Policy Notice pursuant to REGULATION (EU) 2016/679 on the protection of individuals regarding the processing of personal data and on the free movement of such data
Dear Customer,
As Data Controller, Monetica Srl (hereinafter only “Monetica“) provides you with this information regarding the processing of personal data requested, pursuant to Regulation (EU) 2016/679 relating to the protection of individuals regarding the processing of personal data, as well as the free circulation of such data (so-called “General Data Protection Regulation”, hereinafter also only “GDPR“), for the purpose of activating any of the exchange services provided from us.
Monetica, as Data Controller, makes the following information (hereinafter only “Privacy Notice“), pursuant to article 13 of the GDPR and in compliance with Legislative Decree 196/2003, containing the “Personal Data Protection Code” (“Privacy Code“), as amended by Legislative Decree 101/2018.
This Privacy Notice also concerns the methods for collecting and processing personal data during the use of our Website, mobile app and/or through one of the URLs listed under Monetica’s virtual currency exchange license, with the express exclusion of other websites that may be consulted through links on the Site; and was drafted in a clear and comprehensible way for the general public, as required by art. 12, par. 7, of the GDPR.
We inform you that the processing of your personal data will be based on the principles of lawfulness, fairness, and transparency and the protection of your privacy and your rights.
Data Controller
The owner of the data processing is Monetica Srl, with its registered office in Viale Pasteur n. 49, 00144, Rome, ITALY, website www.monetica.io
DATA PROTECTION OFFICER
The “Data Protection Officer” or DPO can be contacted at the following email address: dpo@monetica.io
Legal basis for data processing
Your personal data are processed:
1) If it is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR). We will process your data to conclude and execute contracts essential to any of the services provided by Monetica; to fulfil the pre-contractual, contractual and fiscal obligations on our behalf or carry out all the measures and actions at the request of the interested party, as arising from all existing relationships with users, customers, collaborators, commercial partners, suppliers, and consultants; purposes strictly connected and instrumental to the management of the relationship with the customer (e.g. acquisition of information for risk assessment, checks, and evaluation on the results and on the progress of the relationships). The need to perform a contract in which Monetica and the interested party are parties represents the legal basis that legitimates the consequent treatments.
2) If it is necessary for compliance with a legal obligation to which the controller is subject (Article 6(1)(b) GDPR) in order to fulfil the obligations established by the law, by a regulation, by European Community legislation, or by order of an Authority (for example relating to anti-money laundering); The need to fulfil legal obligations constitutes the legal basis that legitimates the consequent treatments;
3) If it is necessary for the purposes of the legitimate interests of Monetica to exercise or defend a right in judicial or extrajudicial proceedings (Article 6(1)(f) GDPR): we will treat personal data to pursue our legitimate interests in exercising or defending our rights in judicial or extrajudicial proceedings, even in the event of non-fulfilment of the contract or violations of the law, also using professionals and qualified entities. The need to pursue one’s own legitimate interest constitutes the legal basis that legitimizes the consequent treatment by Monetica.
4) For marketing purposes functional to the activity of Monetica, such as:
- the survey of customer satisfaction on the quality of services rendered and on the activities carried out by Monetica Srl and the development of studies, research and market statistics;
- communication and/or sending, also by automated means, of informative and/or promotional material by Monetica Srl.
In this case, the legal basis that legitimises the treatment is represented by the consent of the interested party (Article 6(1)(a) GDPR) which can be freely given or not given and revoked at any time.
Categories of processed data [Website]
As a general rule, it is possible to use the Website without having to provide any personal data. If the user accesses the Site for information purposes only (and does not open an account on the Website), we will not collect any personal data, except for the data transmitted by the browser or the user’s terminal device in order to allow access to the Website.
In this case, the data transmitted to Monetica will be, by way of example: (i) the IP address; (ii) date and place of the request; (iii) the type and version of the browser used; (iv) the operating system; (v) page views and navigation paths of the Website; as well as (vi) information on the timing, frequency and configuration of the use of the Website, and in general all the usage data offered by the Monetica automatic tracking system, as indicated in the cookies section of this Privacy Policy, through which, however, information is collected anonymously to indicate trends in the use of the Website without identifying the users.
Personal data are collected in specific sections of the Website via electronic forms or through paper forms, only if you want to access any Monetica services.
Monetica processes personal data collected directly from you, or from third parties, including but not limited to personal data (e.g. name, surname, address, date, and place of birth), information on the financial situation (e.g. financial position, credit information relating to credit requests/reports), image data (e.g. photo on identity card) and voice recordings (e.g. telephone order records) and other data related to the above categories.
Categories of processed data [Mobile app]
Please note that when you download our mobile app, we automatically collect certain information, including details about the device, operating system, and browser you are using, as well as other device characteristics or identifiers such as plugins, your network connection, and your IP address.
Additionally, when you begin using our app, we will ask you to provide us with the following personal information:
Personal Data | Supplemental Identification Information |
---|---|
|
|
We take your privacy seriously and will only use this information to provide you with the best possible service.
Mandatory/voluntary provision of data
With regard to the purposes previously identified, we inform you that the provision of data:
- It is not mandatory by law for the processing necessary for the execution of any service referred to in point 1); however, a refusal to provide them could cause an impediment to the establishment of the relationship and the provision of services;
- it is optional for the treatments functional to the company’s activity referred to in point 4); any refusal to provide them does not affect the completion of the contractual relationship.
For the purposes referred to in points 2) and 3), the provision of data is not required by law, as the treatment derives from a regulatory obligation or from the pursuit of a legitimate interest. The consequences of failure to provide data are the impossibility of establishing and/or executing the contractual relationship.
Our legal basis for processing personal data:
Why we process your personal data | Legal Base | Categories of personal data |
---|---|---|
To provide our products and services, including payment processing and to enable the completion of the client on-boarding process | Performance of a contract | Biographical information and contact information, financial information, trading information, PEP information (where relevant), verification information and other information. |
To conduct or arrange for the conducting of credit or identity checks | Legal obligation to comply with “Know your customer” and customer due diligence regulatory obligations. Such processing is also in our legitimate interest to prevent and detect potential crime and/or fraud and to protect our business. | Biographical information and contact information, financial information, trading information, PEP information (where relevant), verification information and other information. |
For the purposes of identity verification, compliance with court orders, tax laws or other reporting obligations and anti-money laundering controls. | Legal obligation to comply with anti-money laundering laws, financial services laws, corporation laws, privacy laws, tax laws and other relevant laws. Supervisory authorities’ rules and regulations also apply to us. | Biographical information and contact information, financial information, trading information, PEP information (where relevant), verification information and other information. |
To administer our products and services, to provide you with information in respect of our products and services and review your ongoing needs, to troubleshoot our products and services, to improve our products and services and to develop new products and services. | In order to ensure effective provision of our products and services and to meet our clients’ needs it is in our legitimate interest to administer our products and services, to provide you with information about our products or services, to troubleshoot our products and services and to review our clients’ ongoing needs. It is also in our legitimate interest to improve our products and services, including support services and to develop and market new products and services. | Biographical information and contact information, financial information, trading information, PEP information (where relevant), verification information, other information, browser information and log information. |
To market our products and services | Consent | Biographical information and contact information, trading information, other information, browser information and log information. |
To conduct surveys | It is in our legitimate interest to send you surveys and conduct such surveys in order to gather information on how our products and services are working for our clients and how to improve our products and services. | Biographical information and contact information, trading information, other information, browser information and log information. |
To conduct data analysis. Our website pages and emails may contain web beacons or pixel tags or any other similar types of data analysis tools that allow us to track receipt of correspondence and count the number of users that have visited our webpage or opened our correspondence. We may aggregate your personal data with the personal data of our other clients on a de-identified basis (that is, with your personal identifiers removed), so that more rigorous statistical analysis of general patterns may lead us to provide better products and services. | If your personal data is completely anonymised, we do not require a legal basis as the information will no longer constitute personal data. If your personal data is not in an anonymised form, it is in our legitimate interest to continually evaluate that personal data to ensure that the products and services we provide are relevant to the market and our clients. | Biographical information and contact information, trading information, other information, browser information and log information. |
For internal business purposes and recordkeeping | We have legal obligations to keep certain records. Such processing is in our legitimate interest for internal business and research purposes as well as for record-keeping purposes. It is also in our legitimate interest to keep records to ensure that you comply with your contractual obligations pursuant to the agreement (“Terms and Conditions”) governing our relationship with you. | Biographical information and contact information, financial information, trading information, PEP information (where relevant), verification information, other information, browser information and log information. |
To enforce and defend our rights including initiating legal claims, preparing our defence in litigation procedures, addressing legal or administrative proceedings whether before a court or a statutory body and to investigate or settle issues, enquiries and/or disputes. | It is in our legitimate interest to enforce and defend our rights and to ensure that issues, enquiries and/or disputes are investigated and resolved in a timely and efficient manner. | Biographical information and contact information, financial information, trading information, PEP information (where relevant), verification information, other information, browser information and log information. |
To comply with applicable laws, subpoenas, court orders, other judicial process, or the requirements of any applicable regulatory authorities | Legal obligation. We will disclose personal data where we receive a legally binding request to disclose personal data from law enforcement or other bodies or where we have a legitimate interest in assisting law enforcement or other agencies in respect of an investigation. | Biographical information and contact information, financial information, trading information, PEP information (where relevant), verification information, other information, browser information and log information. |
To notify you of changes to our products or services and/or to laws and regulatory rules and regulations | Legal obligation. Often the law requires us to advise you of certain changes to products, services or laws. We may need to inform you of changes to the terms or the features of our products or services. We need to process your personal data to send you these legal notifications. You will continue to receive this information from us even if you choose not to receive direct marketing information from us. Where such notification is not legally required, it may be in our legitimate interest to notify you of such changes. | Biographical information and contact information, financial information, trading information, PEP information (where relevant) and other information. |
To efficiently manage our business operations, we implement various methods and procedures aimed at safeguarding our IT infrastructure and systems, thereby deterring potential illicit activities and safeguarding assets through access controls. | It is in our legitimate interest to protect our assets and systems and to prevent and detect potential crime and/or fraud and to ensure security. | Biographical information and contact information, financial information, trading information, PEP information (where relevant), verification information, other information, browser information and log information. |
To update and verify your personal data in accordance with relevant anti-money laundering compliance frameworks. | Legal obligation. Such processing is also in our legitimate interests to prevent and detect potential crime and/or fraud and to protect our business. | Biographical information and contact information, financial information, trading information, PEP information (where relevant), verification information, other information, browser information and log information. |
To better customise our services and content for you and to recognise you as a client. | When we collect personal data for these purposes through the use of cookies, we will rely on your consent. It is also in our legitimate interest to customize our services and content for clients and to recognise clients, in order to ensure that clients receive the services and content that are appropriate to them. | Other information, browser information and log information. |
To communicate with you | It is in our legitimate interest to communicate with our clients or potential clients to ensure the effective delivery of our products and services and to administer our business. | Biographical information and contact information, financial information, trading information, PEP information (where relevant), verification information, other information, browser information and log information. |
To receive services from third parties including services such as administrative, legal, tax, compliance, insurance, IT, debt-recovery, analytics, credit reference, identity verification, research or other services | It is generally in our legitimate interest to receive such services from third parties to ensure the effective delivery of our products and services and to administer and protect our business. | Biographical information and contact information, financial information, trading information, PEP information (where relevant), verification information, other information, browser information and log information. |
For any purpose not specified above, but for which you direct us to process your personal data | Consent | Biographical information and contact information, financial information, trading information, PEP information (where relevant), verification information, other information, browser information and log information. |
Methods of processing personal data and access by third parties
The processing of personal data is achieved through the use of computer and/or paper procedures able to protect and guarantee the maximum confidentiality of the data provided, in accordance with the GDPR and the Privacy Code. Specifically, processing takes place through the: collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data.
Personal Data may be communicated to other subjects whose intervention is strictly functional to the execution of the contractual relationship, such as:
- employees or collaborators of the Data Controller as persons in charge of processing under the direct authority and directives of Monetica;
- partner companies of Monetica, in Italy and abroad, in their capacity as data processors and/or system administrators that act as processors of personal data according to art. 28 of the GDPR on behalf of the Data Controller and that have offered sufficient guarantees to put in place suitable technical and organizational measures to ensure that the treatment entrusted to them meets the legal requirements;
- third-party companies or other bodies, such as, for example, credit institutions, payment institutions or other financial intermediaries, professional offices, consultants and insurance companies that perform activities on behalf of the Controller and who act like independent owners with their privacy policies, which are available to the Data Subject.
Without the need for express consent (Article 6(1)(b)(c) GDPR), the Data Controller may communicate the personal data of the interested party to Supervisory Bodies (such as FIU, Bank of Italy, OAM, IVASS, etc.), Judicial and/or police authorities, insurance companies for the provision of insurance services, as well as those subjects to whom the communication is mandatory by law. These subjects will process the data in their capacity as independent Data Controllers and the Personal Data of the interested party will not be disclosed to others by them.
Any third party that we share your data with will provide the same level of data protection as stated in this privacy policy.
The complete list of these subjects is constantly updated and is available upon request to the Data Controller.
Data retention
Monetica keeps the data in a form that allows the identification of stakeholders for the time necessary to achieve the specific purposes of the processing, in compliance with contractual and/or regulatory obligations (eg in the field of anti-money laundering, investment services, tax monitoring).
In particular, the Data Controller or the controller processes and stores personal data for the minimum time necessary to fulfil the purposes indicated in the paragraph on the legal basis and purpose of the processing, and only for the time necessary to achieve archiving to the extent to which this is foreseen by the GDPR. Both the processing and the memorization, however, are established for not more than 10 years from the termination of the contractual relationship for the treatment occurred for service and no more than 12 months from the collection of data for marketing purposes. Once these retention terms have expired, personal data will be blocked, destroyed, or made anonymous in accordance with legal requirements.
Transfer of personal data to foreign countries
Data are not disseminated nor will they be transferred to non-EU countries. The management and storage of personal data will take place on servers located within the European Union. It remains regardless understood that the Data Controller, if necessary, will have the right to transfer the servers’ location within Italy and/or the European Union and/or non-EU countries. In this case, to ensure an adequate level of protection of Personal Data, the transfer of data in non-EU countries will take place by the appropriately approved decisions of the European Commission or the adoption by the Owner of the Standard Contractual Clauses prepared from the European Commission.
Cookies
Access to Monetica services through the Site requires cookies to be enabled on your Internet browsing software. Cookies are processed by Monetica anonymously and may be used for the sole purpose of obtaining statistical information on the navigation of the site through which the service is provided, as well as to improve the usability of the Website.
Through the use of cookies, Monetica can provide users with more user-friendly services that would not be possible without cookies. Through a cookie, the information on our site can be optimized because cookies allow us to recognize users of our site. The purpose of this recognition is to make it easier for users to utilize our website. For example, the user is not obliged to enter the access data each time he visits the Website as these are already acquired by the Website through the cookies stored in the user’s computer system.
The data subject may, at any time, prevent the setting of cookies by our website, as stated above, through the corresponding setting of the Internet browser used and thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
Right of access by the data subject and other rights pursuant to EU Regulation 2016/679
We inform you that at any time you will be able to exercise the right of access to personal data and other rights, in compliance with the provisions of Articles 12-22 of the 2016/679 EU Regulation, specifically:
● right of access: the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, and other information;
● right of rectification: the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her as well the right to have incomplete personal data completed, including by providing a supplementary statement;
● right to erasure (right to be ‘forgotten’): the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:
– the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
– the consent on which the processing is based is withdrawn and/or there is no other legal ground for the processing
– the personal data have been unlawfully processed
– the personal data have to be erased for compliance with a legal obligation
● right to object to the processing: the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her and/or for marketing purposes, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
● right to restrict the processing: the right to obtain from the Data Controller the restriction of processing, in cases where the accuracy of personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data) if the processing is illegal and/or the interested party objected the processing;
● right to data portability: the right to receive the personal data in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent or a contract, and if the processing is carried out by automated means.
Withdrawn of consent
The Customer has the right to withdraw at any time the consent given to specific optional activities, without prejudice to the lawfulness of the processing performed before the revocation.
The requests referred to in Articles 12-22 cited above can be made through a specific request to be submitted in writing via registered mail to Monetica Srl, Viale Pasteur n. 49, 00144, Rome or via email to the email address monetica@pec.it.
Complaint or report to the Commissioner for the protection of personal data
Monetica Srl informs you that you have the right to lodge a complaint or make a report to the Office of the Information and Data Protection Commissioner or appeal to the Judicial Authority. The Italian Data Protection Authority (Garante per la protezione dei dati personali) can be consulted on the website http://www.garanteprivacy.it/ from which you can download and use the appropriate templates for the exercise of rights.