1.2. In this Policy, we explain:
What Personal Data we collect, how it is used, disclosed, retained and deleted (each and all referred to as "processing");
– How and why we may disclose your Personal Data to third parties;
– The transfer of your Personal Data within and outside of the European Economic Area (“EEA”);
– Your statutory rights concerning your Personal Data;
– Voima Gold’s retention and deletion of your Personal Data
1.3. We do not collect any personally identifiable information from children or minors under the age of 18 without the permission of a child’s custodians. If you believe that a child or minor under the age of 18 has provided us with such information without proper approval of his/her custodians, please contact our customer support.
1.4. This Policy only applies to information we process. It does not apply to the practices of companies that we don't own or control, or employees that we don't manage. Information on our services may contain links to third party websites. Any information you provide to those sites will be covered by any privacy policies they may have. Please be sure to read the privacy policies of any third-party sites you visit.
1.5. We may update this policy from time to time. We will notify you of changes to this policy affecting your rights by email and/or by posting on our website at voimagold.com no later than fourteen (14) days before they become effective.
2.1. In this section, we set out:
– the general categories of data and types of personal data that we may process;
– the source of that personal data;
– the purposes for which we may process personal data; and
– the legal bases of the processing.
2.2. We may process your personal identification information ("personal identification information"). Personal identification information may include your full name, email address, telephone number, date of birth, social security number, age, gender, nationality, country of residence, home address, photographs and home address. The source of the personal identification information is you. The personal identification information may be processed to provide our services, communicate with you, protect our users from illegal activity, to maintain legal and regulatory compliance and help us to prevent, detect and investigate fraud, money laundering and other criminal activity or misuse of our service. The legal justification for processing your personal identification information rests on your consent as well as our legitimate interest in and legal obligation to prevent fraud, money laundering, criminal activity, and other misuses of the services.
2.3. We may process your formal identification information ("formal identification information"). Formal identification information may include your full name, nationality, date of birth, gender, social security number, passport details, national identity card details, driver’s license details and/or residence verification information (such as utility bills). The source of the formal identification information is you. The purpose of the formal identification information is to protect our users from illegal activity, maintain legal and regulatory compliance and help us to prevent, detect and investigate fraud, money laundering, and other criminal activity or misuse of our service. Moreover, processing formal identification information will help us to provide a more trustworthy, safe and reliable trading experience for our customers. Legal bases for this processing are compliance with legal obligations that Voima Gold is subject to, namely to comply with anti-money laundering and anti-terrorist financing laws, and the legitimate interests of ours and/or those of third-parties, namely to provide our services, to prevent, detect and investigate fraud, money laundering, criminal activity or other misuses of the services.
2.4. We may process legal person information (“legal person information”). Legal person information may include information and documentation related to the registration country, trade name, phone number, email address, business ID number, registration year, website, full address, industry, corporate form, revenue, employee count, origin of funds, operations in other countries, beneficial owners and their ownership, extract from a company register or equivalent legal person register. Legal person information may also contain personal identification information and formal identification information related to the operator of the legal person’s account and possible subaccount operators, beneficial owners and/or members of the board of directors or equivalent governing body of the legal person. The source of the legal person’s information is the operator of the legal person’s account. The legal person information may be processed to provide our services, ensure the security of our users and services, communicate with you and to protect our users from illegal activity, maintaining legal and regulatory compliance and to help us to prevent, detect and investigate fraud, money laundering and/or other criminal activity or misuse of our service. Moreover, it is in our legitimate interest, as well as that of third parties, to prevent fraud, money laundering criminal activity, and other misuses of the services.
2.5. We may process your financial and employment information ("financial and employment information"). Financial information may include information related to your income, revenue, wealth, bank account information and/or tax identification. Employment information may include information and documentation related to your employer, job title, and/or description of the role. The source of the financial and employment information is you. The financial and employment information may be processed to protect our users from illegal activity, maintain legal and regulatory compliance and to help us prevent fraud, money laundering or other criminal activities or misuses of our service. The legal bases for this processing are compliance with legal obligations that Voima Gold is subject to, namely in order to comply with anti-money laundering and anti-terrorist financing laws and legitimate interests of ours and/or those of third-parties, namely to prevent, detect and investigate fraud, money laundering, criminal activity or other misuses of the services.
2.6. We may process data about your use of our website and services ("usage information"). Usage information is primarily non-personally-identifying information of the sort that web browsers, servers, and services like Google Analytics typically make available, such as the browser type, language preference, referring site, and the time of each visit. Other non-identifying information that we might have access to includes how you use the service (e.g. search queries), your approximate location, cookies set by our site, etc. Although usage information is primarily non-personally-identifying information, you can sometimes be recognized from it, either alone or when combined or linked with personal identification information. Usage data may include: 1) Data that we collect mainly for behavior statistics, business intelligence, and email campaigns ("analytics information"). Analytics information may contain your email address, IP address, and country code. 2) Data that we collect mainly for technical, security, fraud prevention and/or for error tracking reasons ("technical information") and that may occasionally contain usage data. We also log certain events from your actions on our site. The legal bases for this processing are the legitimate interests of ours or those of third-parties, namely to monitor service quality and improve our website and services as well as to prevent, detect and investigate fraud, money laundering, criminal activity or other misuses of the services and to prevent security issues.
2.7. We may process data relating to the trades, deposits, and withdrawals that you conduct through our website ("transaction information"). The transaction information may include transaction ID, initiated trades, payment method, amounts, values (in fiat/gold) and timestamps of deposits, withdrawals and trades as well as signed copies of certain transaction documents. The source of the transaction information is you. The legal bases for this processing are compliance with legal obligations that Voima Gold is subject to, namely to comply with anti-money laundering and anti-terrorist financing laws, the performance of a contract between you and us and legitimate interests of ours and/or by third-parties, namely to prevent, detect and investigate fraud, money laundering, criminal activity or other misuse of the services.
2.8. We may process any information that you generate through the use of our various services ("communication information"). Communication information includes all your messages, requests, and interactions with our customer support. Voima Gold is a party to such communications. It may review and otherwise process any contents and metadata of messages comprised in the communication information. Communication information may include email address, phone number, IP address, full name as well as audio and video files. The source of the communication information is you. The information may be processed to communicate with you, record-keeping, and to serve our customers better and improve our service. The legal basis for this processing is the legitimate interests of ours or those of third-parties, namely to serve our customers better and also to prevent fraud, money laundering, criminal activity and other misuses of the services.
2.9. We may process information that you provide to us to subscribe to our email notifications, SMS notifications and/or newsletters ("notification information"). The notification information may include your email address, phone number, and full name. The notification information may be processed for marketing, sending you the relevant notifications and/or newsletters. The legal basis for this processing is your consent and our legitimate interest to communicate with our customers and to perform direct marketing. You can unsubscribe at any point by contacting us or by clicking the unsubscribe link in an email sent by us.
2.10. Concerning the activities described above, we may conduct profiling based on your interactions with and content that you provide to our service, and/or information obtained from processors. If we detect what we suspect to be illegal, harmful, or dangerous activities, automated processes may restrict or suspend access to our services. We process this information to comply with the law, and because we have legitimate interests to prevent fraud, money laundering, criminal activity, and other misuses of the services, as well as to optimize our products and services.
2.11. We may process your data when necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or outside the court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights, and the legal rights of others.
2.12. Also, we may require and process information containing personal data when legal compliance or the protection of your vital interests or those of another natural person necessitates it. Further, your personal identification information and other personal data may be processed to prevent money laundering or terrorist financing, as well as for prosecution of money laundering or terrorist financing or any such crimes from which assets or criminal benefits used in connection with money laundering or terrorist financing have been gained.
2.13. All the aforementioned general categories of data may contain data that by itself does not identify you and is therefore not deemed as personal data.
2.14. Some users may elect to publicly post personally identifying or sensitive information about themselves in their normal use of our services. This could occur through interactions on public boards, or if a previously private interaction is made public. Information voluntarily posted in publicly visible parts of our services or third-party services, is considered public. We may process such information posted by you based on the performance of a contract between you and us and due to the legitimate interests of ours and/or those of third-parties, namely to provide our services, to prevent, detect and investigate fraud, money laundering criminal activity and/or other misuse of the services. Additionally, voluntarily publicizing such information means that you lose any privacy rights you might usually have concerning that information. It may also increase your chances of receiving unwanted communications, like spam.
2.15. If you choose to publish personally identifiable information, others may use or disclose it without our control and your knowledge, and search engines may index that information. We, therefore, urge you to think carefully about including any data you may deem private in content that you create or information that you submit through our services.
3.1. We use external services ("processors") in certain situations for processing personal data on our behalf. Where the processing is carried out for a controller, we use methods following Regulation (EU) 2016/679 (General Data Protection Regulation), thus ensuring the protection of the rights of the data subjects.
3.2. We may use a processor for processing personal and formal identification data for verifying the identity of our users by using ID document verification and facial biometrics technologies. The processor may collect your full name, nationality, date of birth, gender, social security number, tax ID number, email address, phone number, IP address, passport details, driver’s license details, and national identity card details. Additionally, the processor may collect a photograph or video of you to perform a facial or liveness check. Legal bases for processing personal and formal identification information has been defined in section 2 above. Legal bases for processing personal and formal identification information is defined in Section 2.
3.3. To collect, analyze, and utilize behavior statistics for business intelligence purposes, as well as to track, gather and resolve various server errors, we may use a processor for processing usage information. The processor may collect your email address, IP address, country code, and that data is used to generate information about your usage of our service. Server error messages are rare but they may include your IP address. Legal bases for processing usage information is defined in Section 2.
3.4. To deliver emails and SMS messages to our users, we may use a processor for processing notification information. Legal bases for processing notification information is defined in Section 2.
4.1. We store your information primarily within the European Economic Area. However, some features and requirements of the service may involve transferring your information to third-party service providers outside the European Economic Area. When service providers operate outside the jurisdiction of Regulation (EU) 2016/679, standard data protection clauses adopted by the European Commission or the Privacy Shield Framework will cover the data transfers.
5.1. This section sets out our data retention and deletion policies designed to protect the user’s legal right to be forgotten.
5.2. Personal data that we process for any reason shall not be kept for longer than is necessary.
5.3. Users may request the deletion of their data by contacting us via firstname.lastname@example.org or through our site.
5.4. We will retain and delete your data as follows:
– For users whose data deletion request has been approved by us:
– Personally-identifiable usage information is removed 30 days after account deletion.
– Our processors do not generally store notification information. But, they may retain activity logs for a short time (this time varies depending on the processor in question but is not greater than 12 months). If our processors store some of the notification information, we will remove your personally identifiable notification information 30 days after the approval of your data deletion.
– For users who have not generated any transaction information, we will delete all your personal data within 30 days after the approval of your data deletion request.
– For users who have generated transaction information, we will delete your personal identification information, formal identification information, legal person information, financial and employment information, transaction information, and communication information six years after the approval of your data deletion request.
5.5. When we can’t specify in advance the periods for which your data will be retained. In such cases, we will determine the period of retention based on the period we need to access the data for the provision of services, receiving payment, resolving your customer support issue, or other issues, including auditing or legal reasons.
5.6. These provisions aside, we may keep your data when necessary for legal reasons or to protect your vital interests or the vital interests of another natural person.
6.1. In this Section 6, we have summarised the principal rights that you have under data protection law. Some of the rights are complex, might contain restrictions depending on the legal basis for processing the data and, to keep this policy as concise and easily accessible as possible, not all of the details have been included in our summaries. Accordingly, it would help if you read the relevant laws and guidance from the regulatory authorities for further details of these rights.
6.2. Your principal rights under the data protection law are:
(a) the right to access;
You have the right to confirm whether we process your personal data and, where we do, to access the personal data. Providing that the rights and freedoms of others are not affected, we will supply you with a copy of your personal data. The first copy will be provided for free, but additional copies may cost. You can request your personal data by contacting us via email@example.com or through our site.
(b) the right to rectification;
You have the right to rectify inaccurate personal data. Considering the purposes of the processing, you also have the right to complete any incomplete personal data. You can correct or update some of your data yourself through your user account.
(c) the right to erasure;
You have the right to the erasure of your personal data. We have described our policy for retaining and deleting personal data above in Section 5.
(d) the right to object to processing;
You have the right to object to our personal data processing. Barring processing necessary for carrying out the public interest or the exercise of any official authority vested in us, such as the demands of the anti-money laundering and anti-terrorist financing laws, we will accommodate your objections. If you object, we will stop processing your data unless we can show compelling legitimate grounds for continuing, namely, for the establishment, exercise, or defense of legal claims.
(e) the right to data portability;
To the extent that the legal basis for our processing of your personal data is consent or contract, and it is automated, you have the right to get your personal data from us in a structured, commonly used, and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
(f) the right to complain to a supervisory authority;
If you consider that our processing of your personal data infringes on data protection laws, you have a legal right to complain to a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement.
(g) the right to withdraw consent.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
6.3. Without prejudice to those above, if we have reasonable doubts concerning the identity of a user exercising his or her rights referred to in Section 6.2 or if we otherwise deem it necessary for security reasons, we may request more information and otherwise use reasonable measures needed to confirm the identity of the user.
6.4. You may exercise any of your rights regarding your personal data by contacting our customer support. Concerning "Right to erasure," users are also able to request the deletion of their account through our site.
(a) What are cookies
There are two types of cookies; “persistent” or “session” cookies. A “persistent” cookie is by a web browser and will remain valid until its set expiration date (unless the user deletes it before the expiration date). A “session” cookie expires at the end of the user session, i.e., when the user closes the web browser.
Typically, cookies do not contain any information personally identifying users. Still, it is possible to link stored personal data obtained from cookies.
(b) Cookies that we use
When you submit data through a form such as those found on contact pages or comment forms, cookies may be set to remember your user details for future correspondence. To provide you with a great experience on this site, we provide the functionality to set your preferences for how this site runs when you use it. To remember your preferences, we need to set cookies so that this information can be called whenever you interact with a page that is affected by your preferences.
(c) Cookies used by our service providers
We use Google Analytics and HubSpot Analytics to analyze the use of our website. Google and HubSpot Analytics gathers information about website use through cookies. The information gathered relating to our website is used to create reports about the use of our website and how we might improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit.
(d) Managing cookies
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Disabling cookies may result in some functionality and features of this site being disabled.
Data Protection Officer's contact details:
Voima Gold Oy / Data Protection Officer