General provisions
Digital Exchange Corp LLC, identification number 412761916, a limited liability company incorporated and existing under the laws of Georgia, with legal address - Tbilisi, Gldani district, O. Khizanishvili St., N 264 (Tbilisi Technological Park Free Industrial Zone), hereinafter - the Company, in view of nature of its business activity, ensures AML&KYC compliance, and as a result process personal data of its clients – individuals, hereinafter - the Client, or data subject.
This policy, hereinafter - the Policy, has been developed by the Company in accordance with the requirements stated by European General Data Protection Regulation of 27 April 2016 and by Law of Georgia on Personal Data Protection, hereinafter - the Regulations.
Personal data is processed according to the general principles for the processing of personal data stated by the Regulations.
The Company may use data processors for processing personal data. In such cases, the Company takes needed steps to ensure that such data processors process personal data under the instructions of the Company and in compliance with the Regulations.
Contact details of the Company are available on the Company’s website - www.dexspace.net, hereinafter - the Website.
In case you have any question about personal data protection, please contact us via email [email protected]
Lawful ground and purposes for personal data processing
Personal data will be processed by the Company on the following lawful ground and purposes:
Consent: where this applies, the Client must provide explicit and informed consent which is then managed to withdraw consent at any time.
Purpose: the Company may ask for the Client’s consent in case of improvement of services, developing new products and services; advertising of services or commercial purposes etc.
Contract: when personal data processing is necessary for the performance of an agreement to which the data subject is party. Purpose is to provide the Client with relevant services; delivery of products and provision of services; handling and processing of the objections, complaints; billing administration etc.
Legitimate interests: when personal data processing is necessary for the purpose of the legitimate interests of the Company or the Client. Purpose is to protect the Client's and/or the Company's interest; to provide evidence relating to the contracts and their performance (recordings, submitted documents and other information); prevent, limit and investigate dishonest or unlawful use of the services and products provided by the Company; conduct commercial activity, etc.
Legal obligation: for compliance with a legal obligation, for example, personal data processing for AML&KYC compliance. According to the regulations specified in facilitating the suppression of money laundering and terrorism financing, the Company has to identify and verify its clients before providing the products and services.
Where the Company intends to further process the personal data for a purpose other than that for which the personal data were collected, the Company shall provide the Client prior to that further processing with information on that other purpose and with any relevant further information.
Categories of personal data
Personal data may be collected from the Client and from the Client's use of the services. Personal data categories which the Company primarily, but not only, collects and processes are:
- identification data (name, surname, identification code, date of birth, data regarding the identification document);
- contact data (address, telephone number, email address);
- financial data (bank account number, name of the bank);
- data obtained and/or created while performing legal obligation (identification documents, proof of address, selfie, enquiries made by investigative bodies, tax administrator, courts etc.);
- data related to the services and goods (executed transactions, concluded agreements, submitted applications, requests and complaints etc.).
Provision of personal data required for identification and verification of the Client is the prerequisite to provide the Client with products and services offered by the Company. If personal data is not provided, the Company will not be able to enter into contractual relationships with the Client, or to ensure the fulfilment of contractual obligations accordingly.
Profiling and automated decision-making
Profiling means any form of automated processing of personal data, through the use of personal data for the purpose of assessing certain Client related personal aspects, in particular to analyse or predict aspects in relation to the Client's personal preferences, interests, behaviour and location.
The Company can apply automated decision - making regarding to the Client. The Client will be informed about such activities of the Company separately in accordance with the Regulations.
Automated decision-making that creates legal consequences for the Client may only be made in the course of the conclusion or execution of the agreement between the Company and the Client, or on the basis of the Client's consent.
Recipients of personal data
Personal data is shared with other recipients, such as:
-authorities (such as law enforcement authorities, tax authorities, supervision authorities and financial intelligence units etc.);
-auditors, legal and financial consultants, or any other processor authorized by the Company;
-other persons related to provision of services of the Company (product suppliers, goods and services sellers, credit institutions and financial institutions, etc.).
Personal data retention
Personal data will be processed no longer than necessary.
The retention period may be based on agreement with the Client, the legitimate interest of the Company or applicable law (such as laws related to bookkeeping, statute of limitations, civil law, etc.). After the circumstances specified herein are terminated, the Client's personal data is deleted.
Client's as a data subject rights
Data subject has the following general rights regarding his/her personal data processing:
-require his/her personal data to be corrected if it is inadequate, incomplete or incorrect;
-object to processing of his/her personal data;
-require the erasure of his/her personal data;
-restrict the processing of his/her personal data under Regulations;
-receive information if his/her personal data is being processed by the Company and if so then to access it;
-receive his/her personal data that is provided by him-/herself and is being processed based on consent or in order to perform an agreement in written or commonly used electronic format and were feasible transmit such data to another service provider (data portability);
-withdraw his/her consent to process his/her personal data. The withdrawal of the consent does not affect the processing of personal data performed at the time when the Client's consent was valid. Withdrawal of the consent cannot interrupt the processing of personal data performed on the other legal basis;
-not to be subject to fully automated decision-making, including profiling, if such decision-making has legal effects or similarly significantly affects the Client. This right does not apply if the decision-making is necessary in order to enter into or to perform an agreement with the Client, if the decision-making is permitted under applicable law or if the Client has provided his/her explicit consent;
-lodge complaints pertaining the violation of the use of personal data to the supervisory authority.
Validity and modification of the Policy
This Policy may be updated from time to time.
The data subject has a right to easily access this Policy. Therefore, the latest version of this Policy will be published on the Website.
