FINGATE PRIVACY POLICY
Last amended on 04.03.2024
1. ABOUT THIS POLICY
1.1. This privacy policy (“Privacy Policy”) applies to all cases where Fingate Capital OÜ, (“Fingate”) processes the personal data of natural persons (“Data Subject(s)”) as a controller when operating its website and platform available at www.fingate.app (“Platform”) and providing its services (“Services”). Thereby, this Privacy Policy applies to the processing of personal data of users of the Platform (“User(s)”), any natural persons related to the Users (as and if necessary), and any other visitors of Fingate’s website.
1.2. This Privacy Policy explains how Fingate processes the personal data of the Data Subjects. To understand Fingate’s rules and practices regarding personal data, Fingate asks all the Data Subjects to carefully read this Privacy Policy.
1.3. Fingate is committed to protecting and respecting Data Subjects’ privacy. Fingate implements appropriate technical, security, and organizational measures to protect personal data against unauthorized access, use, and disclosure. Fingate applies and complies with the General Data Protection Regulation (EU Regulation 2016/679; “GDPR”) and other applicable data protection laws. Any definitions used in this Privacy Policy regarding processing personal data (e.g., controller, processor, personal data, etc.) shall have the same meaning as provided in the GDPR.
1.4. This Privacy Policy is an integral part of Fingate’s general terms which are available here (“General Terms”). The visitor by visiting Fingate’s website and the User by accepting the General Terms confirms that they have read this Privacy Policy and understand it.
1.5. This Privacy Policy applies from the date as set above. Fingate has the right to unilaterally make amendments to the Privacy Policy. In such case, the Data Subjects shall be notified of the amended Privacy Policy by Fingate uploading the amended Privacy Policy to the Platform, its website, or otherwise.
2. DATA CONTROLLER
2.1. For the purpose of clarity, the data controller for processing as described in this Privacy Policy is Fingate Capital OÜ, which is a private limited company with registry code 16062090 and with registered address of Tornimäe street 7-41, 10145, Tallinn, the Republic of Estonia. Fingate has appointed Mr. Kristo Vint as its Data Protection Officer who is responsible for matters relating to privacy and data protection. Fingate and Data Protection Officer can be contacted by writing an email to data@fingate.app.
3. WHY AND WHAT CATEGORIES OF PERSONAL DATA IS PROCESSED
3.1. Fingate may collect and process personal data for the following purposes:
a) providing Services to the User;
b) communicating and providing customer support to the User in relation to providing Services (which includes also communicating with a potential customer in relation to the Services if the potential customer has so requested);
c) sending newsletters to the User;
d) sending feedback questionnaires to the User;
e) displaying personalized advertisements (e.g., displaying Fingate’s advertisements and offers by Fingate’s partners);
f) improving the Platform and the Services;
g) enforcing and defending Fingate’s legal rights;
h) complying with legal or regulatory obligations or requests which Fingate is subject to;
i) preventing money laundering and terrorist financing and complying with the international sanctions under the relevant AML/CTF and sanctions regulation (“AML regulation”).
3.2. For the purposes explained above, Fingate may collect and process the following personal data:
a) for purposes stated in clauses 3.1.a), 3.1.b):
i. Data Subject’s name; e-mail address; phone number; preferred communication language;
ii. order and transaction data and history (including status, price, volume, currency, fee, date, and time data); wallet data (type of assets and amount); deposit and withdrawal data (bank account, payment card, and external wallet details, amount, status, fee, date, and time data);
iii. technical data (login time, operation system, internet browser type, device type), which may also include data collected by cookies;
iv. any other information the Data Subject may provide regarding the Services (e.g., via customer support);
b) for the purpose stated in clause 3.1.c): Data Subject’s name and e-mail address;
c) for the purpose stated in clause 3.1.d): Data Subject’s name, e-mail address, and feedback;
d) for the purpose stated in clause 3.1.e): internet browsing history, primarily Platform usage logs (including personal data collected by cookies for that purpose);
e) for the purpose stated in clause 3.1.f): any of the categories of personal data in this Privacy Policy, which may also include personal data collected by cookies about the use of the Platform and analytical data;
f) for the purpose stated in clause 3.1.g): any of the categories of personal data above (determined case-by-case according to the legal right Fingate is entitled to execute);
g) for the purpose stated in clause 3.1.h): any of the categories of personal data above (determined case-by-case according to the obligation or request Fingate is subject to);
h) for the purpose stated in clause 3.1.i) Fingate collects and processes both data regarding the Data Subject (including the User or any natural person related to the User – e.g., the beneficial owner) as well as any relevant transaction or circumstances necessary for fulfilling this purpose. Such personal data may include, among other things:
- name, personal identification code, place and date of birth;
- location data, address (as well as proof of residency – e.g. utility bill);
- in case of a representative, information on the identification and right of representation;
- e-mail address, phone number;
- profession or field of activity, main contracting partners, payment habits, origin of the property used in the transaction and origin of wealth;
- data regarding identification document;
- information whether the Data Subject has been entrusted with prominent public functions or whether the Data Subject is a close associate or family member to such person (politically exposed person);
- information whether the Data Subject is subject to any sanctions;
- the name and registry code of the legal person which the Data Subject represents (if the User is a legal person) and the names of the members of the management board or supervisory board, and their authorisation;
- the fact whether the Data Subject is the beneficial owner of the User;
- photo and/or video recording of the Data Subject;
- any order and transaction data;
- any data regarding establishing business relationship or waiver or termination thereof;
- any data regarding the application of due diligence or the impossibility thereof;
- information serving as the basis for the duty to report under the AML regulation;
- any other data necessary for applying due diligence measures as requested by the AML regulation.
3.3. Fingate may collect personal data directly from the Data Subject or collect it from third parties. For example, for the necessary KYC/AML procedures Fingate uses a service partner Sum and Substance which collects and processes data on behalf of Fingate.
3.4. Provision of personal data required under the AML regulation is a statutory requirement. If the required data is not provided, Fingate is not legally allowed to provide the Services. Submission of any other personal data is not a statutory requirement. However, it is necessary to enter into the contract concluded between Fingate and the User and/or for the provision of the Services. If such personal data is not provided, Fingate cannot enter into that contract with the User and/or provide the Services. Provision of personal data via cookies is not required (except for the strictly necessary cookies) and the non-provision of such data has no adverse consequences, unless provided otherwise in Fingate’s Cookie Policy.
3.5. When and if required by the AML regulation, Fingate shall verify the correctness of the relevant data.
4. LEGAL BASIS FOR PROCESSING PERSONAL DATA
4.1. In accordance with applicable data protection law (including the GDPR), there must be an appropriate legal basis for processing personal data. For each of the aforementioned purposes of processing, Fingate explains below the relevant legal basis for it.
4.2. Where Fingate processes personal data for providing the Services and communicating with the User for that purpose (see clauses 3.1.a) and 3.1.b)), the legal basis is the contract concluded between Fingate and the User (Article 6(1)(b) (first alternative) of the GDPR). Meaning that the processing of personal data is necessary for the performance of a contract concluded with the User.
4.3. If Fingate processes personal data regarding communicating with a potential customer (see clause 3.1.b), then the legal basis is Article 6(1)(b) (second alternative) of the GDPR. Meaning that the processing of personal data is necessary for the performance of pre-contractual activities at the request of the Data Subject.
4.4. Where Fingate sends newsletters to the User (see clause 3.1.c), the legal basis is Fingate’s legitimate interest under Article 6(1)(f) of the GDPR. It is Fingate’s legitimate interest to keep the User in the loop of any advancements to the Platform and/or the Services and great offers that may be available. The User can unsubscribe from such e-mails by clicking on a link that is provided under each e-mail. If the User unsubscribes, Fingate shall no longer send such e-mails.
4.5. Where Fingate sends feedback questionnaires to the User (see clause 3.1.d), the legal basis is Fingate’s legitimate interest under Article 6(1)(f) of the GDPR. It is Fingate’s legitimate interest to ask feedback regarding its Services. The User can unsubscribe from such e-mails by clicking on a link that is provided under each e-mail. If the User unsubscribes, Fingate shall no longer send such e-mails.
4.6. If Fingate processes personal data for displaying personalized advertisements (see clause 3.1.e)), the legal basis is the prior consent given by the Data Subject (Article 6(1)(a) of the GDPR). If consent is not given, then personalized advertisements are not shown. The consent may be anytime withdrawn by deleting the respective cookies (see more instructions from the Cookie Policy) or by contacting Fingate.
4.7. If Fingate processes personal data to improve the Platform and the Services (see clause 3.1.f)), the legal basis for processing personal data is Fingate’s legitimate interest under Article 6(1)(f) of the GDPR. It is Fingate’s legitimate interest to improve and develop the Platform and the Services as well as their functioning and quality.
4.8. Where Fingate processes personal data for enforcing and defending Fingate’s legal rights, then this is done under the legitimate interest of Fingate (see clause 3.1.g)) pursuant to Article 6(1)(f) of the GDPR. It is Fingate’s legitimate interest to enforce and defend its legal rights as and if Fingate sees it as necessary.
4.9. Where Fingate processes personal data for complying with legal or regulatory obligations or requests (see clause 3.1.h))), the legal basis is Article 6(1)(c) of the GDPR – i.e. the processing is necessary for the performance of a legal obligation of Fingate as a controller.
4.10. Where Fingate processes personal data for preventing money laundering and terrorist financing and complying with international sanctions (see clause 3.1.i)), the legal basis is Article 6(1)(e) of the GDPR – processing is necessary for the performance of a task carried out in the public interest, as specified in more detail in § 48(2) of the Money Laundering and Terrorist Financing Prevention Act of Estonia.
5. AML OBLIGATIONS
5.1. As already mentioned, Fingate is required by the AML regulation to process the Data Subject’s data. This also means that Fingate may be required by the AML regulation to determine the User’s (and/or any related Data Subject’s) risk category and create a risk profile. For that, Fingate mainly takes into consideration the data submitted to Fingate (e.g., the Data Subject’s residency, field of activity, etc.), the transactions conducted via the Platform, and other relevant data of the business relationship. Based on such analysis, Fingate shall decide the nature of the AML/CTF due diligence measures applied and the provision of the Services.
5.2. Personal data may be processed in an automated way which is necessary for complying with the AML regulation and for entering into and/or performing the contract between the User and Fingate.
5.3. If the Data Subject fails to provide any data requested by Fingate which is required by the AML regulation, Fingate shall not provide the Services to the User.
6. DISCLOSING PERSONAL DATA
6.1. Fingate may transfer or make the personal data accessible to third parties or processors in the following cases:
a) to companies that provide anti-money laundering and counter-terrorist financing due diligence services (e.g., Sum and Substance Ltd, registered in the United Kingdom, whereas transferring of personal data to the United Kingdom has been deemed adequate by the European Commission);
b) to companies that provide cloud computing services in which Fingate stores and processes personal data (e.g., Amazon Web Services EMEA SARL, registered in European Union, Luxembourg, whereas any transfer of personal data to third countries shall be subject to the Standard Contractual Clauses approved by the European Commission);
c) to companies that provide Fingate any other type of services and to which transferring of personal data is necessary for any of the purposes provided in this Privacy Policy. For example, Fingate may make personal data available to Scrive AB (registered in Sweden) which provides e-signing solutions.
6.2. All processors of Fingate shall ensure the protection of personal data as required by the GDPR and other applicable legislation. If Fingate should transfer personal data to other countries than European Economic Area, Fingate will implement appropriate safeguards in accordance with the GDPR – for example, by entering into an appropriate contract with a processor in accordance with the Standard Contractual Clauses approved by the European Commission.
6.3. Fingate has the right to disclose personal data also to the following persons in the following cases:
a) to a third party acquiring Fingate or substantially all of its assets, if such acquisition should take place and in which case personal data held by Fingate about the Data Subjects will be one of the transferred assets;
b) to a relevant institution requiring personal data, if Fingate is under a duty to disclose or share such personal data in order to comply with any legal or regulatory obligation or request deriving from the law (including the AML regulation).
7. HOW LONG PERSONAL DATA IS STORED
7.1. Fingate only processes and stores personal data for as long as it is necessary to fulfil the purpose for which it is processed – once the purpose has ceased, the personal data will be erased or anonymised.
7.2. For each of the aforementioned purposes of processing personal data, Fingate explains below how long personal data for this purpose is processed and stored:
a) up to 3 years after terminating the agreement between the User and Fingate, where Fingate processes personal data regarding providing the Services (see clause 3.1.a)), improving the Platform and the Services (see clause 3.1.f)) and enforcing and defending Fingate’s legal rights (see clause 3.1.g));
b) up to 3 years after the last contact with the User, where Fingate processes personal data regarding communicating and providing customer support (see clause 3.1.b));
c) until the Data Subject unsubscribes from such e-mails, where Fingate processes personal data regarding sending newsletters to the User (see clause 3.1.c)) and sending feedback questionnaires (see clause 3.1.d));
d) until the Data Subject withdraws his/her consent, where Fingate processes personal data for displaying personalized advertisements or until such cookies expire, whichever takes place earlier (see clause 3.1.e));
e) up to 5 years from the end of the business relationship with the User, where Fingate processes personal data regarding complying with legal or regulatory obligations or requests and for the purpose of prevention of money laundering and terrorist financing (see clauses 3.1.h), 3.1.i)).
7.3. The data of importance for prevention, detection or investigation of money laundering or terrorist financing retained as set forth in clause 7.2.e) may be retained for a longer period, but not for more than 5 years after the expiry of the first time limit, if so requested by a precept of the competent supervisory authority.
7.4. Personal data contained in any accounting documents shall be stored for 7 years from the end of the last financial year they relate to.
8. DATA SUBJECT’S RIGHTS
8.1. The Data Subject has the right to contact Fingate by writing an e-mail at data@fingate.app to exercise the Data Subject’s rights concerning the processing of personal data, unless so restricted by the applicable law, including the AML regulation. Such rights include the:
a) right to request access of personal data;
b) right to request rectification of personal data;
c) right to request erasure of personal data;
d) right to request restriction of processing of personal data;
e) right to object to processing of personal data;
f) right to request portability of personal data;
g) right that decisions are not taken concerning the Data Subject which are based on automated decision-making;
h) right to withdraw a consent;
i) right to lodge a complaint with a supervisory authority (the Data Protection Inspectorate, for more information: https://www.aki.ee/; and contact: info@aki.ee).
9. COOKIES
9.1. Fingate uses cookies on its website and Platform. Please read Fingate’s Cookie Policy which explains the relevant rules regarding cookies (available here).
10. THIRD PARTY SITES
10.1. Fingate’s website and the Platform may, from time to time, contain links to and from the websites of Fingate’s partner networks, advertisers and affiliates (including, but not limited to, websites on which Fingate and the Platform are advertised). If the Data Subject follows a link to any of these websites, it must be considered that these websites and any services that may be accessible through them have their own privacy policies and that Fingate does not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. Fingate recommends checking these policies before submitting any personal data to these websites or using any of these services.