SQR Corp. (“Company”, “SQR”, or “We”) have implemented this Privacy Policy to inform you as to what information we collect about you, how we use it, when we share it, and what rights you have with respect to your personal data. We encourage you to read this Privacy Policy carefully, as it can help you make informed decisions when you use our services.
You hereby acknowledge and agree that your continued use of the service shall constitute your acceptance of our current Privacy Policy and any future amendments thereto. This Privacy Policy and any future amendments thereto supplement, and form part of, our Terms of Service, available at https://sqr.finance amended, supplemented, or modified from time to time. Accordingly, capitalized terms used, but not defined in this Privacy Policy, have the meanings set out in the Terms of Service.
INFORMATION WE MAY COLLECT ABOUT YOU
By the term “personal data,” we refer to information that relates to an identified or identifiable individual. Your name, national identification number, internet protocol (IP) address, or other pieces of information from which you can be directly or indirectly identified are typically considered personal data.
The personal data we collect can be grouped into the following categories:
| Types of personal data | Examples of personal data |
|---|---|
| Identification data | First, last, middle, maiden names, date of birth, personal identity code, any other unique sequence of symbols granted to you, intended for personal identification, gender, nationality, citizenship, copy of government-issued identity document (e.g., passport, national identity card, residence permit, driver’s license) and its details (e.g., type, number, place and date of issuance, expiry date, MRZ code, signature), country of birth, residential address, copy of proof of address document (e.g., utility bill, identification document bearing your address), photographed image or video recording of your face that you provide through a mobile or desktop camera while going through our identity verification process. |
| Transaction data | Account balance, transactional activity, external wallet address, transaction information such as timestamp, virtual asset service provider (VASP) that is a counterparty to the transaction, transaction ID (TXID). |
| Account data | ID number, login password, mobile app PIN number, nickname, profile image, referral information |
| Data related to AML/CFT/sanctions requirements | Information that enables us to perform anti-money laundering (AML) and combating the financing of terrorism (CFT) requirements and ensure the compliance with international sanctions, including the purpose of the business relationship and whether you are a politically exposed person and other data that are required to be processed by us in order to comply with the legal obligation to “know your client” (KYC) (information collected will differ depending on each client’s risk score). |
| Data obtained and/or created in order to fulfill the requirements of applicable legislations | Information that the Company is required to provide to public authorities (e.g., tax administrators, courts), including information on income, payments, and other information held by us. |
| Contact data | Phone number, e-mail address, residential address. |
| Communications data | Information you provide during communication with us (e.g., via emails, chats, or calls with our Support Team). |
| Promotional data | Survey responses, participation in promotional events, promotion communication preferences. |
| Special category data | Biometric data (collected for identity verification required during our KYC process). |
HOW WE COLLECT YOUR PERSONAL DATA
We may collect your personal data in three ways: 1) receive directly from you; 2) generate or collect while you use our Products or Services; and 3) receive from third parties.
Information received directly from you
To create an account with us and use our services, you need to provide us with certain information. We collect such information because it is necessary to provide the requested services (e.g., when you make a withdrawal request, we will ask for a withdrawal address), required by law (e.g., we collect your selfie and government-issued photo ID to verify your identity and comply with relevant AML/CFT regulations), or for certain other specific purposes that we will describe in further detail below. Please note that at your sole discretion, you may elect not to provide the necessary information to use our service, in which case we may not be able to provide adequate services.
Information we generate or collect while you use our services
When you create an account with us, we assign you a unique ID number. This allows us to recognize you when you sign in on a new device or through a different platform. In addition, we also collect information about your devices, and your interactions with and activities across our services. We use this information to provide the requested services; detect any suspicious activity and prevent fraud; offer you more personalized services and features; improve the performances of our services; and address customer support issues.
Information we receive about you from third parties
We may also obtain information about you from third parties and publicly available sources. For example:
- We may receive personal data from a third party which is connected to you or is dealing with us, such as business partners, sub-contractors, service providers, merchants, etc.:
- We may receive information about you from our identity verification service providers to verify your identity and comply with applicable AML/CFT regulations. We currently use:
- Fullstack Inc. (“ARGOS”) (ARGOS’ privacy policy is available at https://argoskyc.com/privacy-policy-service/)
- Sum & Substance Ltd (“SumSub”) (SumSub’s privacy policy is available at https://sumsub.com/privacy-notice/
- When we receive a transfer above a certain threshold, the VASP that initiates the transfer may send us information about the sender and the receiver such as their names in order to comply with certain AML/CFT regulations known as the “Travel Rule.”
- We may also analyze public blockchain data to detect any illegal or prohibited activity under our Terms of Service or other agreements by those who use our services.
- We may receive personal data from other entities with which we collaborate.
HOW WE USE YOUR PERSONAL DATA
Legal bases for processing your personal data
In general, we process your personal data (a) where processing is necessary to perform, or enter into, any contracts with you; (b) based on our legal obligations; (c) based on our legitimate interests to the extent they are not overridden by your interests or fundamental rights and freedoms; and/or (d) based on your consent.
If our legal basis for processing your personal data is your consent, you can withdraw your consent anytime.
Please note that withdrawing your consent does not affect the lawfulness of any processing we conducted prior to your withdrawal or the lawfulness of any processing we conduct based on legal grounds other than consent.
Purposes for processing your personal data
The table below shows our purposes of processing your personal data, as we described above, with the corresponding personal data categories and legal bases for processing. Please note that our legal bases for processing may be different from those below subject to any applicable local laws and regulations.
| Purposes and/or activities | To conclude the contract with you, or to take steps at your request prior to entering into a contract |
|---|---|
| Categories of personal data | · Identification data · Contact data · Account data |
| Legal bases for processing | · To perform, or enter into, any contracts with you · Based on our legal obligations |
| Purposes and/or activities | To provide you with our services and necessary customer support during the use of our services |
|---|---|
| Categories of personal data | · Identification data · Transaction data · Activities data · Contact data · Communications data · Content data · Account data |
| Legal bases for processing | · To perform, or enter into, any contracts with you |
| Purposes and/or activities | To enable us to comply with AML/CFT and sanctions requirements (including KYC obligations, such as to determine the purpose of the business relationship and whether you are a politically exposed person, as well as the source of funds) |
|---|---|
| Categories of personal data | · Identification data · Transaction data · Activities data · Data related to AML/CFT/sanctions requirements · Contact data · Communications data · Special category data |
| Legal bases for processing | · Based on our legal obligations |
| Purposes and/or activities | To carry out ongoing Client Due Diligence and manage money laundering/terrorism financing risk; and to identify, investigate, and report suspicious transactions and potential market abuse |
|---|---|
| Categories of personal data | · Identification data · Transaction data · Account data · Activities data · Data related to AML/CFT/sanctions requirements · Contact data · Communications data |
| Legal bases for processing | · Based on our legal obligations |
| Purposes and/or activities | To identify you remotely |
|---|---|
| Categories of personal data | · Identification data · Special category data · Contact data |
| Legal bases for processing | · Based on our legal obligations · Based on your consent |
| Purposes and/or activities | To initiate, investigate, settle, and/or defend against issues, disputes, or legal actions |
|---|---|
| Categories of personal data | · Identification data · Transaction data · Account data · Activities data · Contact data · Communication data · Content data |
| Legal bases for processing | · To perform, or enter into, any contracts with you · Based on our legitimate interests · Based on our legal obligations |
WHEN WE SHARE YOUR PERSONAL DATA
We will not share your personal data with third parties except: (a) to the extent that we are required to do so under any applicable laws or regulations; (b) if we have a duty to disclose; (c) if our legitimate business interests require disclosure; (d) to the extent the disclosure is consistent with our Terms of Service and/or other agreements with you; (e) at your request or with your consent; or (f) to those described in this Privacy Policy.
As part of processing your personal data for the purposes described above, we may share your personal data with the following:
-
Service providers, business partners, and professional advisors. We may share your personal data with third-party service providers, business partners, and professional advisors who have been contracted to provide us with administrative, financial, legal, tax, compliance, insurance, IT, analytics, research, or other services. These organizations and/or individuals may store your personal data within their own systems in order to comply with their own legal and other obligations. We share your personal data only so that they can provide us with services based on our instructions, and we prohibit our service providers from using or disclosing your personal data for any other purpose. We require these third-party service providers, business partners, and professional advisors to acknowledge the confidentiality of your personal data, undertake to respect your privacy rights, and comply with all relevant privacy and data protection laws.
-
Agencies, authorities, or third parties when required or permitted by law. We share your personal data with law enforcement, regulators, courts, government authorities, or third parties if we have a good-faith belief that such disclosure is reasonably necessary to meet any applicable laws, regulations, legal processes, or enforceable governmental requests; to detect, prevent, report, or otherwise address fraud, illegal activity, or security or technical issues; or to protect against harm to the rights, property, or safety of us, our users, or another party as required or permitted by law.
-
Other parties in corporate transactions. In the event of a corporate transaction involving the sale of some or all of our assets (e.g., merger, acquisition, reorganization, asset sale, bankruptcy, dissolution), personal data could be included in the transferred assets.
INTERNATIONAL TRANSFERS
We may transfer, process, and store your personal data within the affiliates of the Company in other jurisdictions in the future. By using our services, you acknowledge and agree to your personal data being transferred outside of your country or jurisdiction, including countries that have a different, and possibly lower, level of data protection laws from that in your country or jurisdiction. We will take measures to ensure that any such transfers comply with applicable data protection laws and your personal data remain protected in accordance with this Privacy Policy. For example, we may contractually obligate service providers and business partners to agree to at least the same level of privacy safeguards as required under applicable data protection laws. We may rely on the European Commission’s (EC) or other relevant authorities’ adequacy decisions which determine that a country offers an adequate level of data protection and personal data can flow to that country without any further safeguard being necessary. If you reside in Europe and we transfer your personal data to a country that has not been determined by the EC to provide an adequate level of data protection, we may implement appropriate safeguards such as Standard Contractual Clauses recognized by the EC.
SECURITY OF YOUR PERSONAL DATA
We have implemented reasonable measures, including administrative, technical, and physical safeguards, to protect your personal data from unauthorized access, disclosure, alteration, and destruction. For example, we use data encryption, review our privacy practices periodically, and restrict access to personal data on a need-to-know basis for our employees, contractors, and agents who are subject to strict confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
Yet no measure is foolproof, and we cannot guarantee that unauthorized access to, or loss, misuse, or alteration of your personal data will not occur. Moreover, please note that you also play an important role in protecting your own personal data. When creating an account with us, we encourage you to choose a password of sufficient length and complexity, to not reveal this password to any third party, and to contact us immediately if you become aware or have a reason to believe that your personal data are no longer secure. You can contact us via email to address any security concerns with respect to your personal data.
RETENTION OF YOUR PERSONAL DATA
We retain your personal data for as long as is necessary to satisfy the purposes of personal data processing set out in this Privacy Policy. When we determine that your personal data are no longer necessary to achieve the purpose for which the data were collected or otherwise processed, we will securely destroy the records or remove any details that will identify you. Please note that if you decide to permanently close your account with us, we may still need to maintain your personal data when retention of the data is necessary to comply with our legal, regulatory, accounting, or tax reporting obligations, or to establish, exercise, or defend against legal claims. This means that we store your data for as long as they are necessary for provision of our Products or Services and as required by the retention requirements in laws and regulations. If relevant laws or regulations do not provide any applicable data retention period, it shall be determined by us, taking into account the legitimate purpose of the data retention, the legal basis, and the principles of lawful processing of personal data.
The retention periods of the personal data in relation to the purposes of processing the personal data as specified in this Privacy Policy are as follows:
- as long as your consent remains in force, if there are no other legal requirements which shall be fulfilled with regard to the personal data processing;
- in case of the conclusion and execution of contracts - until the contract concluded between you and us remains in force and up to 10 (ten) years after the relationship between you and us has ended;
- the personal data collected to fulfill our obligations under AML/CFT laws shall be stored up to 8 (eight) years. The retention period may be extended for a period not exceeding 2 (two) years, provided that there is a reasoned request from a competent authority;
- the personal data submitted by you during your communication with us is kept to the extent necessary for the fulfillment of your request and to maintain further cooperation, but no longer than 6 (six) months after the last day of the communication, if there are no legal requirements to keep them longer;
- in case your application is rejected, your personal data shall be stored for up to 3 (three) months, except when such data were collected to fulfill our obligations under AML/CFT laws.
If data retention periods for certain types of personal data are specified in the legislative regulations, we apply those periods. We also may retain your personal data for a longer period when:
- it is necessary for us to defend ourselves against existing or threatened claims, or to exercise our rights, or for the proper resolution of dispute, complaint or claim;
- there is a reasonable suspicion of illegal activity;
- it is required by other applicable laws.
YOUR RIGHTS REGARDING YOUR PERSONAL DATA
Depending on your country or jurisdiction of residence, you as a data subject may have certain rights regarding your personal data, as identified below. If any of the rights listed below are not provided under applicable laws for your country or jurisdiction, we have absolute discretion in providing you with those rights. Furthermore, these rights are not absolute and may be qualified or restricted. For example, we may not be able to delete your personal data despite your right to erasure if we are required to retain the information by applicable AML/CFT laws.
- Right to be informed. At the time we obtain your personal data, we shall provide you with information about, among other things, what data we collect from and about you, how we use your personal data, with whom we share your personal data, how long we retain your data, what rights you have with respect to your data, etc.
- Right of access. You may request a confirmation that we process your personal data and what information we hold about you, and a copy of that information unless such provision adversely affects the rights and freedoms of others.
- Right to rectification. You may request we rectify inaccurate or incomplete personal data concerning you.
- Right to erasure. You may request we delete your personal data if they are no longer necessary to achieve the original purpose for which they were initially collected or processed, are not subject to any retention requirements under applicable laws or regulations, and are not necessary for the establishment, exercise, or defense of legal claims.
- Right to restriction of processing. You may request we restrict the processing of your personal data under certain circumstances, e.g., when you contest the accuracy of the information we hold about you. We may continue to process your personal data if it is necessary for the establishment, exercise, or defense of legal claims or for any other exceptions permitted by applicable laws.
- Right to data portability. You may request we provide you or another data controller with a copy of the personal data you provided to us in a structured, commonly used, and machine-readable format unless such provision adversely affects the rights and freedoms of others.
- Right to object. You may request we stop processing your personal data being processed based on our legitimate interests. We will cease processing your personal data unless the processing is based on compelling legitimate grounds or is needed for exercise or defense of legal claims.
- Right to withdraw consent. To the extent the processing of your personal data is based on your consent, you may withdraw your consent at any time. Please note that withdrawing the consent does not affect the lawfulness of our processing prior to your withdrawal.
- Right to lodge a complaint. You may have the right to file a complaint directly with a local data protection authority if you believe that the personal data are processed in a way that violates your rights and legitimate interests stipulated by applicable legislations.
HOW TO CONTACT US
If you have any questions, comments, complaints, or requests regarding this Privacy Policy or our privacy practices, or if you wish to exercise your rights regarding your personal data, please contact us send us an email at mgmt@snowqr.com
GLOBAL PRIVACY POLICY
This Privacy Policy is global in scope yet is not intended to override any legal rights or prohibitions in any jurisdiction where such rights or prohibitions prevail. In such event, the rights and obligations set out in this Privacy Policy will apply, subject only to amendment under any applicable local laws or regulations having precedence.
Last Updated Jan 2nd, 2024
End of Document