I. GENERAL PROVISIONS
- Era Finance Ltd. (private limited company, company code C 92740, registered at 29/14, Vincenti Buildings, Strait Street, Valletta VLT 1432, Malta) (the “Company“ or “we“) administrates https://bankera.com (the “Website" or the “Platform”) and offers Bankera account (the “Bankera account”) and other services (all together hereinafter the “Services“) available through the Platform.
- This Policy explains how your personal data is being processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR“) and other applicable laws.
- The Company takes all the necessary measures to protect your personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. This includes legal, organizational, technical, and physical security measures.
- By using this Website and the Services you confirm you have read, understood and agree with this Policy and other privacy policies you may find hereinafter in this Policy. The Company reserves the right to make changes to this Policy. An up-to-date version of the Policy is posted on the Website.
II. PERSONAL DATA MANAGEMENT PRINCIPLES
- The Company undertakes to ensure your personal data is:
- processed lawfully, fairly, and in a transparent manner in relation to you;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date;
- kept in a form which permits your identification for no longer than it is necessary for the purposes for which the personal data are processed;
- processed in a manner that ensures appropriate security of your personal data.
- The Company follows the above indicated principles strictly during the processing of your personal data and request the same from the data processors which it may use to process personal data on behalf of the Company.
III. LAWFULNESS OF PERSONAL DATA PROCESSING
- Your personal data will be processed if:
- you have given a consent to the processing of your personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which we are subject;
- processing is necessary for the purposes of the legitimate interests pursued by us or the third party.
IV. PURPOSES FOR WHICH YOUR PERSONAL DATA IS BEING PROCESSED
- Direct marketing. We process your data for this purpose in order to provide you the news about our launch and, once we launched, in order to update you on our offered Services and proposals, but only if you have specifically expressed your will to receive such newsletters. You have a right not to consent to direct marketing or revoke your present consent at any time by clicking on the withdrawal link provided in the received newsletters or by sending us a request at the contacts provided in the Platform.
- Support services. We process your personal data for this purpose in order to be able to answer the inquiries you sent us and talk with you via chat or “Contact us” form available on our Platform.
- Proper and secure operation of the Platform. We process your personal data for this purpose in order to ensure smooth and secure operation of the Platform.
V. METHODS HOW YOUR PERSONAL DATA IS BEING COLLECTED
- The Company collects your personal data directly from you or from the third parties when:
- you subscribe for newsletters;
- you request Services support;
- you use or view the Platform.
VI. CATEGORIES OF THE PROCESSED PERSONAL DATA
- The scope of your personal data indicated below which could be requested by the Company and further processed in order to provide the Services for the purposes indicated in article 4 of this Policy may vary depending on the type of Services chosen particularly by you and Company‘s applied procedures to execute it, as well as, legal requirements applied for such provision of Services in order to prevent possible risks and various crimes.
- In order to provide the Services, we may process your personal data categories, such as (including but not limited):
- General data: first name, last name;
- Contact data: e-mail;
- Communication data: correspondence, chats, date, time;
- History data: your experience using the Website, the register of all timestamped your actions performed on the Platform (i.e., your separately expressed consents for personal data processing such as consent for direct marketing);
- Information related to electronic devices: IP address(es), time zone, time, data, browser information, electronic device‘s operational system information, location data (country (code), city), internet service provider (ISP), selected language.
VII. PERSONAL DATA RECIPIENTS
- Your personal data indicated in article 6 of this Policy may be provided by the Company itself or upon respective request to the below indicated categories of personal data recipients:
- service providers, i.e. marketing service providers, IT service providers;
- other service providers which services may include, or which are engaged in personal data processing executed by the Company.
- Personal data may also be provided to other recipients if:
- the Company has to comply with a legal obligation to which it is a subject; or
- such requested personal data is necessary for the concrete data recipient to carry out a particular inquiry in the general interest, in accordance with European Union or Member State law; or
- the data requesting party has a legitimate interest to request for such information.
- In general, Company process your personal data within European Union (“EU”) or European Economic Area (“EEA”), however, there might be some cases when the Company cooperates with the recipients outside EU or EEA. In such cases the Company makes all reasonable efforts to ensure that at least one of the following GDPR requirements is complied:
- the recipient is located in the territory which is acknowledged by the European Commission as ensuring the adequate level of personal data protection;
- the recipient is in the United States of America and has been certified under Privacy Shield Framework;
- the Company and the recipient have concluded the agreement with the standard terms and conditions regarding personal data security which were approved by the European Commission;
- the Codes of conduct or other security measures under GDPR has been complied.
VIII. PERSONAL DATA STORAGE
- The Company processes personal data so that it could achieve the purposes indicated in article 4 of this Policy.
- In order to set the below indicated data retention periods the Company has referred to the legal acts and public recommendations applicable in Europe Union and locally such as compliance with legit limitation periods, as well as current business practice.
- Depending of the category of personal data and the purpose it is being processed your data retention periods applied within the Company as it is required by the law or business practice to ensure smooth delivery of the Services are:
- for the purpose of direct marketing regarding the news of our launch your personal data will be processed as long as the news regarding our launch would be relevant, but not longer than 2 years, counted from the moment you expressed your consent to such processing by entering your e-mail in the Website‘s field, except in cases in which you decided to revoke your consent earlier; in case you expressed your consent for direct marketing in order to receive up-to-date news about Services and proposals once we launched, your personal data will be processed for 3 years, counted from the moment you expressed your consent to such processing, except in cases in which you decided to revoke your consent earlier;
- for the purpose of provisions of support services your enquiries together with your provided personal data will be processed for 3 years since the conclusions of the executed correspondence.
- for the purposes of proper and secure operation of the Platform we process your personal data throughout the term we support the Platform.
- Upon the end of the retention periods, indicated above, your personal data is erased. However, the aforementioned time limits may be additionally extended if a competent authority conducts an investigation and the further data processing is necessary to execute it or the data processing is necessary based on other legit reasons.
IX. INFORMATION SECURITY
- The Company takes various security ensuring technologies and procedures in order to protect your personal data against unauthorised or unlawful processing, accidental loss, misuse, unauthorized access, illegal usage, destruction, disclosure, damage and etc. This includes legal, organisational, technical, and physical security measures, such as latest security systems, ability to detect cyber security attacks and other threats to the integrity of the Platform. However, no transmission of information via e-mail or other telecommunication channels or your access to the Platform or the Services through the internet could be fully secured. Therefore, you should take due care when you are accessing the Platform or using the Services via internet or sharing confidential information via e-mail or other telecommunication channels.
- Cookies are small information files found in the Platform you visit and stored in your computer or mobile device. In order to get to know more about cookies, please read Cookies Policy available on the Platform.
XI. YOUR RIGHTS REGARDING THE PROCESSING OF YOUR PERSONAL DATA
- You have certain legal rights in relation to the processing of your personal data, including:
- the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information regarding its processing;
- the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, taking into account the purpose of the processing, the right to have incomplete personal information completed;
- the right to obtain from us the erasure of personal data concerning you without undue delay if one of the grounds set out in article 17 of the GDPR applies;
- the right to obtain from us restriction of processing where one of the grounds set out in article 18 of the GDPR applies;
- the right to data portability in accordance with article 20 of the GDPR;
- the right to object at any time to processing of your personal data in accordance with article 21 of the GDPR;
- the right not to be subject to an automated individual decision-making, including profiling in accordance with article 22 of the GDPR.
- This Policy does not deprive you of any other legal rights you may enforce under the applicable law.
- You may exercise your rights by sending us a request via e-mail: [email protected].
- You may exercise your rights only after the Company has successfully identified you. If the Company is not sure about the identity of the person sending data request, the Company may not provide the requested information to him / her, unless the identity is confirmed. Therefore, if you are sending a request via e-mail, kindly ask you to attach a certified copy of your ID document. In addition, the Company keeps the right to decide the other or additional legitimate means of identification proof that should be requested, such as a selfie with your ID document, video or voice call, or any other additional document which could let to determine your identity.
- You may be provided with information related to the exercise of your rights free of charge. However, your request for the exercise of rights may be waived or may be subject to an appropriate fee if the request is manifestly unfounded or excessive, in particular, because of their repetitive character.
- The Company shall provide you with information on the actions taken upon receipt of your request for the exercise of your rights or the reasons for the inaction no later than within 1 month from the receipt of the request. The period for submitting the requested information may be extended, if necessary, for a further 2 months, depending on the complexity and number of requests. When you submit the request by electronic means, the information shall also be provided by electronic means.
- If you consider that your personal data is being processed in violation of your rights and legitimate interests in accordance with applicable law, you shall have the right to file a complaint against the processing of Personal Data to the State Data Protection Inspectorate.
XII. YOUR RESPONSIBILITIES
- You confirm that you have provided correct data about yourself in every required form and that afterward when changing or adding any data at the Website, you will enter only correct data. The Company will not tolerate invalid, false or otherwise incorrect data and will pursue actions in accordance with its legal obligations. You shall bear any losses that occur with regard to the submission of invalid, false or otherwise incorrect data.
- You are responsible for maintaining adequate security and control of every data you use on the Website. If you have not complied with this obligation and / or could, but have not prevented it and / or performed it on purpose or due to own negligence, you assume the losses and undertake to reimburse the losses of other persons incurred as a result of your (in)action.
- The Company draws your attention to the fact that e-mail address and any other contact information you have chosen to provide are used for your identification and communication. You undertake the responsibility to protect these instruments and logins to them. You are responsible for password disclosure and for all operations performed after you use the password for a relevant account. We recommend memorizing your passwords and not to write them down or enter anywhere where they may be seen by other persons.
- If you have any questions regarding this Policy or your personal data protection or if you want to withdraw your consent, or execute your rights you may contact us via e-mail [email protected].
XIV. FINAL PROVISIONS
- This Policy shall be viewed and applied in accordance with the laws of the Republic of Malta.
- The Company may change, amend, delete any of the provisions contained in this Policy at any time and in its sole discretion. Any such changes will be effective upon the posting of the revised Policy and you are solely responsible for reviewing it. Your continued use of the Website and Services following any such revisions to the Policy will constitute your acceptance of such changes. If you do not agree to any of such changes, do not continue to use our Services.
- Company’s Website and products may contain links to third-party sites. These third-party websites apply their own privacy policies. If you visit these websites, you will be covered by their respective policies.