Last Revised: April 8th, 2020
SimplexCC Ltd. and Simplex Payment Services, UAB (collectively “Simplex”, “Company”, “we” or “us”) respects the privacy of the users of our payment processing platform (collectively, the “Platform”), as well as users of our website available at: simplexcc.com or simplex.com (the “Site”), and is committed to protect the personal information that users share with us in connection with the use of our Platform and/or Site (collectively – the “Service”).
- From whom we collect Personal Information?
- Which Information we collect?
- How do we collect Personal Information?
- What are the purposes of the collection of Personal Information?
- What are the conditions for processing of Personal Information?
- Sharing Information with Third Parties
- Retention of Personal Information
- Tracking Technologies
- Your Rights
- Third Party Websites
- Have any Questions?
1. From whom we collect Personal Information?
- Site Visitors: Individuals who visit our Site and who may volunteer certain contact data (such as their email address) to receive communications from the Company. For clarity, Site does not include any sites owned or operated by our Customers.
- Users: Individuals whose information we process in order to:
- Provide the Service to our Customers pursuant to our agreements with them, or –
- Provide the Service directly to our Users via an e-money account or service account; this includes Users registering on behalf of an organization.
- Customers: Those who register on their own or on behalf of an entity or organization to use the Company’s Service, including merchants and operators of the Exchanges. For the avoidance of doubt, Customers does not include Users.
2. Which information may we collect?
We collect two types of information from our Users:
- The first type of information is un-identified and non-identifiable information pertaining to a User(s), which may be made available or gathered via the User’s use of the Service and/or the transactions carried out in connection with the Service, including through an exchange’s website carrying the Service (“Exchange”), as applicable (“Non-Personal Information”). We are not aware of the identity of the User from which the Non-personal Information was collected.
- Non-Personal Information which is being collected consists of technical information and aggregated usage information, and may contain, among other things, the User’s operating system, type of browser, screen resolution, browser and keyboard language, the User’s ‘click-stream’ on the Service and activities on the Service, the period of time the User visited the Service and related timestamps, etc.
- Non-Personal Information shall be gathered by us in order to perform preliminary examinations of the users’ transactions before enabling such users to use the Service.
- For the avoidance of doubt, any Non-personal Information connected or linked to any Personal Information shall be deemed as Personal Information as long as such connection or linkage exists.
- The second type of information is information that identifies or may identify an individual with reasonable efforts (“Personal Information”). Personal Information which is being gathered may consist of the following:
- The User’s IP address, as well as other persistent device identifiers, which is automatically recorded from the User’s device and used mainly for enhancing the User’s experience and for geolocation, personalization, security and fraud prevention purposes, as further detailed below.
- In the event that following the preliminary examinations of Non-Personal Information as noted above, such User is determined as qualified to use the Service (as shall be determined in our sole discretion), then after clicking the Service button the User will be requested to fill out the registration form available on the Service, and such User will be required to provide certain information such as his/her contact details, including the following:
- Full name
- Physical address
- E-mail address
- Copy of a government-issued ID (such as a passport or driver’s license) – this is collected as means for official proof of identity
- Details regarding the government-issued ID, such as the number, issuing country and issuance/expiration date;
- Country of residence
- Date of birth
- Billing address
- Wallet ID (if applicable)
- Payment card details – however, please note that such data is transmitted directly to our trusted third party payment processors. We do not retain the full details of the credit card;
- Any additional required information in order to render the Service.
Kindly note that without providing the above information the User will not be able to complete the transaction.
- In the event that the User creates or registers with an e-money account, the User will be required to provide us with all the information listed above, as well as additional information, including:
- Tax information (such as Tax Identification Number)
- Bank information (such as IBAN)
- Details regarding the business activity of the User and his/her income (including source of funds)
- The purpose for opening the account and related information (such as planned turnover)
- Details regarding whether or not the User is a Politically Exposed Person (“PEP“); and –
- If you are acting on behalf of an organization, we request information regarding said organization (including contact details, registration number, bank information, tax information, general information about the organization and its activities, etc.). In such cases we will also require certain contact information relating to additional stakeholders in the company (such as shareholders, ultimate beneficial owners, and others).
Kindly note that without providing the above information the User will not be able to open or register with an e-money account.
- In addition, we also collect the User’s publicly-available social network information, provided that the User has an existing third-party social network account (namely, a Facebook, Twitter, LinkedIn or Google+ account) (“SN Account”) registered under the same name and/or e-mail provided by User when registering to the Service.
- In the event a User registers to the Service or otherwise grants us with certain access permissions to his/her SN Account, the third-party social network(s) operating such SN Account(s) may provide us with certain information about the User, as is stored in and/or made available by the User through his/her SN Account and in accordance with the permissions granted to us by the User. For example, such information may consist, as applicable and/or made available by the User, of the User’s name, public profile picture URL address, SN Account User ID, e-mail address, date of birth, gender, occupation or work information, education and other information which the User made public.
- In addition, we also collect the behavior of the User on our Services, which includes keystrokes, recording of mouse movements and other activities in our Services.
- Any Personal Information provided voluntarily by the User via its use of the Service, such as the User’s e-mail address in order to be contacted (and any additional information related to such contacts), User responses to customer surveys about how we can improve our product(s) and service(s), transaction details provided through use of the Service, and/or other actions performed by the User in connection with the Service.
- We also collect additional data from third-party sources regarding the User. This includes the User’s credit rating and other information available through publicly available credit card blacklists and official limited bank account lists, as well as non-public information provided by credit rating agencies, banks or other organizations.
- Please note that the Personal Information we collect is required in order for us to contractually provide the Services, as well as for us to meet our regulatory requirements (such as Anti-Money Laundering and Know-Your-Customer regulations), and to safeguard our legitimate interests. In the event that you will not provide such information, we may not be able to provide our Service.
We collect the following information from our Customers:
- Customer Account Information. We collect certain information relating to your business (such as the business registration number and brand name, information relating to the nature of the services you offer, the business contact information, etc.), information relating to you as the contact person of your business, including your name, title, phone, email and address, as well as information relating to the shareholders, business owner or founder, including his or her name, phone, email and address, as well as a copy of governmental-issued ID (such as passport) and proof of address (such as utility bill).
We collect the following information from our Site Visitors:
- We collect your contact data (for example your name and email address) and if relevant your Payment ID (the long string of letters and numbers you received by email) for the purpose of providing you with customer supports (such as when you submit a ticket), or when you submit web forms on our Site, including opportunities to sign up for and agree to receive email communications from us. We also may ask you to submit such personal information if you choose to use interactive features of the Site.
- Log Files. Just as when you visit and interact with most websites and services delivered via the Internet, when you visit our Site, we gather certain information and store it in log files. This information may include but is not limited to Internet Protocol (IP) addresses, system configuration information, URLs of referring pages, and locale and language preferences.
3. How Do We Collect Personal Information?
We use the following methods of collection:
- We collect Non-Personal Information through your use of the Service and/or the transactions carried out in connection with the Service.In other words, when you are using the Service, including when you browse an Exchange, we may be aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below.
- We receive Personal Information from the Exchange. For example, when you return to an Exchange, such Exchange may provide us with your contact information (such as name, address and date of birth), as well as usage information regarding your previous visits to its website(s) (for example, the User’s balance, previous logins and previous transactions).
- We collect Non-Personal Information and Personal Information through publicly available sources.For example, we collect certain information about you through your publicly available SN Account(s) information, publicly available credit card blacklists and official limited bank account lists, and other online public information.
- We obtain Personal Information from third-party services.For example, we use third-party services to receive and enhance the User’s information.
- We collect Personal Information which you provide us voluntarily.For example, we collect Personal Information required to use the Service by completing the registration form, the onboarding process (if you register as a Customer) and/or contacting us directly.
We store the Personal Information either independently or through the help of our authorized third-party service providers as detailed below.
4. What are the Purposes of the Collection of Information?
We collect Non-Personal Information and Personal Information in order to:
- Provide and operate the Service, including for risk analysis, billing, and other aspects relating to carrying out the transactions performed by the Users (such as identity authentication, payment processing, and charge-backs);
- Analytics, statistical and research purposes;
- Detect, prevent, or otherwise address fraud, security or technical issues (such as identity theft or financial fraud);
- Meet our regulatory requirements, such as Know Your Customer (“KYC”) and Anti-Money Laundering (“AML”) regulatory requirements.
- To perform due diligence and other screening activities in accordance with our legal or regulatory obligations and risk management procedures which are carried out in our own legitimate interest or the public interest; this includes conducting identity verification and fraud prevention, including checks related to the source of funds or income, PEP, sanctions and adverse media checks.
- Enable us to further develop, customize and improve the Service based on Users’ common preferences and uses, including simplifying the onboarding process to the Service
- Create and provide our business partners and affiliates with aggregated statistical data;
- Direct marketing purposes – we may use the contact details you provided us to send you promotional offers or communications; you may withdraw your consent via sending a written notice to Simplex by email to the following address: email@example.com or on the same manner as the advertising was transmitted to you (e.g. via phone text message), or by following the un-subscription instructions on the promotional offer or communication.
- Respond to User’s support requests;
- Satisfy any applicable law, regulation, legal process, subpoena or governmental requests;
- Enable us to provide our Users with a better user experience, with more relevant Content, features, and functionalities, and with technical assistance and support; and
- Protect the rights, property, or personal safety of Simplex, any of its Users, or the general public;
- We may also process your information as part of our customer authentication process, that employs the 3D Secure 2.0, which is a secured authentication protocol allowing issuing banks to verify credit card owners during the transaction process, and enabling us to ensure compliance with regulatory requirements and combat online fraud. This information includes your contact information, your payment information (including your credit card number and billing address), your IP address, the amount and currency of purchase, your browser information and additional information.
- Abide by any applicable law.
5. What are the Conditions for Processing of Personal Information?
We will process your Personal Information for a variety of reasons, each of which is prescribed by relevant data protection laws.
- Fulfillment of a contract, compliance with a legal obligation – it is necessary for us to process your Personal Information where it is necessary for the performance of a contract (such as for the TOU) or in order for us to comply with our various legal and/or regulatory responsibilities, including, but not limited to, complying with any AML and KYC legislation).
- Legitimate interests – we also process your Personal Information where we deem such processing to be in our (or a third party’s) legitimate interests and provided always that such processing will not prejudice your interests, rights and freedoms. Examples of us processing in accordance with legitimate interests would include: (i) where we disclose your Personal Information to any one or more of our associate/subsidiary companies following a restructure or for internal administrative purposes; (ii) processing for the purposes of ensuring network and information security, including preventing unauthorized access to our electronic communications network; (iii) safeguarding the integrity of our Service by combating, reporting and sharing information related to fraudulent activities; (iv) adhering to regulatory and statutory requirements; (v) sharing personal information with our advisers and professional services providers (such as auditors) for ensuring our compliance with regulatory requirements and industry best practices.
- Consent – our processing of your Personal Information will primarily be necessary for us to provide you with the Service. However, on certain occasions we may ask for your consent to processing Personal Information. In these instances your Personal Information will be processed in accordance with such consent and you will be able to withdraw this consent in writing at any time.
- Special Categories of Personal Data– our processing of your Personal Information may also involve special categories of personal data, such as your racial or ethnic origin (as defined under Article 9 of the GDPR). We will process such information, as well as disclose it to competent authorities (such as law enforcement bodies), where it is necessary for the following purposes (to the extent permissible by applicable law): (i) prevention or detection of an unlawful acts, (ii) safeguarding your (or others’) economic well-being.
6. Sharing Information with Third Parties
Simplex discloses Personal Information in the following cases:
- With our commercial partners (as applicable), including the merchants and operators of the Exchanges;
- With acquiring and card issuing banks;
- With third-party authentication vendors (such as identity verification, customer authentication and due diligence vendors), partner risk screening providers (such as Refinitiv, Privacy Statement can be found here) and other data sources (such as geo-location services), in accordance with our legal or regulatory obligations and risk management procedures which are carried out in our legitimate interest or the public interest;
- With our service providers (such as cloud computing companies, including payment processors, banking platforms and currency clouds, and marketing platforms);
- In order to fulfill the purposes stated above, including to satisfy any applicable law, regulation, legal process, subpoena or governmental request;
- In order to respond to claims that any content available on the Service violates the rights of third-parties;
- When Simplex or any of its affiliates is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of its assets.
For more information about the transfer of your personal data outside of the EEA, please contact us at firstname.lastname@example.org.
7. Retention of Personal Information
If you have registered with an account through our Service, Simplex will retain your Personal Information during the period your account is active. In addition, Simplex will retain your Personal Information for additional periods, as necessary to enable Simplex to meet its legal obligations under applicable laws or regulations, such as the applicable financial regulations, KYC and AML regulations, as well as to meet Simplex’ contractual obligations.
In addition, Simplex may retain Personal Information for longer periods, provided that retaining such information is strictly necessary for Simplex’ legitimate interests, such as fraud prevention and record keeping, enforcing its policies, resolving or exercising claims regarding potential disputes, and where Simplex is guided to do so by the applicable regulatory authority.
To use the Service, you must be over the age of eighteen (18). Simplex does not knowingly collect Personal Information from children under the age of eighteen (18) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of eighteen (18) are not using the Service. In the event that it comes to our knowledge that a person under the age of eighteen (18) is using the Service, we will prohibit and block such User from accessing the Service and will take appropriate measures to prevent that User from making use of our Service.
9. Tracking Technologies
When you access or use the Service, we may use (and authorize third parties to use) industry-wide technologies such as cookies or similar technologies, including web beacons, pixel tags, scripts, tags and other technologies that store certain information on your computer (“Local Storage”) and which will allow us to enable automatic activation of certain features, and make your Service experience much more convenient and effortless (collectively “Tracking Technologies”). These Tracking Technologies allow us and third parties to automatically collect information about you (such as your IP address, device unique identifiers and your online behavior), in order to enhance your navigation on our Site, improve our Site’s performance and customize your experience on our Site, as well as for advertising and fraud prevention purposes. We also use this information to collect statistics about the usage of our Site, perform analytics, deliver content which is tailored to your interests
10. Your Rights
You may contact us at any time at email@example.com, and request:
- To access (including asking for supplementary information), delete, change or update any Personal Information relating to you (for example, if you believe that your personal information is incorrect, you may ask to have it corrected or deleted);
- That we will restrict or cease any further use of your Personal Information;
- That we will provide the Personal Information you volunteered to us in a machine-readable format.
- To withdraw your consent to our processing activities (provided that such processing activities rely on your consent, and not on a different legal basis);
- To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where such processing is necessary for the performance of the contract between you and us, or it is based on your explicit consent, as provided hereunder.
Please note that these rights are not absolute and requests are subject to any applicable legal requirements, including legal and ethical reporting or document retention obligations (such as KYC and AML regulations).
If you have any general questions about the Personal Information that we collect about you, how we use it, please contact us at firstname.lastname@example.org.
We take a great care in implementing and maintaining the security of the Service and safeguarding any Personal Information we process. The Personal Information is hosted on Amazon Web Services and Google Cloud Services, which provides advanced security features. Simplex employs industry standard procedures and policies to ensure the safety of its Users’ Personal Information, and prevent unauthorized use of any such information. In addition, in order to safeguard the privacy expectation of the Users, Simplex is Payment Card Industry Data Security Standards (“PCI DSS”) certified. Please note that while we take reasonable measures to safeguard your personal data, we cannot fully guarantee its security.
12. Third Party Websites
14. Have any questions?
4 Ariel Sharon St.
You can also reach us through our EU representative:
Simplex Payment Services, UAB
Antakalnio g. 17,
Attn: Data Protection Officer
We will make an effort to reply within a reasonable timeframe. Please feel free to reach out to us at any time. If you are unsatisfied with our response, you can reach out to the applicable data protection authority:
The State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija in Lithuanian, website available at https://vdai.lrv.lt/)
Address: A. Juozapavičiaus str. 6
LT-09310 Vilnius Lithuania
T +370 5 279 1445
F +370 5 261 9494