.
The processing of your personal data for the purposes described is based on your explicit consent or on the necessity to process your personal data for the purposes of legitimate interests, as provided by Article 9, 2., (a) and (f) of the GDPR. We may use your personal data for the following purposes:
- Providing access to the Website
- Providing technical support
- Improving Website, its functions, content and design
- Contacting you for marketing of additional products we offer
- Contacting your for crime and fraud investigations, detection and prevention
When collecting data, only the personal data absolutely required for that purpose may be requested. This means that no data other than what is necessary can be requested, or stored.
Basically, we consider that your personal data should be retained only while necessary. In particular, personal data should be deleted once the legitimate purpose for which it was collected has been fulfilled. We take commercially reasonable efforts to secure your personal data and protect it from unauthorized access, use or disclosure. If you provided us with electronic data, we will secure your personal data on our servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. All electronic personal information is transmitted to other websites through the use of Secure Socket Layer (SSL) encrypted protection. We will retain your personal information for a reasonable period or as long as required by law.
3. Your rights
You shall have the right to make a request to us in order to enforce your rights to:
- Access personal data
- Rectify personal data, when inaccurate or incomplete
- Cancel processing of personal data
- Object - with legitimate reasons - processing of personal data; and/or
- Revoke consent for the use, storage, treatment, process and/or, disclosure of personal data
The enforcement and upholding of your privacy rights should be requested to us in writing and must include, at a minimum, the following information:
- Your complete name, address and/or e-mail address in order for us to notify you the response to your privacy request
- Attached documents establishing your identity; and
- A clear and concise description of the personal data with regard to which you seek to enforce any of your privacy rights. If you request rectification, please indicate amendments to be made and attach documentation to back up your request.
In order to enforce your privacy rights, please contact us by email [email protected] Upon receipt of your privacy request, and after due review of its merit, we may then edit, deactivate and/or delete your personal data from our Website. Please take into account that we may not be able to delete all of your data from some of our databases and that, if so, we will then mark such data as permanently inaccessible. In case of amendment of personal data, you are obliged to perform actions aiming at updating personal data on the account.
We can deny removal of personal data in a justified case, and in particular if you:
- have violated the effective provisions of law, and the maintenance of personal data is indispensable for explanation of such circumstances and determination of the scope of your liability. In each case of denial of personal data removal, we shall inform you on the reasons of such denial along with the legal grounds thereof.
In case of doubts regarding the method of processing personal data, you can receive an explanation from us and have the right to file an inquiry, a reservation or a complaint to the supervisory body. The basis for processing data are in particular the effective regulations and provisions of law and the consent if it was given by you.
On the basis of the processed personal data decisions shall not be made automatically as well as data shall not be used for profiling. We may share non-personally identifiable information (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to help them understand the usage patterns for certain products and those of our partners. Such results consist solely of non-personally identifiable information. Non-personally identifiable information may be stored indefinitely.
A cookie is a text file that is used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin website. The state information can be used for authentication, identification of a user session, user's preferences, shopping cart contents, or anything else that can be accomplished through storing text data on the user's computer. We only use session cookies which are essential for the operation of the Website that you access.
Summarizing all purposes, we use our own cookies and third party cookies to recognize you as our user, customize our services, content, and advertising, to measure promotional effectiveness, and to collect information about your computer or other access device to mitigate risk, help prevent fraud, and promote trust and safety. The length of time a cookie will stay on your browsing device depends on whether it is a "persistent" or "session" cookie. Session cookies will only stay on your device until you close your browser. Persistent cookies stay on your browsing device until they expire or are deleted.
Please note that even though we use industry-leading measures to protect data, we cannot ensure or warrant the security of any information you transmit to us or guarantee that your information on Alfacash Store may not be accessed, disclosed, altered or destroyed by breach of any of our industry standard physical, technical or managerial safeguards. No method of transmission over the Internet or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. We use an internal protocol for security measures to ensure that outside personnel cannot access our databases. We also apply access restrictions and educate staff members on how to properly handle personal data.
In case a personal data breach occurs that could result in a high risk to the rights and freedoms of natural persons, we will notify you immediately in a notification describing the nature of the data breach, the likely consequences of the personal data breach and the measures taken to address it.
We will not notify you of the breach if our technical and organisational protection measures eliminate the risk of the breach, if the high risk to the rights and freedoms of data subjects is no longer likely to materialize or if it would involve disproportionate effort. In such a case, we will instead organize a public communication or similar measure where the data subjects are informed in an equally effective manner.
If you have any questions about security on our Website, you can contact us by email [email protected].
6. Amendments and updates