FECHA DE ACTUALIZACIÓN: 09/07/2023
Efy Finance adopts this policy for the processing of personal data, which will be informed to all owners of the data collected or obtained in the future in the exercise of commercial activities. In this way, Efy Finance states that it guarantees the rights of privacy, intimacy, good name, in the processing of personal data, and consequently all its actions will be governed by the principles of legality, purpose, freedom, truthfulness or quality, transparency, restricted access and circulation, security and confidentiality.
All people who, in the development of different commercial activities, among others, whether permanent or occasional, will supply Efy Finance. any type of information or personal data, you will be able to know it, update it and rectify it. Our platform is committed to protecting the privacy of our customers and ensuring that their personal data is kept secure.
We collect and process our customers’ personal data only for specific, legitimate and explicit purposes, and we never share it with third parties without their prior consent.
- Who does this policy apply to?
This Privacy and Personal Data Processing Policy applies to all visitors to the efy.finance website, or users of any of the APIs connected to it who share personal information with us. Whether you are a simple visitor to our website or if you contact us to provide personal information in any way, we will always process your personal data in accordance with this Privacy and Personal Data Processing Policy.
Below we share some of the most important terms we use here and you should know:
- PERSONAL DATA: Any information relating to an identified or identifiable natural person (e.g. name and surname, image of face, address, email, identity document, location data, IP address, cookie data, telephone number, etc.) .
- HOLDER: You. The natural person to whom the personal data in question relates.
- CONSENT: The free, informed and unequivocal expression with which you accept the processing of your personal data for a specific purpose.
- TREATMENT: Any operation carried out with personal data. For ex. collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation, modification, communication, transfer, dissemination or extraction.
- Responsible for data processing.
EFY TECHNOLOGIES, S.A. DE C.V. is a company incorporated in the Republic of El Salvador as a provider of Bitcoin services and intermediation in the purchase, sale and custody of crypto assets, and will be responsible for the processing carried out on your personal data.
Your privacy is very important to us and we intend that the trust you place in Efy Finance translates into security to operate throughout our ecosystem. That is why it is very important that you keep in mind that, when registering on our platform, you will be providing certain personal information that Efy Finance will process and share with all the companies that participate in the provision of our services and make their operation possible.
You must previously accept these conditions to complete your registration and use the platform. If you do not agree, or have any doubts about its scope, please do not continue with the registration; We invite you to write to us at firstname.lastname@example.org so we can improve.
- Data collected
During the use of our Website, Platform or APIs, we may process the following information and personal data of users:
- Personal Information from the creation of an Account, which includes:
- Email address;
- Login details (Username and password);
- Security Data (2FA).
- Personal information we require to verify your identity and comply with KYC and anti-money laundering regulations.
To register a Personal account, we will require you to provide us with the following information:
- Full name;
- Residence address;
- A Copy/Image of your Passport, Driver’s License or ID from your country of origin;
- Proof of Residency (e.g. utility bill).
To register an account in the name of an entity (Corporate Account), we will require the following personal information to verify your account:
- Your full name;
- The statutory name and, where applicable, the distinct commercial names of the entity;
- The address of the company registered with the Chamber of Commerce;
- A valid company incorporation document (from the Chamber of Commerce and/or the Financial Services Commission);
- URL of the government website that contains your company data and verifies the authenticity of the registration;
- Deed of incorporation and bylaws (containing the structure and rules of the company);
- Sources of funding;
- Register of shareholders/partners/partners (complete list of names, addresses and number of shares of each current shareholder);
- Chart of the ownership structure showing the percentages of each shareholder, the beneficial owner(s) and the countries of residence/incorporation;
- List of full names and ownership percentages of shareholders who own 25% or more of the company’s shares;
- Identity document and recent proof of address of all shareholders who own 25% or more of the company’s shares;
- List with the full names, date of birth and address of all directors;
- Passport, Driver’s License or ID from the country of origin and recent
- proof of residential address of all directors;
- List of persons authorized to operate on the Platform;
- Passport, Driver’s License or ID from the country of origin and recent proof of residential address for all persons who will operate on the EFY Finance platform.
- In order to facilitate your use of Products on our Platform, we will require the following information:
- The wallet address from or to where deposits and/or withdrawals of incoming/outgoing cryptoassets are made from your account;
- Your account deposits, investments, returns and balances.
- Information related to communication between you and us:
- Email address; and
- Details of your request and/or complaint and other information that you provide to us in the course of the communication session.
- Información que usted nos proporciona cuando visita nuestro Sitio Web y utiliza nuestra Plataforma:
- Login logs;
- IP adress;
- Information about your device, browser, operating system and network system;
- Viewing time and online behavior on the Platform.
- The personal data we collect includes contact information, such as name, address, telephone number and email, as well as financial information, such as bank account numbers and transaction data.
- Contracting data: products and services contracted, status of owner, information on investments made and their evolution.
- Basic financial data: current and historical balances of your products and services, and movements in your accounts, including the type of operation, the parties, the amount and the concept.
- Data obtained from data analysis:
- Data obtained from the execution of statistical models: we apply various statistical models on our clients’ data to fight fraud, deduce consumer habits or preferences, comply with our regulatory obligations and manage our products and services.
- Risk assessment data: to provide you with some of our products, we will previously deduce your payment capacity, applying statistical models that are calculated on your data.
- Data obtained from publicly accessible or external sources:
- Data obtained from credit information systems: result of consulting the most recognized systems on the market, which provide information on debts, asset solvency and credit (debtor, creditor and debt).
- Data obtained from public organizations: result of consulting public access systems, which provide information on debts.
- Data related to international sanctions: data of people who are included in laws, regulations, guidelines, resolutions, programs or restrictive measures regarding international economic-financial sanctions imposed by the United Nations, the European Union, the United Kingdom and the United States, among others.
- Demographic data: statistical data associated with geographical areas, age groups and/or sectors of activity, which we will link to your personal information.
- Data on public positions and/or corporate ties: result of consulting the most recognized information systems on the market, which we will use to complement the information on your activity.
- Social network data: from the platforms that you link and/or authorize to consult.
Request for Update and/or Rectification of Data
EFY Finance will rectify and update, at the request of the owner, the information of the owner that turns out to be incomplete or inaccurate, in accordance with the procedure and terms indicated above, for which the following will be taken into account:
1. The owner must send the request to the email email@example.com indicating the update and/or rectification to be made and will provide the documentation that supports their request.
2. EFY Finance may enable mechanisms that facilitate the owner’s exercise of this right, as long as they benefit the owner. Consequently, electronic or other means that are considered relevant may be enabled, which will be informed in the privacy notice and will be made available to interested parties on the website.
- For what purposes do we process your personal data?
We may use your personal data to:
- Create and manage your Account;
- Analyze your transactional profile;
- Give you access to our Platform and provide you with our services;
- Verify your identity and comply with applicable laws and regulations in this regard;
- Cooperate with requests from law enforcement agencies;
- Process your operations;
- Analyze your use of our website and platform;
- Provide you with customer support;
- Send you updates, newsletters, surveys or promotions;
- Contact you about other aspects of our services.
We will not process your personal data for other purposes.
- What legal bases apply to our processing of personal data?
We have the right to process your personal data based on different legal bases.
The following table contains a summary of the legal bases we use to process specific personal data:
POSSIBLE PURPOSES OF THE TREATMENT:
- Verify your identity
- Demonstrate your consent
- Perform credit analysis
- Identify and prevent possible fraud
- Identify and prevent potential threats to platform security
- Make advertising and/or promotional contacts
- Comply with PLAFT regulations
- Comply with judicial or administrative requirements
- Customize and improve services
- Analyze your behavior
In any case, keep in mind that if you make decisions based solely and exclusively on automated processing (that is, without the participation of a person) that could produce legal effects on you, or that could significantly affect you (for example, with the refusal of a product), we will inform you about this and provide you with the right to obtain human intervention, to express your point of view and to challenge the decision.
- How long do we keep your personal data?
Efy Finance will retain your personal data for the time necessary to fulfill the purposes for which it was collected, as well as to comply with legal or regulatory requirements, or during the limitation period of possible legal or contractual liabilities. We will also consider whether the retention of the data could harm the rights or legitimate interests of Efy Finance or third parties. It is important to note that there are regulations that require us to retain certain information for special periods, which can be 2, 5 or even 10 years.
To determine the appropriate retention period for each category of personal data, we evaluate the amount, nature and sensitivity of the data, as well as the potential risk of unauthorized use or unlawful disclosure. We also consider the purposes of the processing and whether it is possible to achieve those purposes through other legal means.
In short, your personal data will continue to be stored from the moment of registration and as long as your account is active. Once the legal period that affects each specific type of data has ended, or when the purposes for which it was collected have been met, we will proceed to eliminate or anonymize it so that it is not possible to identify any person.
- Who has access to your personal data?
- Our authorized personnel will have access to your personal data on a need-to-know basis. These individuals have undergone a background investigation before being hired and are required to treat the information as highly confidential.
- Additionally, we may contract with third party service providers to provide ancillary services. If and to the extent such parties come into possession of your personal data, they will act as our data processor. These are, for example, cloud service providers and providers of certain software solutions. We will enter into a data processing agreement with such parties, which will include data security provisions to protect your personal data from potential data breaches. These data processors will only process your personal data to the extent necessary for the provision of the services for which they have been engaged.
- We may also share personal data with affiliates who have referred you to our website, and with partners for promotions or integrations of co-branded services.
- We may provide your personal data to competent authorities upon request to the extent required by law or to the extent necessary to defend our rights in legal proceedings or investigations.
In addition, we reserve the right to disclose your information to other users, entities and/or authorities when there are sufficient grounds to consider that your activity was suspicious and/or there is a reasonable presumption that other people could be harmed.
For any other case, before sharing your personal information, we will ask for your prior and express consent, unless there is a sufficient rule or order that allows otherwise.
- Is your personal data safe?
We use technical and organizational security measures to protect our customers’ personal data against loss, theft, misuse or unauthorized access.
We treat your personal data with the greatest possible care and scrutiny. This means that we will take appropriate technical and organizational measures to ensure that all information is correct, up-to-date and complete, and to prevent unauthorized persons, inside and outside our organization, from accessing it. We use “best practices” to protect your personal data. For example, your personal data is encrypted with SSL (Secure Sockets Layered) technology and our directories and databases are password protected.
- How do we transfer personal data internationally?
Due to the nature of the services we offer, it is necessary to use servers and cloud services, which may mean that some of the personal data we collect is stored or processed in countries other than the country of origin.
Where personal data is transferred to a country that does not provide an adequate level of data protection in accordance with applicable law, we will implement additional technical and/or organizational security measures to ensure the protection of your personal data. If necessary, we will require the service provider to also implement these measures or supplement them with appropriate measures.
These guarantees may include the use of binding corporate rules, contractual clauses adopted by a supervisory authority or contractual clauses authorized by a supervisory authority. These measures seek to ensure compliance with personal data protection regulations and guarantee that interested parties have enforceable rights and access to effective legal remedies.
- About operations carried out on blockchain
Blockchain technology operates as a shared, immutable record that facilitates the process of recording and tracking transactions and assets, both tangible and intangible. Anything of value can be tracked and traded on a Blockchain network, reducing risks and costs for all participants.
This technology generates an ever-growing list of records called blocks. Each block contains a cryptographic hash of the previous block, a timestamp, and other data related to the transaction. Immutability is one of the key features of Blockchain: information stored in a block cannot be added, deleted, or modified without affecting the hash value and altering subsequent blocks. Once a transaction is recorded on the shared ledger, no participant can change or falsify that transaction. If an error is made in the record, a new transaction must be added to correct it, but both transactions will be visible.
It is important to note that, due to the nature of Blockchain, it is not possible to modify or correct transactions made on the Efy Finance platform or delete personal data required by the blockchain for such transactions.
When you make a transaction with cryptoassets, certain personal information will be recorded in the respective blockchain, including the source and destination wallet address, the amount of the transaction, and the date and time of the transaction. Once the transaction is confirmed, this information will not be under our control and we will not be able to help you exercise your rights over it. The blocks are linked chronologically and the data recorded in them is practically unalterable or removable.
This particularity of Blockchain may affect your ability to exercise certain rights as a data owner, such as the right to deletion or rectification. Although there are smart contracts that can block certain personal information from third parties, the data will still be present and cannot be deleted.
In short, if you want to ensure that your rights are not affected in any way, avoid transacting on Blockchain, as some rights may not be fully available or may not be fully exercised. In general, blockchains are open to the public and any personal data published on them will be public knowledge.
- What are your rights regarding my personal data?
- You have the right to ask us if we are processing your personal data. You can exercise your right to access your personal data at any time, with reasonable frequency. Once consulted, you can ask us to rectify or delete any (inaccurate) data or to restrict or terminate the processing of your personal data. However, we reserve the right to refuse such a request to limit or cease the processing of your personal data if we have a legitimate interest in continuing the processing of your personal data, in particular if we need the information in (possible) legal proceedings.
- You have the right to ask us to transfer (some of) your personal data to you or another party.
- How can I present a complain?
If you have any complaints about how we process your personal data, you can contact us using the contact details set out in this Privacy and Personal Data Processing Policy. We will be happy to help you find a solution. Additionally, you can lodge a complaint about the way we process your personal data with the supervisory authority of the country in which you reside (if applicable).
Authorization for the processing of personal data will be requested and considered accepted and understood at the creation of the user’s account and at the moment in which the user accepts the terms and conditions of use of the site, with which there is evidence of authorization of this .
- How do we notify policy changes?
This Privacy Statement may be updated. Therefore, we recommend that you periodically visit this page to be aware of changes. However, if we make material changes that require your consent, we will post the update and notify you by email so you are aware. If you do not agree with this Privacy Statement, you must discontinue using the platform.