Personal Data Collected
- We collect the following types of information:
- Full name, date of birth, age, nationality, gender, signature, utility bills, photographs, phone number, home address, and/or email.
- Tax/ other ID number, passport number, driver’s license details, national identity card details, photograph identification cards, and/or visa information.
- Bank account information, payment card primary account number (PAN), transaction history, trading data, and/or tax identification.
- Information on whether you hold a prominent public function (PEP).
- Information about the transactions you make on our services, such as the name of the recipient, your name, the amount, and/or timestamp.
- Office location, job title, and/or description of role.
- Information we collect about you automatically.
- Location Information – Information that is automatically collected via analytics systems providers to determine your location, including your IP address and/or domain name and any external page that referred you to us, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform;
- Log Information – Information that is generated by your use of the Services that is automatically collected and stored in our server logs. This may include, but is not limited to, device-specific information, location information, system activity and any internal and external information related to pages that you visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website or App (including date and time; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
- From time to time, we may obtain information about you from our affiliates or third-party sources as required or permitted by applicable law. These sources may include:
- Public Databases and ID Verification Partners: We obtain information about you from public databases and ID verification partners for purposes of verifying your identity in accordance with applicable law. ID verification partners like Onfido use a combination of government records and publicly available information about you to verify your identity. Such information may include your name, address, job role, public employment profile, credit history, status on any sanctions lists maintained by public authorities, and other relevant data. We obtain such information to comply with our legal obligations. In some cases, we may process additional data about you to assess risk and ensure our Services are not used fraudulently or for other illicit activities. In such instances, processing is necessary for us to continue to perform our contractual obligations with you and others.
- Blockchain Data: We may analyse public blockchain data to ensure parties utilizing our Services are not engaged in illegal or prohibited activity under our Terms, and to analyse transaction trends for research and development purposes.
- Advertising Networks & Analytics Providers: We work with these providers to provide us with de-identified information about how you found our Sites and how you interact with the Sites and Services. This information may be collected prior to account creation.
- We only use your personal data where we have a legal basis to do so:
- Consent: For some processing activities, we require your prior consent. This applies for example to some of our direct marketing activities which fall under the scope of the GDPR and other Privacy rules. You may withdraw your consent at any time.
- Performance of a contract: Some personal data we process about you is for the performance of a contract to which you are a party or to take steps at your request before entering into a contract with us.
- Legal obligation: In most cases, we have to process your personal data to comply with legal obligations, including those applicable to financial services institutions, such as the Danish Anti-Money Laundering Act (in Danish: Hvidvaskloven).
How the Personal Data Is Used
- Our primary purpose in collecting personal information is to provide you with a secure, smooth, efficient, and customized experience. We generally use personal information to create, develop, operate, deliver, and improve our Services, content and advertising; and for loss prevention and anti-fraud purposes. We may use this information in the following ways:
- To maintain legal and regulatory compliance
- To enforce our terms in our user agreement and other agreements
- To detect and prevent fraud and/or funds loss
- To provide the Services
- To provide the Service communications
- To provide customer service
- To ensure quality control
- To ensure network and information security
- To enhance your experience
- For any purpose that you provide your consent.
Disclosure of Your Personal Data
Transfer of Personal Data Outside European Economic Area (Eea)
- We may transfer your personal information outside the EEA to other Kassio subsidiaries, service providers and business partners (i.e. Data Processors) who are engaged on our behalf. To the extent that we transfer your personal information outside of the EEA, we will ensure that the transfer is lawful and that Data Processors in third countries are obliged to comply with the European Union (EU) General Data Protection Act 2016.
- Safeguarding the privacy of your personal information is of utmost importance to us, whether you interact with us personally, by phone, by email, over the internet or any other electronic medium. We will hold personal information, for as long as we have a business relationship with you, in secure computer storage facilities, and we take the necessary measures to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure.
- When we consider that personal information is no longer necessary for the purpose for which it was collected, we will remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a significant period of time (after you cease being our user). For example, we are subject to certain anti-money laundering laws which require us to retain the following, for a period of 5 years after our business relationship with you has ended.
- A copy of the records we used in order to comply with our client due diligence obligations;
- Supporting evidence and records of transactions with you and your relationship with us.
- Also, the personal information we hold in the form of a recorded information, by telephone, electronically or otherwise, will be held in line with regulatory requirements (i.e. 5 years after our business relationship with you has ended or longer if you have legitimate interests (such as handling a dispute with you)).
- We may keep your data for longer than 5 years if we cannot delete if for legal, regulatory or technical reasons.
- You can delete cookies any time you want by using the settings in your web browser. You can also choose to disable cookies from your web browser, but this would mean that our website and other websites that you access may not function properly. If you do this, a potential result is that you may not be able to sign in. Further information on deleting or controlling cookies can be found at www.aboutcookies.org
- When we process your personal data, you have several rights under the General Data Protection Regulation.
- In general, you have a right of access to Kassio’s processing of your data. This means that you can ask us for information about our processing of your data and a copy of the data. You also have the right to have a copy of your personal data transmitted to another enterprise, where technically feasible.
- Also, you have a right to object to our processing of your data. If the situation should occur, we will decide whether we can meet your objection. If that is the case, we will no longer process the data in question.
- Finally, you have a right to have erased, blocked or rectified any data that turn out to be inaccurate or misleading or in a similar way have been processed in conflict with legislation.
- If you wish to make use of your rights under the Danish Act on Processing of Personal Data, please contact Kassio at firstname.lastname@example.org.
If you have questions about our processing of your personal information, you can contact us at email@example.com.
Complaints about our processing of your personal data, can be filed at The Danish Data Protection Agency.
You can contact The Danish Data Protection Agency from your digital mail box at borger.dk, by ordinary email to firstname.lastname@example.org or by ordinary post to The Danish Data Protection Agency, Borgergade 28, 5., 1300 Copenhagen K, Denmark.