The Company provides Services to individuals as well as to legal entities and may act both as Data Controller and Data Processor.
1. INFORMATION COLLECTED BY THE COMPANY
A.1. Information that is necessary for the use of the Services, including any information necessary to provide paid Services and payments:
- Account Information. The information on the created account at the Company’s Website or Services platform, including first name, last name and e-mail address.
- Phone information. A correct and valid phone number of a User is necessary to provide the Services and contact in urgent questions.
- Identity Verification Information. The Company may collect identity verification information (such as images of a User’s passport, national ID card or other authentication information) if required by the Applicable laws.
- Payment and billing Information. To use certain features of the Services (paid Services) the Company requires a User’s financial information (bank account, credit card, e-wallet information and requisites of any other payment method used by a User to accept payments,) in order to facilitate the processing of payment. The Company may also require to provide with filled tax forms to fulfill its fiscal obligations if it is required by the Applicable laws.
- Information provided by a User while obtaining help and support. This may include (but not limited to) the contact information, and subject of a request and all following clarifications and details which are necessary for the adequate performance of the obligations.
The Company may retain and store the above information until termination by a User of use of Services and the User Account, unless it is necessary to comply with the Offegate’s legal obligations, to resolve disputes, to enforce the Company’s agreements, to support business operations and to continue to develop and improve the Services.
A.2. Additional User’s information, received and processed upon a User’s consent, including:
- Additional Profile Information. This may be a User’s job and job title, name of User’s employer, position, phone number.
- Other Information. This may be the information posted and published by a User at the Website and made open to wide public by means of the Website. The User acknowledges and agrees that such information provided would be visible to the others and the Company bears no responsibility in relation to disclosure of such information.
(B) Automatically collected information.
The Company Website and software automatically collects information, including personal information, about the services used by a User and on how the Services were used. This information is necessary for the adequate performance of the obligations of the Company.
A.1. Device and Connection Information. The Company collects information about a User’s devices - a computer or other devices used to access the Services. This device information includes connection type and settings, operating system, browser type, IP address, URLs of referring/exit pages.
A.3. Payment Information. The Company may collect information related to a User’s payment methods, instruments and transactions through the Services, including the name, type of payment instrument used, date and time, payment amount, tax amount, credit card number, credit card expiration date, card holder name (if provided), card verification value/code and billing details: first name, last name, phone, address, country, state, city, postal code, e-wallet ID, and other details connected with transactions.
A.4. Third-Party Widgets. Some of the Services may contain widgets and social media features, which may be activated and used only by a User’s sole discretion, but if activated and used, the User agrees that the Company may obtain and use the User’s information through these widgets.
2. THE USAGE OF COLLECTED INFORMATION
The Company uses, stores, and processes the collected information, including personal information, to provide, improve, and develop the Website and Services, create and maintain a trusted and safer environment and comply with Applicable laws regulations.
(A) To provide, improve, and develop the Website and Services.
A.1. Enable a User to access and use the Website and Services.
A.2. Operate, protect, improve, and optimize the Services and experience, such as by performing analytics and conducting research.
A.3. Provide customer service: to resolve technical issues, to respond to a User’s requests for assistance, to analyze crash information, and to repair and improve the Services.
A.4. Send service or support messages, updates, security alerts, and account notifications,
A.5. For fraud detection and prevention and for prohibited use prevention,
A.6. For detection and prevention of infringements and violations of the Company Terms and Conditions and to prevent harm or damage to the Website or Services.
(B) To create and maintain a trusted and safer environment.
B.1. Detect and prevent fraud, spam, abuse, security incidents, and other harmful activity.
B.2. Conduct security investigations and risk assessments.
B.3. Verify or authenticate information or identifications provided by a User (such as to verify your ID).
B.4. Comply with Applicable laws.
B.5. Resolve any disputes and enforce the agreements with third parties service providers.
B.6. Enforce the Company Terms and Conditions and other policies.
(C) To provide, personalize, and improve the Company’s advertising and marketing.
C.1. Send promotional messages, marketing, advertising, and other information that may be interested to a User.
C.2. Personalize, measure, and improve the Company’s advertising.
A User always able to opt-out the collection of information mentioned in provision (C) by changing notification settings within the User Account.
(D) To provide and secure Paid Services.
D.1. Enable a User to access and use the paid Services.
D.2. Enable a User to receive due payments derived from the use of Services.
D.3. Detect and prevent fraud, abuse, security incidents, and other harmful activity.
D.4. Conduct security investigations and risk assessments.
D.5. Comply with legal obligations (such as anti-money laundering regulations).
D.6. Enforce payment policies.
3. DISCLOSURE OF INFORMATION AND ITS TRANSFER TO A THIRD PARTY
The Company collects information globally and stores that information in the EU. The Company may transfer, process and store a User’s information outside of User’s country of residence, to wherever the Company or its third-party service providers operate for the purpose of providing the Services.
The information may be disclosed and/or transferred to a third party as follows:
(A) Under a clear written consent of a User
The clear consent of a User is when a User knowingly and reasonably agrees with disclosure and/or transfer of a User’s information and notifies the Company on this in written. The written consent also means in a form of e-mail or message by means of a User Account or by marking a relative checkbox opposite to a phrase indicating the fully expressed consent.
(B) To a third party service provider
The Company uses a variety of third party service providers to help to provide Services including paid Services. Service providers may be located inside or outside of the European Economic Area ("EEA") like Russia, Ukraine and North America. Third party service providers may:
- conduct background or police checks, fraud prevention, and risk assessment,
- perform product development, maintenance and debugging,
- allow the provision of the Services through third party platforms and software tools (e.g. through the integration with the Company’s APIs), or
- provide customer service, advertising, or payments services.
The third party service provider may need a User’s information to be able to provide its integrated services through the Company’s Website or Services, or when the Services include the services of third parties service providers, i. e. payment and transaction processing services etc.
(C) In order to comply with the law, respond to legal requests, prevent harm and protect our rights.
The Company may disclose your information, including personal information, to courts, law enforcement or governmental authorities, or authorized third parties, if and to the extent the Company is required or permitted to do so by law or if such disclosure is reasonably necessary:
- comply with any legal obligations,
- to comply with legal process,
- to respond to verified requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability,
- to protect the rights, property or personal safety of The Company, its employees, or members of the public.
Where appropriate, the Company may notify a User about legal requests unless:
- providing notice is prohibited by the legal process itself, by court order, or by applicable law, or
- the Company believe that providing notice would be ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon The Company’s property, its users and the Services. In instances where the Company complies with legal requests without notice for these reasons, the Company will attempt to notify a User if / whenever it is possible.
(D) Corporate affiliates.
If a User’s information provided to the Company, this also means it was provided to any of the Company affiliates which are legally bound to keep it undisclosed by the privacy policies similar to the present.
(E) Social networking websites.
A limited personal User information may be collected and used to generate leads, drive traffic to websites and to promote the Company products or Services. The social network websites are not controlled or supervised by the Company, therefore, any questions regarding usage of social network websites service and processing of a User’s information should be directed to such social network owner or data processor and operator.
(F) Aggregated data
The Company may produce an aggregated anonymized data as a result of its own analysis and comparative researches of the information collected and stored on Users and Services, but without any possibility to trade with certain User’s personal information. All data under this provision is processed and dealt with in an anonymized mode.
(G) Analyzed communications.
The Company retains right to review, scan, or analyze User’s communications on the Services for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research, and customer support purposes. These activities are carried out based on the Company’s legitimate interest in ensuring compliance with Applicable laws and the Company’s Terms and Conditions.
4. USER’S RIGHTS
A User is able to use any of the rights described hereunder by sending an e-mail to email@example.com or by changing the privacy settings in a User Account.
(A) Managing information.
The User updates and changes a User information in a User Account. Any inaccurate or incorrect information may also be changed by forwarding of a related request to the Company’s e-mail indicated at the Company’s site.
(B) Data access and portability.
A User has right to obtain a copy of full information collected and stored by the Company and related solely to this User. This request shall be executed in a format which is technically available at the date of execution of the request.
(C) Data retention and erasure.
The Ofergate retains a User personal information for as long as is necessary for the performance of the Services and to comply with the Company’s legal obligations. A User can at any time request to erase this User’s personal information and terminate this User’s Account. In this case this User’s information will be erased as soon as possible and may not be kept and stored longer as reasonably necessary to terminate the relations or to provide the fulfillment of the Company’s obligations.
(D) Withdrawing consent and restriction of processing.
A User may withdraw User’s consent to collect, store and process User’s information at any time by changing the User’s Account settings or by sending a notification to the Company specifying which consent is withdrawn. The withdrawal of a User’s consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. In some jurisdictions, applicable law may provide the right to limit the ways of use of User’s personal information, in particular where
- a User contests the accuracy of a User’s personal information;
- the processing is unlawful and a User opposes the erasure of personal information;
- the Company no longer needs a User’s personal information for the purposes of the processing, but a User requires the information for the establishment, exercise or defense of legal claims.
(E) Objection to processing.
If it is applicable under the legislation in User’s jurisdiction, a User you may require the Company not to process a User’s personal information for certain specific purposes (including profiling) where such processing is based on legitimate interest.
The Company continuously implementing and updating privacy and security measures to prevent unauthorized disclosure, transfer or processing of User’s information, which may be as follows:
(A) Limited access to the production database at the network level
(B) Limited access to the production database at the process/users level
(C) Password policy for access to the production database
(D) Data transfer encryption
(E) Data encryption in the database (for card data and authentication credentials)
(F) WAF (Web Application Firewall)
(G) DDoS protection
(H) Internal password change policies
(I) PCI DSS compliance
(J) Logging of actions and log analysis
(K) Antiviruses on admins workstations
If a User knows or supposes that his or her Personal Data have been lost, stolen, misappropriated, or otherwise compromised or in case of any actual or suspected unauthorized use of a User’s information or a User’s Account, a User shall immediately contact the Company by e-mail at firstname.lastname@example.org
The Services are not directed to individuals under the capable age. The Company does not enter legally binding agreements with persons under the capable age. If the Company becomes aware that a person under a capable age provided the Company with personal information, such information would be immediately deleted.
Publishing and effective date: 10.09.2018