Privacy Policy
Version: 2.1 Last updated: December 16, 2024 Summary of changes: minor fixes
Hereby is described the privacy practice of collecting and processing personal data provided by persons engaging in business relations regulated by Terms and Conditions and other relevant documents (hereinafter Clients or you, your) with TRANSCRYPT OÜ, REG. Nr.14453691, Harju maakond, Tallinn, Haabersti linnaosa, Meistri tn 16, 13517, under the brand Transcrypt (hereinafter Transcrypt or we, us and our) that possesses and operates an internet website www.transcrypt.eu (hereinafter the Website). The provisions of this Privacy Policy are subject to Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the Regulation) and the Personal Data Protection Act of 01.01.2008 (Estonia) (hereinafter the Act).
In case of conflict between this Privacy Policy and the Regulation or the Act (due to amendment of a legal act or for other reason), relevant parts of these legal acts shall be applied.
INTRODUCTION
We understand the importance of protection of your privacy and personal data and commit a lot of efforts to developing and maintaining high standards of our inner security measures and technologies to provide you with secure processing and storage of the data we collect from you; and keep your data safe against unauthorized or unlawful processing and against accidental loss, destruction or damage.
PERSONAL DATA WE PROCESS AND ITS OBJECTIVE
When registering for the Account and using Transcrypt’s Services, we may collect and further process (see chapter 2 below) the following categories of your data:
· Information requested during registration of the Account that identifies you, for example your name, date of birth, citizenship, etc.
· Financial information, including your income, source of income / funds, taxation residence information, etc.
· Your identity and residency verification documents, for example passport and/or ID card, utility bill, insurance contract, tax statement, rental agreement etc.
· Contact information, i.e., your phone number, e-mail address, etc.
(information described above under a., b., c., and d. is hereinafter separately or collectively referred to as “Personal Data”).
We do not collect any of your Personal Data without your permission.
We use Google Analytics on our Website. If You want to know more about Google Analytics and how you can control the information collected by Google, please visit this link.
We do not intend to solicit or collect Personal Data from anyone under the age of 16 or under the legal age of your country, if it is higher. If you are under 16 or are not of a legal age of your country, do not enter any Personal Data on our Website.
The term we keep the Personal Data collected depends on the type of information, the purpose of its use, nature of sensitiveness, etc. To the general rule, we will retain your Personal Data for the length of time reasonably needed to fulfill the purposes outlined in this privacy policy, including for as long as needed to provide you with our products and Services, unless a longer retention period is required or permitted by law. We will also retain and use your information for as long as necessary to resolve disputes and/or enforce our rights and agreements.
We collect and process the Personal Data to fulfil our contractual obligations and legitimate interest before you, namely:
· provide Services, including execution of requested transactions and related maintenance of the Services you registered for and manage the account you hold;
· provide you with the information about your activities on the Account;
· inform on any changes and updates to the Services you are provided with;
· assess and mitigate risks related to anti-money laundering and terrorism financing regulations as well as transaction related risks;
· comply with applicable legislation;
· maintain actions in relation to legal claims;
· provide additional or supportive services, as well as perform Client surveys, statistical analysis;
· to ensure marketing activities (send you news, updates, promotions, product information, event announcements, and other).
· improve the performance and functionality of our Services.
The above list may be extended depending on the development of the Services.
PROCESSING OF YOUR PERSONAL DATA
Your personal data may be received and processed:
· by Transcrypt within our inner systems of processing, which complies to technical and organizational measures in a manner that meets applicable requirements of the Regulation and security standards;
· and/or at outsource service providers and processors who access and use the data only to the extent required to perform the obligations subcontracted to them by Transcrypt (hereinafter “Sub-processors”).
Those Sub-processors perform tasks on our behalf and are contractually obligated not to disclose or use collected information for any other purposes, then storage, help in facilitation of technical aspects of our Services or perform functions related to the administration of Services (collection and analysis) or other indicated under contractual closes.
You give your explicit consent that Transcrypt may on its own discretion to engage Sub-processors, who comply with technical and organizational measures in a manner that meet applicable requirements of the Regulation and security standards implied under this Privacy Policy.
If such Sub-processors are located outside of Swiss Confederation, European Union or European Economic Area, or other country with an adequate level of protection as determined by the Federal Council, the processing of personal data is done or will be done in accordance with applicable laws.
Sub-processors remain fully liable for all obligations subcontracted to, and all acts and omissions of, Transcrypt is not responsible in the event that information is disclosed at a result of a breach or security lapse at any such Sub-processors, or for such Sub-processors' non-compliance with the foregoing requirements.
INCIDENTS NOTIFICATION
If Transcrypt becomes aware of any breach of our security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to (excluding unsuccessful attempts or activities) personal data of Clients on systems managed or otherwise controlled by us, we will assess the impact of the breach. If required for your protection or upon request by the Data Protection Inspectorate, we will notify you promptly and without undue delay, in compliance with the procedure prescribed under the Regulation or other applicable laws.
The notification will be made to your e-mail address at the discretion of Transcrypt or by other direct communication available to Transcrypt and allowed by Client (for example, by phone or e-mail). It is sole responsibility of the Client to provide us with the e-mail address and ensure that this e-mail address is valid and current.
None of notifications of data security breaches from Transcrypt may be and will be construed as an acknowledgment of any fault or liability with respect to data incident by us.
CLIENT’S SECURITY COMMITMENTS
Client agrees that without prejudice to our security measures and data incidents that it is Client’s responsibility to make appropriate use of our Services to ensure a level of security appropriate to the risk in respect of your Personal Data and securing your authorization credentials, system and devices which you use to access to our Services.
We are not obligated to protect your Personal Data that you choose to store or transfer outside Transcrypt and our Subprocessors’ systems, and cannot be held responsible for any negative consequences you may suffer as a result thereof.
CLIENT’S RIGHTS IN RESPECT TO ITS PERSONAL DATA
You have the following rights in relation to your personal data:
· Right of access — You have the right to obtain from us information as to whether your personal data is being processed, and, where that is the case, access to such personal data.
· Right to withdraw consent — When we rely on your consent for processing of your personal data, you have the right to withdraw your consent at any time. However, the withdrawal of your consent will not affect the lawfulness of Transcrypt’s processing based on consent before your withdrawal.
· Right to rectification — We are obliged to ensure and you have the right for the accuracy of your personal information. In order to assist us with this, you are obliged to notify us of any changes to the personal information that you have provided to us by sending us a request to rectify your personal data where you believe the personal data we have is inaccurate or incomplete.
· Right to restriction of processing — You have the right to ask us to stop processing your personal data at any time
· Right to erasure — Asking us to delete all of your personal data will result in Transcrypt deleting your personal data without undue delay (unless there is a legitimate and legal reason why we are unable to delete certain of your personal data, in which case we will inform you of this). Asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use our Services.
· Right to data portability — You have the right to request that Transcrypt provides you with a copy of all of your personal data and to transmit your personal data to another data controller in a structured, commonly used and machine-readable format, where it is technically feasible for us to do so and the processing is based on consent or contractual performance.
· Right to complain — You have the right to lodge a complaint to our responsible person designated in our Internal Regulations and/or to a supervisory authority (in Estonia this is The Data Protection Inspectorate).
· Right to object automated processing — You have the right not to be subject to a decision based solely on automated processing of your personal data, including profiling, which produces legal or similarly significant effects on you. There may be exceptions or limitations to this right as defined under relevant data protection law
We will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above, however, if you make excessive, repetitive or manifestly unfounded requests, we may charge you a reasonable fee taking into account the administrative costs in order to process such requests or we may refuse to act on such requests.
Client may also send a request to receive information which Personal Data has been processed, amended, deleted or locked and information about any parties to which we transmit your Personal Data.
In some cases, we may charge a fee (based on our reasonable costs) if your requests related to Personal Data are excessive considering the nature of the request itself or the nature and functionality of our services.
COOKIE & SIMILAR TECHNOLOGIES
We also collect Cookie and similar technologies for collecting technical information, which contains unique identifiers from you. In brief words we automatically receive the web address of the site that you came from and the IP address of the computer or device that you are using to access. This information helps to understand your preferences, navigate website efficiently, and allows to develop and improve our Services, and to manage the load on our servers.
If you prefer not to allow cookies, please use your browser settings, most browsers give you an ability to manage your cookies or provide you with “incognito mode” or similar options, which allows you not to record your visits and downloads in your browsing and download histories. In this mode any cookies created during this type of session are deleted after you close all “incognito” windows.
For more details, please check our Cookie Policy.
CHANGES TO THESE PRIVACY POLICY
Please note that we may amend this Privacy Policy from time to time at our sole discretion. Therefore, please check this Privacy Policy for updates. If any significant updates in regard to data processing terms are made, we will notify you additionally within reasonable time via e-mail provided by you.
CONFIRMATION AND CONSENT
By applying for the Account with Transcrypt, you declare and confirm that you have familiarized yourself with this Privacy Policy, understood its content and possible consequences.
By applying for the Account with Transcrypt you consent to the processing (incl. collection, storing, receipt, forwarding, disclosing, making available, deleting, etc.) of your Personal Data, as described in this Privacy Policy.
CONTACT DETAILS
If you require any additional information or have any further questions concerning this Privacy Policy or you wish to use any of your rights regarding your Personal Data, please contact us at [email protected].
The supervising authority for privacy issues in Estonia is Estonian Data Protection Inspectorate.
Postal address: Tatari 39, Tallinn 10134, Estonia
Telephone: +372 627 4135
Email: [email protected]
Website: https://www.aki.ee/en
The EU's independent data protection authority is European Data Protection Supervisor
Postal address: Rue Wiertz 60, B-1047 Brussels
Office address: Rue Montoyer 30, B-1000 Brussels
Telephone: +32 2 283 19 00
Email: [email protected]
Website: www.edps.europa.eu
OFFICIAL COMPLAINTS
If you are not satisfied with our answers, or you still have questions or claims related to your Personal Data, you may also contact Estonian Data Protection Inspectorate (in Estonian Andmekaitse Inspektsioon) at the phone +372 627 4135, e-post [email protected] or postal address Tatari 39, Tallinn 10134, Estonia. Should you feel that your rights related to the Personal Data are or may be violated, you may also submit an official complaint to aforementioned Inspectorate. If your complaint will fall under jurisdiction of other EU member state (other than Estonia), Estonian Data Protection Inspectorate will advise you and provide you with all necessary directions to address your complaint to a competent data protection authority of such other state.