For the purpose of the EU General Data Protection Regulation (GDPR) or any equivalent regulation (collectively Data Protection Law), we are the data controller determining the means and purposes of processing data in relation to our services.
Information you give us
You may give us information about you by filling in forms on our application TENT App (our application) or by corresponding with us by e-mail or otherwise. This includes information you provide when you register to use our site, subscribe to our service, search for a product, place an order on our site, participate in discussion boards or other social media functions on our site, enter a competition, promotion, or survey, trade and when you report a problem with our site. The information you give us may include (amongst other things) the following types of information:
Personal Identifiers such as your full name, permanent or current address, e-mail address, phone number, date of birth, place of birth, age, sex, citizenship, utility bills, photographs, signature, and if a company, then also company name, company seat, shareholders and board of directors full names and all relevant information mentioned above;
Other Identifiers such as identity document type and number (including driver’s license), country and authority that issued the ID, date of expiry of ID, photographs on identification cards, and if a company, then also company and tax identification number;
Occupation Information such as type of employment, job title and start year, employer name and address;
Financial Information such as details about annual income, source of income or account funds, net worth details, and information about a bank account or card account including transaction history;
Transaction Information such as transaction details including the name of the counterparty, the amount, and timestamp, annual turnover, deposit and withdrawal frequency or amount;
Residual Information such as information about the purpose of account use, investment experience, and details about legal procedures not considered special personal data.
Information we collect about you
With each of your visits to our site and or mobile app we may automatically and or with your consent collect the following information: Technical Information such as the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type, and version, time zone setting, browser plug-in types and versions, operating system, and platform; Usage Information such as details about your visit, including the full Uniform Resource Locators (URL) clickstream to, through, and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number. Information we receive from other sources We may receive information about you as required or permitted by applicable law if you use any of the other websites we operate or the other services we provide. In this case, we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment, and delivery services, advertising networks, analytics providers, search information providers, and credit reference agencies) and may receive information about you from them.
We obtain information about you from ID verification agencies and public databases for purposes of verifying your identity to comply with our obligations under anti-money laundering and other regulations. Our regulatory basis for processing such data is compliance with legal obligations according to Data Protection Law. From time to time, we may process additional data about you to ensure our services are not used fraudulently or for other unlawful activities. In such cases, the processing is necessary for us to continue to perform our contract with you and others.
We do not wittingly request to collect personal information from any person under the age of 18. We will require the customer to close his or her account and will not allow the customer to continue buying or selling digital currencies if a customer submitting personal information is younger than 18 years of age. We will also take steps to delete the information as soon as possible. Please let us know of any individuals under the age of 18 using our services to prevent access to our services.
To process your personal data, there always must be a legal basis (a valid legal reason) entitling us to proceed. There are four possible legal bases for personal data processing:
When we agree with you, we need to process some personal data of yours to be able duly to perform our duties and obligations under such an agreement.
The applicable law might impose an obligation to us to collect and process your personal data. This might be for example for AML (anti-money laundering) or accounting and tax reasons.
Some processing of personal data is based on our legitimate interest. That means we have a legitimate reason to use your personal data which is reasonable when balanced against your rights and freedoms. Usually, this covers reasonable use for security and analytical reasons as well as the protection of our rights.
If you explicitly consent to process your personal data by us for specific use by ticking a box that you agree with such processing. The basic example is sending newsletters to you.
If you use our website or mobile app, we process Technical Information and Usage Information related to your usage based on our legitimate interest (without your consent) for the following purposes:
The Usage Information is mainly obtained using cookies. However, besides cookies, we use also the following data:
We use personal data for these purposes for a maximum period of 38 months, during which time we only store the data in pseudonymized form. You have the right to object to this processing.
If you make an account with us and use our services
Before you can make an account and use our services, we process your Personal Identifiers and Other Identifiers which you provided us through the forms on our website to comply with the Know Your Customer (“KYC”) obligations under applicable laws and regulations and Anti-Money Laundering laws and regulations. Also, we must verify whether you are not a politically exposed person or a person placed on sanction lists. The legal title for such processing is our legal obligation.
If you make an account on our website to use our services, we process your Personal Identifiers, Financial Information, Transaction Information, and Residual Information to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products, and services that you request from us. Therefore, the legal title for such processing is an agreement between you and us. Such agreement is executed by making an account of our service and/or by ordering any additional services to those services. Under this legal title, your data are processed for the time of existence of your account, which you can close at any time.
If you make an account on our website to use our services, we process your Personal Identifiers, Transaction Information, and Usage Information under our legitimate interest (i.e., without your consent) for the following purposes:
For these purposes, we use personal data for the duration of your user account, extended by 6 months. You have the right to object to this data processing. You can turn off the sending of offers at any time in the “Privacy settings” section.
We also use your Personal Identifiers, Other Identifiers, Transaction Information, and Information we receive from other sources under our legitimate interest (i.e., without your consent) for fraud and credit risks. For this purpose, we use personal data to prevent and detect fraud and abuse to protect the security of our users, our services, and others. For these purposes, we use personal data for the duration of your user account, extended by 6 months. You have the right to object to this data processing.
To protect our legal claims and our internal records and controls, we process your Personal Identifiers, Other Identifiers, and Transaction Information for the duration of the statutory limitation period of 3 years and one year thereafter concerning claims asserted at the end of the statutory limitation period. In the event of the initiation of judicial, administrative, or other proceedings, we process your personal data to the extent necessary for the duration of such proceedings and the remainder of the statutory limitation period thereafter.
If you give us your consent, we will process your Personal Identifiers, Usage Information, and Information we receive from other sources to send marketing communications to inform you about our events or our partner events based on your communication preferences; to deliver direct marketing; to provide you with promotional offers based on your communication preferences. We will contact you by email or we will use push notification in your browser or mobile app. We may also display our offers on other websites, we may pass your identification and contact details to advertising operators advertising and social networking sites. You can opt out of our marketing communications at any time or change your communication preferences in your user account settings. Opting out does not affect the legality of personal data processing before opting out.
Since we are obliged to fulfill various legal obligations prescribed to us by the applicable laws, we need to process your personal data to fulfill these obligations. We process your Personal Identifiers and Transaction Information to carry out our accounting, tax, consumer protection, and AML obligations as well as an obligation under the international sanction law.
If you communicate with us through different communication channels
If you communicate with us through various channels, in particular, call center, email, chat tools, and social media, we will process your Personal Identifiers, Transaction Information, and Usage Information, including call recordings, based on our legitimate interest (i.e., without your consent) to:
For these purposes, we store personal data for 3 months. If you place an order for service with us through one of our channels, we may retain the data for the protection of legal claims for the duration of the statutory limitation period of 3 years and one year thereafter in respect of claims made at the end of the statutory limitation period. In the event of the commencement of judicial, administrative, or other proceedings, we process your personal data to the extent necessary for the duration of such proceedings and the remainder of the statutory limitation period thereafter.
We committed to allowing your personal information to be accessed only by those who have a legal title to do so, either perceived by the law or to one who is obliged to perform their tasks and duties under the contract agreed with us. We never sell or rent your data.
We always figure as a data controller of your personal data. That means that only we specify which personal data will be processed based on which legal title and for which purposes. We also determine means of processing and we are responsible for their proper execution. However, from time to time, we may share your personal information with our partners who are necessary for the provision of our services who are data controllers as well, and we may share your data with our partners, suppliers, and sub-contractors who provide us with services we use for the provision of our services to you. These are in the role of data processors, they may access and process the data, but on our behalf, under our supervision, and with legal titles and purposes specified with us.
With your consent, we may transfer your personal data to social networks and advertising system operators which are in the role of data controllers.
We may provide your personal data to the following providers of services in the role of data controllers:
We will share your personal data with the following business partners, suppliers, and subcontractors for the performance of any contract we enter into with you in the role of data processors:
Please note that third parties you may interact with in the role of data controllers have their privacy policies, and we are not responsible for their operations (unless otherwise stated by applicable law), including, but not limited to, their information practices. Information collected by third parties is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Transfer of your personal data outside of the EEA, UK, and Switzerland
If it is necessary for the provision of our service, we may transfer your personal data outside of the EEA, UK, and Switzerland. This kind of transfer is usually referred to as a third-country transfer. We may transfer your personal data to a third country in case when our partners and service providers reside outside of the EEA, UK, and Switzerland. In such cases, we put in place suitable technical, organizational, and contractual safeguards, including Standard Contract Clauses, to ensure such transfer is carried out in compliance with applicable data protection rules, except where the country to which the personal data is transferred has already been determined by the European Commission to provide an adequate level of protection.
Are personal data stored with us secure?
All information you provide to us is stored on secure servers. We use computer safeguards such as firewalls and data encryption, and access to personal information is authorized only for those employees who require it to fulfill their job responsibilities. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our site, the password is hashed with secure hash protocol and is never stored in a readable form. You are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
As our customer, you have the following rights, which can be exercised by contacting us at firstname.lastname@example.org so that we may consider your request under applicable law. When we receive an individual rights request via email, we may take steps to verify your identity before complying with the request to protect your privacy and security. When exercising your rights, please provide us with your complete identification including the email used to open an account with us, and specify the right, you exercise.
The GDPR gives you the following rights:
Right to access information held about you and entitled to review, correct, or amend your personal information, or to delete that information where it is inaccurate, if applicable law not stated otherwise.
Right to rectify information held about you, If you find that the personal data we process about you is inaccurate or incomplete, you have the right to have it corrected or completed without undue delay.
Right to delete your personal data. In some cases, you have the right to have us delete your personal data. We will delete your personal data without undue delay if one of the following reasons is met: (i) your data are not needed anymore for the purpose we processed them for, (ii) you withdraw your consent with processing and there is no other legal title to process your data, (iii) you exercise your right to object and we find out there is no legitimate interest of ours to process your personal data anymore, and (iv) the processing of your personal data might be unlawful.
Right to object to your personal data processing when we rely on a legitimate interest during the processing of your personal data. In the case of marketing activities, we will stop processing your personal data without further action; otherwise, we will do so unless we have compelling legitimate grounds to continue such processing.
Right to restrict personal data processing, when you ask us to temporarily restrict processing of your personal data if there are valid grounds to do so. We may continue to process your personal information if it is necessary for the defense of legal claims, or any other exceptions permitted by applicable law.
Right to portability of your personal data that we process with your consent or to be able to fulfill our contractual obligations to you. We will provide you with your personal data in a structured, commonly used, and machine-readable format. To enable us to easily transfer the data at your request, it may only be data that we process automatically in our electronic databases.
Right to withdraw your consent for the processing of personal data requiring your consent. In such a case, you can withdraw your consent at any time. Withdrawal of the consent does not affect the lawfulness of the processing based on the consent given before the withdrawal.
Right not to be subject to a decision based solely on automated processing of your personal information. In such a case, we may examine or double-check the result of such processing manually by our employees.
Right to lodge a complaint with a relevant Personal Data Protection Authority which you can exercise in particular if you believe that we are processing your personal data unlawfully or in violation of generally binding legal regulations. You may refer your complaint to the relevant regulator where you live or work, or in the place where the alleged breach of data protection law has taken place. The relevant data protection authority for Slovakia is the Office for Personal Data Protection, https://dataprotection.gov.sk/uoou/ and for Czechia is the Office for Personal Data Protection, https://www.uoou.cz/en/.
We have to assess your request as soon as reasonably possible, no later than one month after receiving your request. In exceptional cases, in particular, due to the complexity of your request, we are entitled to extend this period by a further two months. We will of course inform you of any such extension and the reasons for it.
Application of your request is free of charge. Should dealing with the request involve disproportionate effort or draw up additional costs for us, we might charge you a reasonable fee.
Your rights to personal information are not absolute. Access may be denied when is frivolous, vexatious, jeopardize the privacy of others, extremely impractical, or for which access is not otherwise required by applicable law.
We will communicate any rectification or erasure of your personal information or restriction of processing to each recipient to whom your personal information has been disclosed unless this proves impossible or involves a disproportionate effort. We will inform you about those recipients if you request this information.
You may contact our officer(s) responsible for data protection at email@example.com.
If you would like to make a complaint because your rights should be infringed, we encourage you to contact us first at firstname.lastname@example.org to resolve your issue informally.