We respect the privacy of all users of the Website and ensure that Personal Data of the consumers is treated confidentially and in compliance with applicable laws and regulations.
What is Personal Data and why do we collect it?
We collect your Personal Data for the primary purposes of rendering you the Services. We may also use your Personal Data for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.
We may collect the following types of Personal Data (as applicable), without limitation:
- Personal Identification Data: Full name, date of birth, age, nationality, gender, signature, utility bills, photographs, phone number, home address, and/or email.
- Formal Identification Data: Tax ID number, passport number, driver’s license details, national identity card details, photograph identification cards.
- Financial Data: transaction history, trading data, and/or tax identification.
- Transaction Data: Information about the transactions you make on our Services.
- Online Identifiers: Geo location/tracking details, browser fingerprint, OS, browser name and version, and/or personal IP addresses.
- Usage Data: Survey responses, information provided to our support team, authentication data, user ID, click-stream data and other data collected via cookies and similar technologies.
How do we collect your Personal Data?
Much of the information listed above is collected directly from you when you submit it on the Website. This includes information such as contact details, registration information and service inquiries. If you do not want to share your information, you can choose not to participate in a particular type of service or activity.
Indirect Collection – Cookies and other Technology
The types of technologies we use include:
You may disable browser cookies in your browser. However, you may lose some features or functionality when you disable cookies. Please also note that disabling cookies is browser specific.
- provide you with personalized content based on your use of the Website;
- enable you to more easily use the Website by remembering and using contact information, purchasing information, and registration information;
- evaluate, monitor and analyze the use of the Website and their traffic patterns to help improve the Website and the Services;
- assist us with advertisement reporting functions such as to learn which ads are bringing users to the Website.
Where reasonable and practicable to do so, we will collect your Personal Data only from you. However, from time to time, we may obtain information about you from third party sources as required or permitted by applicable law, such as public databases, credit bureaus, ID verification partners, marketing partners, social media platforms and others.
Why we share Personal Data with other parties
We take care to allow your Personal Data to be accessed only by those who really need to in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it. We will never sell or rent your Personal Data. We may share your Personal Data in the following circumstances:
- We share your Personal Data with third party identity verification services in order to prevent fraud or violation of applicable laws (including anti-money laundering and counter-terrorism financing regulations). This allows us to confirm your identity by comparing the information you provide us to public records and other third party databases. These service providers may create derivative data based on your Personal Data that can be used solely in connection with provision of identity verification and fraud or law violation prevention services.
- We may share your Personal Data with service providers under contract who help with parts of our business operations such as marketing or technology services. Our contracts require these service providers to only use your Personal Data in connection with the services they perform for us and prohibit them from selling your Personal Data to anyone else.
- We may share your Personal Data with third parties and/ or financial institutions with which we partner to purchase any virtual assets, goods, services or to process payments which you have authorized. The shared Personal Data may include the data provided by the user during obboarding and KYC. Such partners may include any third party accessible through our Website and accessed by the user for the purpose of using the services of such third party, purchasing their virtual assets, any goods or services. Such third parties include (but are not limited to): XasPay Sp. z.o.o., EU Internet Ventures B.V. (dba Banxa), Light Technology Limited (dba. Transak).
- We may share and transfer (including by way of cross-border transfer) Personal Data with a third party for the purpose of rendering the Services which will be made to our Website or systems, including via the use of your credit and debit card. The Personal Data will be shared with such third party after you elect to execute such monetary payments by using the Services of the third party.
- We may transfer any non-personal data (i.e. data that does not identify an individual person) provided by you through your use of the Services on our Website to a third party in order to allow a third party to perform preliminary examinations of non-personal data for the purpose of determining if you are qualified to use the services of such third party (including the history of your transactions on the our Website which will be provided without any identifying information and solely for the purpose of performing the preliminary examinations).
- We may share and transfer (including by way of cross-border transfer) Personal Data with the providers or issuers of tokens that you acquired using our Website or systems if provider/issuer is located in the EU or countries with the level of data protection in a non-EU country considered adequate by the EU commission. The Personal Data may be shared with such third party after you elect to acquire tokens during initial offering, as a result of trading or in any other way using our Website or systems.
If you establish a LATOKEN account indirectly on a third party website or via a third party platform, any information that you enter on that website or application (and not directly on the Website) will be shared with the owner of the third party website or platform and your information will be subject to their privacy policies.
Specific consent by users in Singapore
If you are located in, or a resident of, Singapore, you specifically and voluntarily consent to the transfer of your Personal Data to us and service providers outside Singapore, for the specific purposes of performing identity verification or checking, to enable us to prevent fraud and comply with our legal obligations. Other jurisdictions may not have protections in place for Personal Data as extensive as those within Singapore. However, we require our service providers to treat your Personal Data in strict confidence and use appropriate security measures to protect it. You may revoke your consent to this section at any time by emailing [email protected] with the subject line "Revoke Singapore Data Consent".
Security of Personal Data
How do we keep your Personal Data safe?
We use multiple security measures to ensure confidentiality your Personal Data. We aim to only keep your Personal Data for as long as we need it. We store your electronic records in secure systems. Access to your Personal Data is permitted only for authorized employees.
We use asymmetric encryption of data sent from your computer to our systems so no one else can access it. We do not store user passwords on our systems. We use Secure Sockets Layered (SSL) technology to ensure that your Personal Data is fully encrypted and sent across the Internet securely. Each user may opt to use Two Factor Authentication as an extra layer of security that requires not only a password and username on your login at the Website.
Children's Personal Data
We do not knowingly request to collect Personal Data from any person under the age of 18. Any services of LATOKEN or its partners are forbidden for any person under the age of 18. If a user submitting Personal Data is suspected of being younger than 18 years of age, we will require the user to close his or her account and will not allow the user to continue using the Services. We will also take steps to delete the Personal Data as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent their access to our Services.
Updating your Personal Data
It is an important to us that your Personal Data is up to date. We will take reasonable steps to make sure that your Personal Data is accurate, complete and up-to-date. If you find that the Personal Data we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
Additional provisions relating to GDPR
This Exhibit A governs handling of Personal Data pursuant to General Data Protection Regulation (EU) 2016/679 of 27.04.2016 or any equivalent applicable legislation (collectively, “GDPR”). In particular, GDPR applies to you if you reside in the European Economic Area or Switzerland. LATOKEN is the data controller (“Data Controller”) with respect to your Personal Data, and as Data Controller determines the means and purposes of processing data in relation to the Services, where the purposes and means of such processing are determined by the GDPR.
2. What are your rights?
You have rights to transparent information, communication and modalities for the exercise of your rights as the Data Subject under GDPR. Your principal rights under GDPR are:
- the right to be informed;
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority;
- the right to withdraw consent;
You have the right to request details of Personal Data which we hold about you under GDPR, this includes access to Personal Data, together with certain additional information. Additional information includes details of the purposes of the processing, the categories of Personal Data. The rights and freedoms of others are not affected.
You have “the right to be forgotten”, to the erasure of your Personal Data without undue delay. It applies in following circumstances:
- Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw consent to consent-based processing;
- you object to the processing under certain rules of applicable data protection law;
- the processing is for direct marketing purposes;
- Personal Data have been unlawfully processed.
However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.
In some circumstances, you have the right to restrict the processing of your Personal Data. Those circumstances include: you contest the accuracy of Personal Data; processing is unlawful but you oppose erasure; Personal Data is no longer needed for the purposes of processing, but you require Personal Data for the establishment, exercise or defense of legal claims; you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your Personal Data.
You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
To the extent that the legal basis for our processing of your Personal Data is consent; or that the processing is necessary for the performance of an agreement to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your Personal Data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
If you consider that processing of your Personal Data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. To the extent that the legal basis for our processing of your Personal Data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may exercise any of your rights in relation to your Personal Data by an email notice to us at [email protected]
3. How your Personal Data is used
In general, we use Personal Data to create, develop, operate, deliver, and improve our Services, advertising, and for loss prevention and anti-fraud purposes. We may process your Personal Data if you consent to the processing, to satisfy our legal obligations, if it is necessary to carry out our obligations arising from any contracts we entered with you, or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, rights or safety of LATOKEN, our users or others. In particular, we may use this information in the following ways:
- To maintain legal and regulatory compliance
Some of our Services are subject to laws and regulations requiring us to collect and use your Personal Identification Data, Formal Identification Data, Financial Data, Transaction Data, Online Identifiers, and/or Usage Data in certain ways. For example, we must identify and verify users using our Services in order to comply with anti-money laundering and terrorist financing laws in a number of jurisdictions. The consequences of not processing your Personal Data for such purposes is the termination of your account as we cannot perform the Services in accordance with legal and regulatory requirements. Pursuant to GDPR, we process this Personal Data to comply with our legal obligations.
- To provide customer service
We process your Personal Data when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. Without processing your Personal Data for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services. Pursuant to GDPR, we process this Personal Data based on our contract with you.
- To ensure quality control
We process your Personal Data for quality control and staff training to make sure we continue to provide you with accurate information. If we do not process Personal Data for quality control purposes, you may experience issues on the Services such as inaccurate transaction records or other interruptions. Our basis for such processing is based on the necessity of performing our contractual obligations with you. Pursuant to GDPR, we process this Personal Data based on our contract with you
- To ensure network and information security
We process your Personal Data in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. Without processing your Personal Data, we may not be able to ensure the security of our Services. Pursuant to GDPR, we process this Personal Data to satisfy our legal obligations.
- For research and development purposes
We process your Personal Data to better understand the way you use and interact with the Services. In addition, we use such information to customize, measure, and improve the Services and to develop new services. Without such processing, we cannot ensure quality of the Services. Our basis for such processing is based on legitimate interest. Pursuant to GDPR, we process this Personal Data to satisfy our legitimate interests as described above.
- To enhance your Website experience
We process your Personal Data to provide a personalized experience and implement the preferences that you may request. For example, you may choose to provide us with access to certain Personal Data stored by third parties. Without such processing, we may not be able to ensure your continued receiving of part or all of our Services. Pursuant to GDPR, we process this Personal Data to satisfy our legitimate interests as described above.
- To engage in marketing activities
Based on your communication preferences, we may send you marketing communications to inform you about our events or our partner events; to deliver targeted marketing; and to provide you with promotional offers based on your communication preferences. We use information about your usage of our Services and your contact information to provide marketing communications. You can opt out of our marketing communications at any time by contacting us at [email protected]. You may raise such objection with regard to initial or further processing for purposes of direct marketing, at any time and free of charge. Direct marketing includes any communications to you that are only based on advertising or promoting products and services. Pursuant to GDPR, we process this Personal Data to satisfy on your consent.
We will not use your Personal Data for purposes other than those purposes we have disclosed to you, without your permission. From time to time we may request your permission to allow us to share your Personal Data with third parties. You may opt out of having your Personal Data shared with third parties or allowing us to use your Personal Data for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization. If you choose to so limit the use of your Personal Data, certain features or the Services may not be available to you.
4. Disclosure of Personal Data to third parties
5. How can you control your Personal Data?
We offer our users choices for the collection, use and sharing of Personal Data. You may contact us at [email protected] if you wish to edit your private information and we will use commercially reasonable efforts to accommodate your request. If you believe that any inaccurate or inappropriate information has been obtained or provided to others through your use of the Website, please contact a representative of LATOKEN at [email protected].
6. Storage of your Personal Data
We will try to limit the storage of your Personal Data to the extent that storage is necessary to serve the purposes for which the Personal Data was processed, to resolve disputes, enforce our agreements, and as required or permitted by law.
7. Security precautions to protect your Personal Data
Remember to sign out of your account and close your browser window when you have finished your work. This is to ensure that others cannot access your account by using your computer when you are away from it. Because information sent through the Internet travels from computer to computer throughout the world, when you give us information, that information may be sent electronically to servers outside of the country where you originally entered the information. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. Information that you disclose by use of the Website, by posting a message or using e-mail, potentially could be collected and used or misused by others. This may result in unsolicited messages from third parties or use of such information by third parties for their own purposes, legal or illegal. As a result, while we strive to protect your Personal Data, we cannot ensure or warrant the security of any information you transmit to us or from our Services, and you do so at your own risk. Once we receive your transmission, we use commercially reasonable efforts to ensure its security on our systems.
8. Getting informed about Personal Data breach
8.1 When do we need to tell you about personal breach?
In the case of a Personal Data breach, we shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify you of such breach. If a breach is likely to result in a high risk to the rights and freedoms of individuals, we must inform you directly and without undue delay
8.2 What is a Personal Data breach?
A Personal Data breach means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just losing Personal Data. Personal Data breaches can include:
- access by an unauthorized third party;
- deliberate or accidental action (or inaction) by a data controller or data processor;
- sending Personal Data to an incorrect recipient;
- computing devices containing Personal Data being lost or stolen;
- alteration of Personal Data without permission;
- loss of availability of Personal Data.
9. How to contact us
You may reach LATOKEN Data Protection Officer at [email protected]. You can contact us any time to exercise any of your rights in relation to your Personal Data or if you have any additional questions about collection and storage of Personal Data by contacting us at [email protected].
You can also complain about our processing of your Personal Data to the relevant data protection authority. You can complain in the EU member state where you live or work, or in the place where the alleged breach of data protection law has taken place.