Privacy policy

Effective Date: 25th of May 2018

1. Introduction

This Privacy Policy explains how Clavis Fintech Solutions Limited ("Clavis," "we," "us," or "our") handles personal data in providing our services. We are committed to protecting your privacy and being transparent about our data practices.

Key Definitions:

  • Personal Data: Any information that relates to an identified or identifiable individual.
  • Processing: Any operation performed on personal data, such as collection, storage, use, or sharing.

This policy aligns with the General Data Protection Regulation (GDPR) (EU) 2016/679, ensuring compliance with data protection laws applicable in the European Union and European Economic Area.

2. Our Role and Responsibilities

2.1 Data Processor Role

For most services provided through our platform, we act as a data processor on behalf of Striga Technology OÜ ("Striga"), who is the data controller. This means:

  • We process personal data according to Striga's instructions.
  • Striga determines the purposes and means of processing.
  • Data protection inquiries related to regulated services should be directed to Striga.

2.2 Data Controller Role

We act as a data controller only for:

  • Marketing communications (where you've given consent).
  • Technical support services.
  • Platform usage analytics.
  • Our own business relationship management.

In ambiguous cases, our role will be clarified with reference to specific agreements.

3. Data We Process

3.1 As a Processor

On behalf of Striga, we process:

  • Identity verification data: e.g., name, ID numbers, and documents.
  • Transaction data: e.g., payment details and transaction history.
  • Account information: e.g., login credentials and account settings.
  • Communication records: e.g., messages exchanged via our platform.
  • Service usage data: e.g., IP addresses, timestamps, and activity logs.

3.2 As a Controller

We directly collect and control:

  • Technical data: e.g., device information, IP addresses, and browser type.
  • Customer service interactions: e.g., support tickets and chat transcripts.
  • Marketing preferences: e.g., communication opt-ins.
  • Platform usage statistics: e.g., user behavior analytics.

4. Legal Basis for Processing

When acting as a controller, we process data based on:

  • Contractual necessity: To fulfill agreements with you.
  • Legal obligations: To comply with regulatory requirements.
  • Legitimate interests: For fraud prevention, service improvement, and business operations.
  • Your consent: For marketing purposes (withdrawable at any time).

Example scenarios for each basis are provided upon request.

5. Data Sharing

5.1 Service Providers

We may share data with:

  • IT and system providers: To ensure platform functionality.
  • Customer support tools: To assist with inquiries.
  • Analytics services: To improve user experience.

All providers are bound by data processing agreements to ensure confidentiality and security.

5.2 Legal Requirements

We may share data:

  • To comply with legal obligations.
  • To protect rights and safety.
  • In response to valid legal requests from authorities.

5.3 Third-Party Transfers

If any data transfers occur outside the EU/EEA, they will follow applicable adequacy decisions or use Standard Contractual Clauses (SCCs) as safeguards.

6. International Transfers

We keep data within the EU/EEA unless:

  • You explicitly consent to transfers.
  • A transfer is necessary for contract performance.
  • Adequate safeguards, such as SCCs, are in place.

Users will be informed about applicable safeguards for any third-country transfers.

7. Data Security

We implement appropriate technical and organizational measures, including:

  • Encryption of sensitive data.
  • Access controls based on the principle of least privilege.
  • Regular security assessments and penetration testing.
  • Staff training on data protection practices.
  • Incident response procedures to address breaches promptly.

Third-party certifications are maintained to ensure compliance with industry standards.

8. Your Rights

You have the right to:

  • Access your data.
  • Rectify inaccurate or incomplete data.
  • Request erasure of data.
  • Restrict processing.
  • Data portability.
  • Object to processing.
  • Withdraw consent for marketing communications.

Exercising Your Rights:

  • For regulated services, direct requests to Striga.
  • For other services, contact us via the details in Section 13. We aim to respond within 30 days.

9. Data Retention

We retain personal data only as long as necessary for:

  • Service provision.
  • Legal obligations and regulatory requirements.
  • Legitimate business purposes.

Specific retention periods vary by data type. For example:

  • Transaction data: Retained for up to 7 years for compliance.
  • Marketing preferences: Retained until consent is withdrawn.

10. Cookies and Tracking

Please see our separate Cookie Policy for details about:

  • Types of cookies used.
  • Purposes of tracking (e.g., performance, analytics).
  • Options for controlling or disabling cookies.

11. Children's Privacy

Our services are not intended for users under 18. We take steps to prevent data collection from minors, including age verification measures. If we learn that we have collected data from a minor, we will delete it promptly.

12. Changes to This Policy

We may update this policy by posting a new version on our website. Significant changes will be communicated via email or platform notices, along with a summary of key updates.

13. Contact Information

For privacy matters under our control:

  • Email: dpo@ozuma.io

14. Supervisory Authority

If you have concerns about how we handle your data, you have the right to raise it with the relevant supervisory authority:

In the European Union:

  • Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
  • Website: https://www.aki.ee/en
  • Jurisdiction: Applicable for all data processing activities conducted under EU GDPR via our Estonian platform provider.

You may also contact your local Data Protection Authority (DPA) within your respective European Economic Area (EEA) member state for further assistance or to escalate concerns.

15. Automated Decision-Making

We may use automated decision-making processes for fraud detection or identity verification. These processes are regularly reviewed to ensure fairness and accuracy. For more information, contact us directly.

16. Third-Party Data Sources

We may collect personal data from third-party sources, such as credit reference agencies or public databases, to ensure compliance and accuracy.

Instant crypto wire transfer
Accounts
EUR accountsBTC accountsETH accountsUSDC accountsBNB accountsPOL accounts
Use cases
Crypto money transferCrypto payrollGig workers payrollPayment transfers
Resources
BlogSupport
Clavis Fintech Solutions Limited (a private limited company, incorporated in the UK, company number 14119103, registered address 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ) does not provide financial services directly, particularly those requiring licensing. All services are offered through third-party providers, including Striga Technology OÜ (registry code: 16298772). Crypto services like wallets and exchanges are also managed by third parties. Before offering licensed services, Clavis will apply for the necessary licenses in the relevant jurisdiction. Copyright © 2024 Clavis Fintech Solutions Limited. All rights reserved.
Privacy PolicyTerms & Conditions