Effective: 1 August, 2018
As the operator of the Polybius website (https://polybius.io/) (Website), our company (Company, we or us) is committed to protecting and respecting your privacy.
This policy together with our Polybius Crowdfunding Terms and Conditions (if applicable) sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us.
For the purpose of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), the data controller is the Company.
Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it. By visiting the Website you are accepting and consenting to the practices described in this policy.
Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
INFORMATION ABOUT US
We are a private limited company registered in Estonia under the name of Polybius Tech OÜ, with company number 14420450, represented by the member of management board Anton Altement. We have our registered office at Harju maakond, Tallinn, Kesklinna linnaosa, Tartu mnt 43, 10128.
To contact us, please email [email protected]
INFORMATION WE MAY COLLECT FROM YOU
We process personal data about you as necessary to meet our legal and contractual obligations, operate our business, provide the products and services you use or otherwise fulfill the legitimate interests described in the “Uses Made of Information” sections below.
We may collect and process the following data about you:
- Information you provide us
- Subscription. In order to access to Polybius newsletter or other materials, you may subscribe with Polybius Website. To subscribe with Polybius Website, you need to provide us your email address.
- Registration. To create an account, you need to provide data including your name, company name (if applicable), email address, a password or other details to help you with your experience. If you chose not to provide information mentioned hereinabove, we will not be able to provide you services or products.
- Your account information. We may ask for your contact information, including your name, company name (if applicable), email address, a password, birthdate, address, Wallet Address or other details to help you with your experience.
- Payment information. When you add your financial account information to your Account or use our Services or access our Website, that information (including that of the other participants associated with the transaction), is directed to our third-party payment processor. We do not store your financial account information on our systems; however, we have access to, and may retain information through our third-party payment processor
- KYC/AML checks. In connection with KYC/AML checks, Polybius may process your personal data, including the following
For entity customers:
- a copy of the applicable organizational and authority documents (e.g. trust instrument, certificate of incorporation, certificate of formation, corporate resolutions, partnership agreement, operating agreement, plan documents, etc.)
- name and registry code of the legal entity;
- name and website address of the register; timely print-outs of relevant registers
- first and last name, and personal identification code, time and place of birth details of the company representative;
- name, number, date of issue, and name of the issuer of a travel (Passport) document of the representative;
- basis for the right of representation; a document, certifying the right of representation.
- details of the actual beneficiary;
- postal address;
- address of the place of business;
- area of activity;
- bank account details;
- contact phone number and email address.
For natural person customers:
- a copy of passport or other government-issued form of identification;
- first and last name;
- personal identification code, time and place of birth;
- name, number, date of issue and name of the issuer of a travel (Passport) document;
- a selfie-color picture of the individual along with a copy of Passport or picture travel document;
- address of residence;
- address of location at the time of making contact;
- profession or area of activity;
- contact phone number and email address.
Communications and customer support
- If you contact us, we may receive information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.
- Information we collect about you
Cookies and other tracking technologies
The cookies we use are session based.
We may use the following cookies:
- Strictly necessary cookies. These cookies are essential in order to enable you to move around the Website and use its features, such as accessing secure areas of the website.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
If you wish you can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Website.
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place. It’s also important to note that we do not allow third-party behavioral tracking.
When you use our Services, regardless of the device you access them from, we may collect information about your engagement with and utilization of our Services, such as processor and memory usage, storage capacity, navigation of our Services system-level metrics, device type, user usage data, device network connections (e.g. Wifi) and Internet protocol (IP) address, geolocation information (e.g. GPS), address book, and biometric data.
We use this data to operate the Services, maintain and improve the performance and utilization of the Services, develop new features (e.g., Touch ID/Fingerprint to verify your identity), protect the security and safety of our Services and our customers, and provide customer support. We also use this data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business. For information about your ability to restrict the collection and use of such information, please use the settings available in the device.
With regard to each of your visits to our Website we may automatically collect the technical information, including the IP address used to connect your computer to the Internet, your login information (if applicable), browser type and version time zone setting, browser plug-in types and versions, operating system and platform, information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including date and time), page response times, download errors, and any information of yours related to contact our customer service team.
Information we receive from other sources
This is information we receive about you from public domain, third parties or other websites we operate or the other services we provide. Third parties we work with include: business partners, sub-contractors in technical, payment and delivery services, credit reference agencies, financial services or insurance companies, and third party account or platforms, including social media platforms.
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
- To carry out our obligations arising from law;
- To carry out our obligations arising from any contracts entered into between us;
- To operate and maintain the Services, for example, to authenticate you when you log in, and to process your transactions;
- To prevent, detect and combat fraud and manage risks related thereto through the use of our Website and Services (e.g. by verifying your identity);
- To provide you with the information, products and services that you request from us;
- To provide you with information about other goods and services we offer that are similar to those that you have already enquired or purchased about;
- To communicate with you, directly or through one of our partners, including for customer support, to respond to your requests and for assistance and customer service, to provide you with updates and other information relating to the Service;
- To communicate with you about our goods and Services or notify you about changes thereto. We may also use your information to communicate with you about our promotions, studies, surveys, news, updates and events.
- To improve our Website and ensure that content from our Website is presented in the most effective manner for you and for your computer.
- For compliance purposes, in order to comply with any legal obligation, or in order to enforce or apply Polybius Crowdfunding Terms and Conditions and other agreements; or to protect the rights, property, or safety of the Company, our customers, or others.
- To administer our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes or to administer a contest, promotion, survey or other site feature.
- To allow you to participate in interactive features of our service, when you choose to do so;
- As part of our efforts to keep our Website safe and secure;
- To measure or understand the effectiveness of advertising we may serve to you and to deliver relevant advertising to you.
We do not:
- Sell or trade personal data;
- Make decision based solely on automated processing, including profiling.
COMMERCIAL MESSAGES (THE CAN-SPAM ACT)
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions;
- Process orders and to send information and updates pertaining to orders;
- We may also send you additional information related to your product and/or service;
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CAN SPAM we agree to the following:
- Not use false, or misleading subjects or email addresses;
- Identify the message as an advertisement in some reasonable way;
- Include the physical address of our business or site headquarters;
- Monitor third party email marketing services for compliance, if one is used;
- Honor opt-out/unsubscribe requests quickly.
If at any time you would like to unsubscribe from receiving future emails, you can email us at [email protected] and we will promptly remove you from all correspondence.
DISCLOSURE OF YOUR INFORMATION
We may share your personal information with:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
- Selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- Fraud and crime prevention agencies for the purpose of assessing the risk of crime, fraud and money laundering and this is a condition of us entering into any contract with you.
We will disclose your personal information to third parties:
- As required by law;
- In the event that we sell or buy any business or assets, in which case we will disclose your personal information to the prospective seller or buyer of such business or assets.
- If the Company, or substantially all of its assets are acquired by a third party, in which case personal information held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply Polybius Crowdfunding Terms and Conditions and other agreements; or to protect the rights, property, or safety of the Company, our customers, or others.
- To meet our legal and contractual obligations to you related to the Crowdfunding.
- To avoid crime, money laundering and the risk of fraud.
- To ensure that we have relevant information on persons who has participated in crowdfunding.
- In order to provide relevant information to regulators, government agencies and banks that may request information about Crowdfunding.
We do not knowingly collect or maintain personal data on our Website from persons under 13 years of age, and no part of our Website is directed to persons under 13 years of age. If you are under 13 years of age, then please do not use or access this Website at any time or in any manner.
We will take appropriate steps to delete any personal data of persons less than 13 years of age that has been collected on our Website without verified parental consent upon learning of the existence of such personal data.
TRANSFER YOUR PERSONAL INFORMATION
In carrying out its services, Polybius may transfer your personal data to third countries outside the European Economic Area (EEA), including the United States of America (US).
More specifically, Polybius may transfer your personal data outside the EEA in the following cases:
- KYC/AML checks. Polybius may transfer your personal data in connection with KYC/AML checks, which will be performed by Ambisafe Inc. (https://ambisafe.com/).
- Payment service. Polybius may transfer your personal data to payment service provider CardPay (https://www.cardpay.com/).
- Mailing lists. Polybius may transfer your personal data to transactional email service provider Postmark (https://postmarkapp.com/) and/or to email delivery service provider SendGrid (https://sendgrid.com/).
- Customer messages and chat. Polybius may transfer your personal data to customer messaging platform Intercom (https://www.intercom.com/).
- Key Restoration Service. Polybius may transfer your personal data in connection with key restoration service in case of password loss. Service will be performed by SecondFactor (https://www.secondfactor.io/).
The European Commission has the power to determine, whether a country outside the EU offers an adequate level of data protection, whether by its domestic legislation or of the international commitments it has entered into. The European Commission has recognised United States of America (limited to the EU-US Privacy Shield framework) as providing adequate protection.
The EU-US Privacy Shield framework protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States for commercial purposes. The EU-US Privacy Shield framework arrangement includes:
- strong data protection obligations on companies receiving personal data from the EU;
- safeguards on US government access to data;
- effective protection and redress for individuals;
- an annual joint review by EU and US to monitor the correct application of the arrangement.
In the event that a jurisdiction is not considered to have an equivalent level of privacy protection, Polybius will take specific steps to protect your Personal Data in a manner compatible with EU law. In particular, we may choose to rely on Standard Contractual Clauses, or where the case may be, Binding Corporate Rules.
WHERE WE STORE YOUR PERSONAL INFORMATION
All information you provide to us is stored on our and our partners in the European Economic Area and, in cases described in the previous section, in the United States of America.
LENGTH OF STORAGE OF YOUR INFORMATION
We store the information we collect about you for no longer than is necessary for the purposes for which we originally collected it, unless a longer retention period is required or permitted by applicable law and it is in our legitimate business interests to do so.
FAIR INFORMATION PRACTICES PRINCIPLES
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
- We will notify the users via email within 7 business days;
- We will notify the users via in site notification within 7 business days;
- When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, without undue delay.
We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law.
This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
Polybius implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
- the pseudonymisation and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
We use regular Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.
In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology. We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information. All transactions are processed through a gateway provider and are not stored or processed on our servers.
- Rights to access your personal data. You have the right to obtain from the Polybius confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data.
- Right to rectification. You have the right to obtain from the Polybius the rectification of inaccurate personal data. Taking into account the purposes of the processing, you also shall have the right to have incomplete personal data completed.
- Right to restriction of processing. You have the right to obtain from the Polybius restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by you, for a period enabling the Company to verify the accuracy of the personal data;
- the processing is unlawful and you opposes the erasure of the personal data and requests the restriction of their use instead;
- the Company no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
- you have filed a claim to processing data, pending the verification whether the legitimate grounds of the Company override yours.
- Right to take your data. You can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.
- Right to delete data (“right to be forgotten”). You can ask us to erase all or some of your personal data where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- there is no legal ground for the processing;
- you object to the to the processing of your personal data and there are no overriding legitimate grounds for the processing;
- your personal data have been unlawfully processed;
- personal data have to be erased for compliance with a legal obligation in law to which the Company is subject;
- the personal data have been collected in relation to the offer of information society services.
Notwithstanding the above, your right to erasure shall not apply to the extent that processing is necessary in certain circumstances set out in the GDPR, and especially:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by EU or Member State law to which Polybius is subject or for the performance of a task carried out in the public interest; or
- for the establishment, exercise or defence of legal claims.
- Right to lodge a complaint. You have a right to lodge a complaint with the supervisory authority of the country in which you reside.