Privacy Policy
1. INTRODUCTION
1.1. Astute Tech SIA, a limited liability company incorporated under the laws of Latvia (hence we, us, our, the Company), is a Fintech Software Technology Design and Advisory Services Firm.
1.2. By offering our services, we gather and utilize personal information (hereinafter – the Personal Data). Therefore, we are only permitted to use and process your Personal Data in accordance with this privacy policy (hereinafter - the Privacy Policy), applicable laws, including the General Data Protection Regulation (2016/679) (hereinafter - GDPR), and other applicable legal acts on the protection of personal data.
1.3. This Privacy Policy outlines the fundamental rules for collecting, storing, processing, and retaining your Personal Data and other information pertaining to you, as well as the scope of processed Personal Data, the purposes, sources, and recipients, as well as other essential aspects of data processing when using our services.
2. PRINCIPLES OF PROCESSING PERSONAL DATA
2.1. The following principles govern our compliance with the requirement to protect your Personal Data:
a. principle of legality, fairness and transparency – means that the Personal Data concerning you is processed in a lawful, honest and transparent way;
b. purpose limitation principle – means that the Personal Data is collected for specified, clearly defined, and legitimate purposes and shall not be further processed in a way that is incompatible with those purposes;
c. data reduction principle – means that the Personal Data must be adequate, appropriate and only necessary for the purposes for which it is processed;
d. accuracy principle – means that the Personal Data must be accurate and, if necessary, updated. All reasonable steps must be taken to ensure that Personal Data which is not precise about the purposes for which it is processed shall be immediately erased or corrected;
e. the principle of limitation of the length of the storage – means that the Personal Data shall be kept in such a way that your identity can be determined for no longer than is necessary for the purposes for which the Personal Data is processed;
f. integrity and confidentiality principle – means that the Personal Data shall be managed by applying appropriate technical or organizational measures to ensure the proper security of the Personal Data, including the protection from unauthorized processing or processing of unauthorized data against accidental loss, destruction or damage.
3. TYPES OF INFORMATION WE COLLECT
3.1. The categories of Personal data we may collect about you are as follows:
a. Basic Personal Data – name, surname, job title etc.
b. Identification information and other background verification data (your or your representativeʼs, ultimate beneficiary owner of legal entities) – name, surname, personal identity code, date of birth, address, nationality, gender, passport or ID card copy, evidence of beneficial ownership or the source of funds, number of shares held, voting rights or share capital part, title.
c. Transaction data – sender account details, date, time, amount and currency used, name/IP address of the sender, amount of transactions, income, location, etc.
d. Information related to legal requirements – data resulting from enquiries made by the authorities, data that enables us to perform anti-money laundering requirements and ensure compliance with international sanctions, including the purpose of the business relationship and whether you are a politically exposed person and other data that isrequired to be processed by us to comply with the legal obligation to “know your client.”
e. Contact Data – registered/actual residence, phone number, e-mail address etc.
4. PURPOSES AND LEGAL BASIS FOR PERSONAL DATA PROCESSING
4.1. We collect personal data for the purposes listed below:
a. Conclusion of the contract or for the performance of measures at your request before the conclusion of the contract (to get to know, identify and verify our clients). For this purpose, we may process your Basic Personal Data, Identification and other background verification Data, Contact Information and other Personal Data (to identify the possibility of providing services). The legal basis for the processing of the data mentioned above are the following:
● concluding a contract with you to fulfil our legitimate interests and/or the legal obligations applicable to us.
b. For the fulfilment of a contract concluded with you.
For this purpose, we may process your Basic Personal Data, Identification and other background verification Data, Transaction Data, Information related to legal requirements, Contact Information and other Personal Data provided to us by or on your behalf or generated by usin the course of providing services. The legal basis for the processing of the data mentioned above are the following:
● performance of a contract signed with you, fulfilling our or third parties’ legitimate interests and/or compliance with legal obligations applicable to us.
c. To comply with legal obligations.
For this purpose, we may process your Basic Personal Data, Identification and other background verification Data, Transaction Data, Information which is related to legal requirements, Contact Information and other Personal Data provided to us by or on behalf of you or generated by us in the course of providing services. The legal basis for the processing of the data mentioned above is the following:
● fulfilling our or third parties’ legitimate interests and/or compliance with legal obligations applicable to us.
d. To provide an answer when you contact us through our website or other communication measures.
For this purpose, we may process your Basic Personal Data, Contact Information and other Personal Data provided to us by or on your behalf. The legal basis for the processing of the data mentioned above is the following:
● your consent, fulfilling our or third-party legitimate interests.
4.2. What do we mean when we say:
a. Contract performance: processing your Personal Data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
b. Legitimate Interest: the interest of ours as a business in conducting and managing our services to enable us to provide you and offer the most secure experience;
c. Legal Obligation: processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
d. Direct marketing: we may use our existing clients’ email for similar goods or services marketing. In case you do not object to using your e-mail for the marketing of our similar goods and services and you are granted with clear, free of charge and easily realizable possibility to object or withdraw from such use of your contact details by sending each message.
4.3. In all other situations, we may use your Personal Data for direct marketing provided you have given us your prior permission consent.
4.4. We are permitted to offer you the services of our business partners or other third parties or to seek your opinion on various matters concerning our business partners or other third parties on the basis of your previous permission and consent. If you choose not to receive marketing messages and/or calls from us, our business partners, or third parties, this will not affect our ability to provide you with services.
4.5. We present you with a clear, no-cost, and easy-to-execute way to refuse or revoke your consent at any moment to receive our proposed emails. We will indicate in each email notice that you have the right to object to processing your Personal Data or to opt out of receiving alerts from us. You may opt out of receiving alerts from us by clicking the appropriate link in each email notification.
5. HOW DO WE RECEIVE YOUR PERSONAL DATA?
5.1. We collect the data that you directly provide to us. For instance, when acquiring a new customer (if you have entered into or seek to agree with us). By accessing and using our website, creating an account with us, and subscribing to our electronic publications, the Company gathers additional information from you, including any communications you submit to us (e.g. newsletters).
5.2. Personal Data that we may collect from third parties:
a. when it is provided to us by a third party which is connected to you and/or dealing with us, such as business partners, subcontractors, service providers, merchants, etc.;
b. third party sources, such as registers held by governmental agencies or where we collect information about you to assist with "know your client" checks as part of our client acceptance procedures;
c. from publicly available sources – we may, for instance, use sources to help us keep track of our clients.
6. TO WHOM DO WE SHARE YOUR PERSONAL DATA?
6.1 We may transfer your Personal Data to one or more of the types of recipients listed below:
a. our business partners, agents, or middlemen who are essential to the delivery of our company's goods and services;
b. government authorities;
c. commercial banks and other financial institutions;
d. attorneys, financiers, accountants, company managers, personnel administrators, etc.
e. subsidiaries of the Corporation;
f. external service providers (providing services such as system development and enhancement, auditing);
g. other parties with which the Company plans to enter into or has already entered into contract(s);
h. third parties that need access to the data to comply with legal duties, a legitimate interest, or the approval of shareholders or beneficiaries.
7. INTERNATIONAL TRANSFER OF PERSONAL DATA
7.1. As we provide international services, your Personal Data may be transferred and processed outside the European Union (hereinafter – the EU) and the European Economic Area (hereinafter – the EEA).
7.2. The transfer of Personal Data may be considered as needed in such situations as e.g.:
a. to conclude the contract between you and us and to fulfil the obligations under such contract;
b. in cases indicated in laws and regulations for the protection of our lawful interests, e.g. to bring proceedings in court/other governmental bodies;
c. to fulfil legal requirements or to realize public interest.
7.3. In case your Personal Data is transferred outside the EU and the EEA, we will take all steps to ensure that your data is treated securely and by this Privacy Policy, and we will ensure that it is protected and transferred in a manner consistent with the legal requirements applicable to the Personal Data.
7.4. This can be done in several different ways, for example:
a. the country to which we send the Personal Data, a territory or one or more specified sectors within that third country, or the international organization is approved by the European Commission as having an adequate level of protection;
b. the recipient has signed standard data protection clauses, which the European Commission approves;
c. if the recipient is located in the US, it shall be a certified member of the EU–US Privacy Shield scheme;
d. special permission has been obtained from a supervisory authority.
7.5. We may transfer Personal Data to a third country by taking other measures if it ensures appropriate safeguards as indicated in the GDPR.
8. HOW DO WE PROTECT YOUR PERSONAL DATA?
8.1. We ensure the implementation of appropriate technical, organizational and administrative security measures required to ensure the security of your Personal Data processing, to protect your Personal Data from loss, misuse, accidental or unlawful destruction, modification, disclosure, unauthorized access or any other illegal handling.
8.2. The Company and any third-party service providers that may process Personal Data on our behalf (for the purposes indicated above) are also contractually obligated to respect the confidentiality of the Personal Data.
9. RETENTION TERMS OF PERSONAL DATA PROCESSING
9.1. We will keep your Personal Data for as long as it is needed for the purposes for which your data was collected and processed but no longer than required by the applicable laws and regulations. This means that we store your data for as long as it is necessary for providing services and as required by retention requirements in the laws and regulations of Latvia.
9.2. The terms of data retention of the Personal Data for the processing of the Personal Data as specified in this Privacy Policy are as follows:
a. as long as your consent remains in force if there are no other legal requirements, which shall be fulfilled about the Personal Data processing;
b. in case of the conclusion and execution of contracts – until the contract concluded between you and the Company remains in force and up to 10 (ten) years after the relationship between the client and the Company has ended;
c. the Personal Data submitted by you through our website is kept to the extent necessary for the fulfilment of your request and to maintain further cooperation, but no longer than 6 (six) months after the last day of the communication if there are no legal requirements to keep them longer.
d. for at least 5 (five) years according to the Law on Prevention of Money Laundering and Terrorist Financing.
9.3. In cases when the applicable laws and regulations provide the terms of data retention, such terms of retention shall apply.
9.4. Your Personal Data might be stored longer if:
a. we must defend ourselves against claims, demands or actions and exercise our rights;
b. there is a reasonable suspicion of an unlawful act that is being investigated;
c. your Personal Data is necessary for the proper resolution of a dispute/ complaint;
d. under other statutory grounds.
10. WHAT RIGHTS DO YOU HAVE ABOUT YOUR PERSONAL DATA?
10.1. As a data subject, you have rights regarding the Personal Data we hold on you. Under certain circumstances and in accordance with Latvian, the EU and other applicable data protection laws, you may have the right to:
a. get familiar with your Personal Data and how it is processed – you have the right to obtain information about the scope and kind of Personal Data we process on you. However, your right to access may be restricted by legislation, protection of other personʼs privacy and consideration for the Companyʼs business concept and business practices. The Companyʼs know-how, business secrets as well as internal assessments and material may restrict your right of access;
b. demand rectifying incorrect or incomplete data – if it turns out that we process Personal Data about you that is inaccurate, you have the right to request rectification of such Personal Data. You have the right to request us to absolute your incomplete Personal Data that we possess;
c. erasing your Personal Data – you have the right to have any or all of your Personal Data to be erased. In certain cases, we cannot erase all of your Personal Data. In such case, this would be due to our contractual obligations or requirements of applicable laws;
d. restricting the processing of your Personal Data – you have the right to demand that our processing of your Personal Data be restricted for a period of time. This can pertain, for example, to a situation where you believe that your Personal Data is inaccurate, and we need to verify it. It can also pertain to a situation where you object to processing that we base on legitimate interest. In such case, we must verify if our grounds override yours;
e. transfer your Personal Data to another data controller or provide it directly to you in a convenient format (NOTE: applicable to Personal Data which is provided by you and which is processed by automated means based on consent or based on the conclusion and performance of the contract);
f. object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;
g. to withdraw your consent so that we stop that particular processing when the processing is based on consent. However, such consent withdrawal does not affect the lawfulness of processing based on consent before its withdrawal;
h. not to be subject to a decision based solely on automated processing;
i. lodge an appeal to the State Data Inspectorate of Latvia, a supervisory authority concerned. If you have an objection to how we have processed your Personal Data, you can turn to it. We will exercise your rights only after we receive your written request to exercise a certain right indicated above and only after confirming the validity of your identity. The written request shall be submitted to us by ordinary mail or by e-mail at [email protected].
10.2. Your requests shall be fulfilled, or fulfilment of your requests shall be refused by specifying the reasons for such refusal within 30 (thirty) calendar days from the submission date of the request meeting our internal rules, GDPR and other data protection legislation. The afore-mentioned time frame may be extended for 30 (thirty) calendar days by giving prior notice to you if the request is related to a great scope of Personal Data or other simultaneously examined requests. Response to you will be provided in the form of your choosing as the requester.
11. THE RIGHT TO LODGE A COMPLAINT
11.1. You can file a complaint regarding the Personal Data in the same manner as specified above.
11.2. You can also address the State Data Inspectorate of Latvia with a claim regarding processing your Personal Data if you believe that the Personal Data is processed in a way that violates your rights and legitimate interests stipulated by applicable laws. You may apply the procedures for handling complaints established by the State Data Inspectorate of Latvia, which contact details are available at https://www.dvi.gov.lv/lv/iestades-kontakti.
12. HOW CHANGES TO THIS PRIVACY POLICY WILL BE MADE?
12.1. We regularly review this Privacy Policy and reserve the right to modify it at any time by applicable laws and regulations. Any changes and clarifications will take effect immediately upon publication on our website: www.astutefintech.com.
12.2. Please review this Privacy Policy periodically to stay updated on any changes.
13. CONTACT US
Controller’s Contact Information:
Astute Tech SIA
Company’s registration number: 40203464673
Legal address: Rīga, Prūšu iela 11 - 32, LV-1057, Latvia
Office address: īga, Skolas iela 21, LV-1010, Latvia
Contact phone number: +371 24 867 311
Contact email address: [email protected]