Effective Date: 6 September 2019
We are thoughtful about the personal data that our users provide us with or the personal data that we collect when users use our Services
address at Rävala pst 5, Kesklinna linnaosa, Tallinn, Harju maakond, 10143 (“FlashXchanger”, “we” or “us”).
same meanings as in the Terms.
What is Personal Data?
Data Protection Regulations. The Estonian Personal Data Protection Act defines “personal data” as any data concerning an identitied or
identifiable natural person, regardless of the form or format in which such data exists.
Personal Data That We Collect
FlashXchanger collects personal data if we have reasons to do so. For example, we collect personal data, when you:
- visit and browse our Website;
- use our Services;
- fill in registration and other forms;
- provide information during KYC/AML verification;
- send us an email with personal data;
- contact us with any enquiries;
- chat with our customer support on the Website or via email;
- conduct any transaction on the Website;
- submit any content, including User Content;
- open a dispute or become a party to a dispute with other User;
- provide any information to FlashXchanger using other methods;
- subscribe or unsubscribe to our newsletters.
As a result, FlashXchanger collects the following personal data:
- information provided by the user during account registration, including, user name, name and surname, phone number, postal address
and email address;
- your ID/passport and other documents necessary for AML/KYC verification;
- financial information, including, without limitation, payment method, bank account details, transaction details, etc;
- information that you provide to FlashXchanger and/or our employees;
- any other personal data which you directly provide to FlashXchanger; and
- any other personal data requested or required by the Website.
We also collect some information automatically:
- the type of browser and operating system you have used;
- the IP (Internet Protocol) address of the device which has accessed it (example PC, tablet);
- the date and time of your visit to the Website;
- the pages accessed and documents downloaded;
- your top-level domain name (for example .com, .io, .eu, etc.);
- the address of your server;
- the previous website visited;
- the average duration of page view;
- the navigation behaviour and preferences of the user;
- other information from cookies and similar technologies.
How and Why We Use Personal Data
Personal data will be collected, held, used and disclosed for the following purposes jointly and/or severally:
- to provide you with Services;
- to identify you;
- to further develop and improve our Services;
- to monitor and analyse trends and better understand how users interact with our Services;
- to communicate with you and keep you updated about our Services;
- to monitor and prevent any risks with our Services;
- to process any requests;
- to resolve disputes;
- to the extent permissible or necessary by law, for any other purpose as may be deemed reasonably necessary by FlashXchanger
in the circumstances.
What Are the Legal Grounds for Collecting and Using Personal Data?
FlashXchanger collects and uses personal data under Estonian and EU data protection laws. The legal grounds for use and collection of
personal data are based on the following:
- when you have given consent (e.g. for newsletter subscription);
- the use is necessary for protection of your or other users’ vital interests;
- the use is necessary under a legal obligation;
- when we use our personal data in order to fulfil our commitments to you;
- when we have legitimate interests in using your information (e.g. to provide you with the Services, improve our Services, communicate
with you, monitor and prevent any problems).
Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we
rely on legitimate interests, you have the right to object.
FlashXchanger does not knowingly provide Services and collect personal information from anyone under 18 years of age. Our Services are
available only to the users over 18 years old. If we learn that we have collected the personal information of a child under 13, or equivalent
minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible.
Sharing your Personal Data
We do not sell our users’ personal data or share your personal data with any third parties except for the purpose of provision of the Services.
When we provide you with the Services, we may share your personal data as described below.
FlashXchanger may share your information with:
- our employees and independent contractors who reasonably need to access your personal data to deliver some Services;
- legal and regulatory authorities, as required by applicable laws and regulations;
- our auditors, lawyers, accountants, consultants and other professional advisors, where it is reasonably necessary for obtaining advice,
professional services, or managing legal disputes;
- business transfers in connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another
that we do not employ or manage.
We do not collect or request your sensitive data (including, but not limited to, information about your religious or political beliefs, opinions).
Where you have provided it to us voluntarily, you shall be solely responsible for security of any sensitive data, and we do not intend to use this
data for any purpose, nor share this data with any third parties. Please do not post or add sensitive and other personal data that you would
not want to be publicly available.
Users’ Rights in relation to its Personal Data
You may access your personal data held by us to correct, update and remove inaccurate or incorrect data. You have the following rights:
- delete some or all personal data that we held about you;
- change or correct your personal data that we held about you;
- object to, or limit or restrict, use of your personal data;
- right to access and/or take your personal data: you can ask us for a copy of your personal information in machine readable form;
- ask not to use your personal data for marketing purposes;
- access information we hold about you.
Security of Personal Data
We use certain technologies to ensure the confidentiality of your personal data. FlashXchanger uses several security measures, including,
without limitation, SSL method, two-faction authentication, PCI scanning and internal data access restrictions to protect your personal data.
However, no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially
acceptable means to protect your personal data, we cannot guarantee absolute security of your personal data.
We process information both inside and outside of the European Union and European Economic Area and rely on legally-provided
mechanisms to lawfully transfer information across borders. Countries where we process information may have laws which are different, and
potentially not as protective, as the laws of your own country.
We retain your personal data for as long as your account is in existence or necessary to fulfil the purposes for which we collect it or as
needed to provide you with the services, except if required otherwise by law. However, when your account is terminated for any reason, we
will delete your personal information entirely.
In some cases we may determine the period of data retention based on the period we need to access the data for the provision of services,
receiving payment, resolving your customer support issues or for any other auditing or legal purposes.
Retention periods may be changed from time to time based on regulatory requirements.
The email notifications sent by FlashXchanger are of two types:
- system notification sent by the Website via email (examples of such emails may include registration confirmation, verification emails,
or any other emails that are required to operate your account);
- product and service notifications that you directly subscribed to.
It should be noted that you may not unsubscribe from system notification emails as these emails contain important user information and are
sent for your legitimate interests. You may unsubscribe from product and service notifications any time by visiting an opt-out page. Such
notifications contain information about our Website updates, new services and products added as well as other notifications for information
will send you an email notification to alert you about such changes.
Data Controller Person
To communicate with our Data Protection Officer, please contact us at [email protected] Please put “DPO” in the subject of your email.
FlashXchanger OU Ravals pulesee 5
Tallin Harju Maakend 10143 Estonia
FlashXchanger OU has an operating license issued by Politsei- ja Piirivalveamet for Financial services, Providing services of exchanging a virtual currency against a fiat currency under the Number FVR000830.
FlashXchanger OU has also an operating license for Financial services, Providing a virtual currency wallet service under the number FRK000726 issued by the same Estonian entity.
Copyright © 2019 FLASHXCHANGER