Who we are
Our website address is: https://qexchange.ai.
A. WHO WE ARE – article 13(1)(a) of the GDPR
The data controller of this Website is Qexchange.ai.
B. INFORMATION WE COLLECT – article 5(b)/ article 13(1)(c)/ article15 (1)(b) of the GDPR
You may visit our site anonymously.
If you choose to register on our website, these are the categories of data to and on behalf of you will be processed:
Your name and surname;
Your date of birth;
Your residential address;
Your banking details including your Account number;
The Copy of your ID card (passport, national ID card, driving license etc.);
The Copy of your electricity bill or the copy of your bank statement confirming your residential address;
Your e-mail address;
Your phone number;
Any other personal data provided voluntarily by users.
We will inform you about relevant changes concerning the Service, such as the implementation of additional functions, by posting it on this Website and/or by e-mail.
C. WHAT DO WE USE YOUR INFORMATION? – article 12(1) / article 13 / article 15 (1)(a) of the GDPR
Any of the information we collect from you may be used for one or more of the following purposes:
To personalize your experience;
To improve our website;
To send periodic e-mails;
Use your personal data to provide the services and to process payment transactions and related operating activities.
If at any time you would like to unsubscribe from receiving future e-mails, you can cancel your account after login by clicking on “Cancel my account”.
D. LEGAL BASIS
EU General Data Protection Regulation (GDPR). The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR article 6(1)(a)(b).
If the processing is based on your consent, you may at any time withdraw your consent by contacting us using the contact information in clause 1.
In order to become a member, you must provide us with the required personal data. If you do not provide us with all the required information, it will not be possible to deliver the Service.
Children’s Online Privacy Protection Act Compliance. We will not intentionally collect any information from anyone under thirteen (13) years of age. Our website, products and services are all directed at people who are at least eighteen (18) years old or older, cf. GDPR article 8.
E. PERSONAL DATA PROTECTION – article 5(1)(f)/ article 25 of the GDPR
We implement the following technical, physical and organizational measures to maintain the safety of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized modification, disclosure or access and against all other unlawful forms of processing.
Confidentiality. All personnel are subject to full confidentiality and any subcontractors and sub processors are required to sign a confidentiality agreement if not full confidentiality is part of the main agreement between the parties, cf. GDPR article 5(1)(f).
Transparency. We will at all times keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used. We will also provide the summaries of any independent audits of the Service, cf. GDPR article 5(1)(a).
The ability to intervene. We enable your rights of access, rectification, erasure, blocking and objection by offering you the option to send instructions to the following e-mail address [email protected], cf. GDPR article 7(3) / article 12(2) / article 16 / article 17.
Monitoring. We use security reports to monitor access patterns and to proactively identify and mitigate potential threats. Administrative operations, including system access, are logged to provide an audit trail if unauthorized or accidental changes are made.
System performance and availability is monitored from both internal and external monitoring services.
Personal Data breach notification. In the event that your data is compromised, we will notify you and competent Supervisory Authority(ies) within seventy two (72) hours by e-mail with information about the extent of the breach, affected data, any impact on the Service, as well as our action plan for measures to secure the data and limit any possible detrimental effect on the data subjects, cf. GDPR article 12(3) and article 33.
“Personal data breach”. means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of the Service, cf. GDPR article 4(12).
F. DISCLOSURE OF INFORMATION TO THIRD-PARTY – article 4(10) / article 6 (1)(f) / article 6(3) / article 13(1)(d) / article 15(1)(c) of the GDPR
We do not sell, trade or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or subcontractors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety.
We will monitor subcontractors’ and sub-processor’s’ maintenance of these standards and audits to ensure that data protection requirements are fulfilled.
Legally required disclosure. We will not disclose the customer’s data to law enforcement except when instructed by you or where it is required by law. When governments make a lawful demand for customer data from us, we strives to limit the disclosure. We will only release specific data mandated by the relevant legal demand.
If compelled to disclose your data, we will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
G. THIRD-PARTY LINKS
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third-party sites have separate independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked websites. Nonetheless, we seek to protect the integrity of our website and welcome any feedback about these websites.
H. WHERE DO WE STORE THE INFORMATION – article 5(1)(e) / article 30 of the GDPR
Personal data location. All data are stored in databases and file repositories hosted in an [—].
I. ACCESS, DATA PORTABILITY, MIGRATION, AND TRANSFER BACK ASSISTANCE
You may at any time obtain confirmation from us as to whether or not personal data concerning you are being processed, cf. GDPR article 13(3).
You may at any time order a complete data copy, which you may transmit to another controller of the data. Your data will be delivered by us within [—] working days, and free of charges, cf. GDPR article 12(5) / article 15(1)(3) / article 20.
J. REQUEST FOR RECTIFICATION, RESTRICTION OR ERASURE OF THE PERSONAL DATA – article 13(2)(b) / article 15(1)(e) / article 16 / article 17 / article 18 / article 19 of the GDPR
Rectification. You may at any time obtain without undue delay rectification of inaccurate personal data concerning you, cf. clause 5.6.
Restriction of processing personal data. You may at any time request us to restrict the processing of personal data when one of the following applies:
if you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
if we no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.
Erasure. We (the “data controller”) process and store your personal data only for the period necessary to achieve the purpose of storage and to comply with AML legislation. If the storage purpose is not applicable, or if the storage period expires, the personal data is routinely blocked or erased.
K. DATA RETENTION – article 5(1)(e) of the GDPR
Data retention policy. Your data will due to tax regulations be retained for up to ten (10) full fiscal years from your cancellation of your Service account.
Data retention for compliance with legal requirements. You cannot require us to change any of the default retention periods, except for the reasons for erasure pursuant to clause 11.3.
Data restitution and/or deletion. Due to the nature of the Service provided by us, as well as to comply with other legislations, such as AML, your personal data shall be retained after the termination of the contract. You may request a data copy before termination. You must not cancel the Service account until the data copy has been delivered, as we otherwise will not be able to deliver the data copy.
We will cooperate with you in order to ensure compliance with applicable data protection provisions, e.g. to enable you to effectively guarantee the exercise of data subjects’ rights (right of access, rectification, erasure, blocking, opposition), to manage incidents including forensic analysis in case of security breach.
M. TERMS OF SERVICE
Please also visit our Terms & Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our website at www.qexchnage.ai
N. YOUR CONSENT
P. COMPLAINT – article 13(2)(d) / article 15(1)(f) / article 77 of the GDPR
You may at any time lodge a complaint with a supervisory authority regarding our collection and processing of your personal data.
Cookie declaration last updated on 08/05/2019