En

Ru

es

de

fr

ar

Documents

Read the important documents that govern the use of our services and keep you safe.
Documents

Privacy policy

1. Introduction

1.1 Purpose of this Privacy Policy

The Company is committed to protecting the privacy, confidentiality and security of personal data entrusted to it by clients, prospective clients, employees, contractors, suppliers, business partners and other individuals whose personal data may be processed in the course of the Company's business activities.

The Company recognises that the protection of personal data is fundamental to maintaining trust and confidence in its business relationships. Accordingly, the Company implements and maintains appropriate technical, organisational and administrative measures designed to ensure the lawful, fair and transparent processing of personal data.

This Privacy Policy establishes the framework under which personal data is collected, processed, stored, transferred, disclosed and protected by the Company.

The Company undertakes to comply with all applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), together with any applicable national data protection laws and regulations.

The Company regularly reviews and updates its internal policies, procedures and security measures to ensure continued compliance with evolving legal, regulatory and operational requirements.

This Privacy Policy should be read together with any related agreements, notices, consent forms, website disclosures, cookie notices and other privacy-related documentation issued by the Company from time to time.

1.2 Definition of Personal Data

For the purposes of this Privacy Policy, "Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject").

An identifiable natural person is a person who can be identified, directly or indirectly, by reference to one or more identifiers, including but not limited to:

  • name;
  • surname;
  • date of birth;
  • residential address;
  • email address;
  • telephone number;
  • identification number;
  • passport details;
  • tax identification number;
  • online identifiers;
  • IP addresses;
  • location data;
  • financial information;
  • account information;
  • biometric data;
  • employment information;
  • economic, cultural or social identity factors.

Personal Data may also include information that, when combined with other available information, allows an individual to be identified.

1.3 Special Categories of Personal Data

In certain circumstances, the Company may process special categories of Personal Data where permitted or required by applicable law.

Such data may include:

  • biometric information;
  • health-related information;
  • information required for identity verification;
  • information required for compliance purposes;
  • other categories of data protected under applicable law.

The Company shall apply enhanced safeguards when processing such categories of data.

1.4 Business Information

Information relating solely to legal entities is generally not considered Personal Data.

However, information relating to individual representatives, directors, officers, shareholders, employees, authorised signatories or other identifiable individuals associated with a legal entity may constitute Personal Data and shall be protected in accordance with this Privacy Policy.

Such information may include:

  • names;
  • business email addresses;
  • business telephone numbers;
  • job titles;
  • professional contact details.

1.5 Purpose of Data Collection

The Company collects and processes Personal Data only where necessary for legitimate business purposes, including but not limited to:

  • establishing and maintaining business relationships;
  • providing products and services;
  • performing contractual obligations;
  • customer onboarding;
  • identity verification;
  • anti-money laundering procedures;
  • fraud prevention;
  • compliance with legal obligations;
  • customer support;
  • internal administration;
  • recruitment and employment administration;
  • risk management;
  • information security;
  • dispute resolution;
  • regulatory reporting;
  • business development and service improvement.

The Company shall not collect Personal Data beyond what is reasonably necessary for the relevant purpose.

1.6 Data Protection Principles

The Company processes Personal Data in accordance with the following principles:

Lawfulness, Fairness and Transparency

Personal Data shall be processed lawfully, fairly and transparently in relation to the Data Subject.

Purpose Limitation

Personal Data shall be collected for specified, explicit and legitimate purposes and shall not be further processed in a manner incompatible with those purposes.

Data Minimisation

Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

Accuracy

The Company shall take reasonable steps to ensure that Personal Data is accurate and, where necessary, kept up to date.

Inaccurate Personal Data shall be corrected or deleted without undue delay.

Storage Limitation

Personal Data shall be retained only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law.

Integrity and Confidentiality

Personal Data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage.

Accountability

The Company shall be responsible for, and be able to demonstrate, compliance with the principles set out in this Privacy Policy and applicable data protection laws.

1.7 Company Responsibility

The Company shall take all reasonable steps necessary to ensure compliance with this Privacy Policy and applicable data protection legislation.

Such measures may include:

  • implementation of internal policies;
  • staff training;
  • compliance monitoring;
  • risk assessments;
  • security controls;
  • periodic audits;
  • appointment of responsible personnel;
  • review and improvement of data protection procedures.

All employees, contractors and authorised representatives of the Company who process Personal Data are required to comply with this Privacy Policy and any related internal procedures.

2. Legal Basis for Processing Personal Data

2.1. General Principles

The Company shall process Personal Data only where a valid legal basis exists under applicable data protection legislation.

The Company shall ensure that all processing activities are supported by one or more lawful grounds recognised by the GDPR and other applicable laws.

The legal basis relied upon may vary depending on the nature of the relationship between the Company and the Data Subject, the purpose of processing and the applicable legal requirements.

2.2. Performance of a Contract

The Company may process Personal Data where such processing is necessary for the performance of a contract to which the Data Subject is a party or in order to take steps at the request of the Data Subject prior to entering into a contract.

Such processing may include:

  • account registration;
  • client onboarding;
  • identity verification;
  • provision of services;
  • execution of transactions;
  • customer support;
  • account administration;
  • communication relating to contractual obligations;
  • dispute resolution;
  • payment processing.

Without such processing, the Company may be unable to provide its products or services.

2.3. Compliance with Legal Obligations

The Company may process Personal Data where necessary to comply with legal, regulatory or statutory obligations.

Such obligations may arise from:

  • anti-money laundering legislation;
  • counter-terrorist financing regulations;
  • sanctions compliance requirements;
  • tax legislation;
  • financial services regulations;
  • court orders;
  • governmental requests;
  • regulatory reporting requirements.

The Company may retain and disclose Personal Data where required to comply with such obligations.

2.4. Legitimate Interests

The Company may process Personal Data where such processing is necessary for the legitimate interests pursued by the Company or a third party, provided that such interests are not overridden by the rights and freedoms of the Data Subject.

Legitimate interests may include:

  • fraud prevention;
  • information security;
  • network security;
  • risk management;
  • business administration;
  • customer relationship management;
  • internal reporting;
  • service improvement;
  • legal defence of claims;
  • corporate restructuring;
  • business continuity planning;
  • compliance monitoring.

The Company shall conduct balancing assessments where required by applicable law.

2.5. Consent

Where required by law, the Company shall obtain the consent of the Data Subject before processing Personal Data.

Consent may be obtained electronically, in writing, verbally or through other legally recognised methods.

The Data Subject may withdraw consent at any time.

Withdrawal of consent shall not affect the lawfulness of processing carried out before such withdrawal.

The Company reserves the right to continue processing Personal Data where another lawful basis exists.

2.6. Protection of Vital Interests

The Company may process Personal Data where necessary to protect the vital interests of a Data Subject or another natural person.

Such situations may arise in exceptional circumstances involving health, safety, security or emergency situations.

2.7. Legal Claims

The Company may process Personal Data where necessary for:

  • establishing legal claims;
  • exercising legal rights;
  • defending legal proceedings;
  • conducting investigations;
  • responding to disputes.

Such processing may continue after termination of the business relationship.

3. Processing and Transfer of Personal Data

3.1. Categories of Personal Data Processed

Depending on the nature of the relationship, the Company may process the following categories of Personal Data:

Identification Information

  • full name;
  • date of birth;
  • nationality;
  • passport information;
  • identification document details;
  • tax identification numbers.

Contact Information

  • residential address;
  • correspondence address;
  • email address;
  • telephone number.

Financial Information

  • bank account details;
  • payment information;
  • transaction records;
  • account balances;
  • source of funds information;
  • source of wealth information.

Technical Information

  • IP addresses;
  • browser information;
  • device identifiers;
  • operating system information;
  • usage logs;
  • cookies and similar technologies.

Compliance Information

  • KYC records;
  • AML records;
  • sanctions screening results;
  • risk assessment results;
  • verification records.

Communication Information

  • emails;
  • telephone recordings;
  • support tickets;
  • platform messages;
  • correspondence records.

3.2. Methods of Collection

Personal Data may be collected:

  • directly from the Data Subject;
  • through account registration forms;
  • through contractual documentation;
  • through customer support interactions;
  • through website usage;
  • through cookies;
  • through third-party verification providers;
  • through public databases;
  • through regulatory databases;
  • through business partners.

3.3. Disclosure of Personal Data

The Company may disclose Personal Data where reasonably necessary to:

Service Providers

  • payment processors;
  • hosting providers;
  • cloud service providers;
  • technology vendors;
  • compliance providers;
  • verification providers;
  • communication providers.

Professional Advisers

  • auditors;
  • lawyers;
  • accountants;
  • consultants.

Regulatory and Government Authorities

  • financial regulators;
  • tax authorities;
  • law enforcement agencies;
  • courts;
  • governmental bodies.

Corporate Group Members

The Company may share Personal Data with affiliated companies, subsidiaries, parent entities and related entities where necessary for operational, compliance or administrative purposes.

3.4. International Data Transfers

Personal Data may be transferred to jurisdictions outside the country of residence of the Data Subject.

Where such transfers occur, the Company shall implement safeguards required by applicable data protection laws.

Such safeguards may include:

  • adequacy decisions;
  • standard contractual clauses;
  • approved certification mechanisms;
  • legally recognised transfer mechanisms.

The Data Subject acknowledges that certain service providers may operate internationally.

3.5. Marketing Communications

The Company may use Personal Data to provide information regarding:

  • products;
  • services;
  • promotions;
  • updates;
  • educational materials;
  • events;
  • market information.

Where required by law, such communications shall only be sent with appropriate consent.

The Data Subject may opt out of marketing communications at any time.

The Company may continue to send non-marketing communications relating to contractual, legal or operational matters.

3.6. Cookies and Similar Technologies

The Company may use cookies, tracking technologies and similar mechanisms to improve functionality, security and user experience.

Cookies may include:

Essential Cookies

Required for operation of the website and services.

Functional Cookies

Used to remember preferences and settings.

Analytical Cookies

Used to analyse website traffic, user behaviour and service performance.

Security Cookies

Used to detect suspicious activity, protect accounts and enhance security.

Marketing Cookies

Used to personalise advertising and marketing content where permitted by law.

The Data Subject may manage cookie preferences through browser settings or other available mechanisms.

Certain website functions may not operate correctly if cookies are disabled.

4. Rights of Data Subjects

4.1. General Rights

Subject to applicable law, Data Subjects may exercise certain rights regarding their Personal Data.

The Company shall respond to requests within the timeframes required by applicable law.

The Company may request verification of identity before responding to any request.

4.2. Right of Access

The Data Subject may request confirmation as to whether Personal Data is being processed.

Where Personal Data is processed, the Data Subject may request access to:

  • categories of data;
  • purposes of processing;
  • recipients of data;
  • retention periods;
  • source of data;
  • applicable rights.

4.3. Right to Rectification

The Data Subject may request correction of inaccurate or incomplete Personal Data.

The Company shall take reasonable steps to update inaccurate information.

4.4. Right to Erasure

The Data Subject may request deletion of Personal Data where:

  • the data is no longer required;
  • consent has been withdrawn;
  • processing is unlawful;
  • applicable law requires deletion.

The right to erasure shall not apply where retention is required by law or necessary for legitimate legal purposes.

4.5. Right to Restriction of Processing

The Data Subject may request restriction of processing under circumstances recognised by applicable law.

During a restriction period, processing may be limited to storage and legally permitted activities.

4.6. Right to Data Portability

Where applicable, the Data Subject may request a copy of Personal Data in a structured, commonly used and machine-readable format.

Where technically feasible, data may be transferred directly to another controller at the request of the Data Subject.

4.7. Right to Object

The Data Subject may object to processing based on legitimate interests.

The Company may continue processing where compelling legitimate grounds exist or where processing is necessary for legal claims.

4.8. Rights Related to Automated Decision-Making

Where applicable, the Data Subject may request human review of certain automated decisions affecting the Data Subject.

The Company shall implement appropriate safeguards where automated decision-making is used.

4.9. Right to Lodge a Complaint

The Data Subject may lodge a complaint with the relevant supervisory authority if the Data Subject believes that Personal Data has been processed in violation of applicable data protection laws.

The Company encourages Data Subjects to contact the Company first so that concerns may be reviewed and addressed promptly.

5. Data Protection Measures

5.1. General Security Commitment

The Company is committed to implementing and maintaining appropriate technical, organisational and administrative measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access or any other form of unlawful processing.

The Company recognises that information security is a continuous process and regularly reviews its security controls, policies and procedures.

The level of protection implemented by the Company shall take into account:

  • the nature of the Personal Data;
  • the scope of processing;
  • the context of processing;
  • the purposes of processing;
  • technological developments;
  • identified risks;
  • industry standards.

5.2. Technical Security Measures

The Company may implement technical safeguards including:

  • encryption technologies;
  • secure communication protocols;
  • access control systems;
  • network security controls;
  • intrusion detection systems;
  • anti-malware protection;
  • endpoint protection systems;
  • system monitoring;
  • activity logging;
  • data backup procedures;
  • disaster recovery mechanisms.

The Company regularly evaluates and updates such measures where appropriate.

5.3. Organisational Security Measures

The Company may implement organisational measures including:

  • internal policies and procedures;
  • employee confidentiality obligations;
  • access management controls;
  • staff training programmes;
  • internal compliance monitoring;
  • periodic security reviews;
  • vendor due diligence procedures;
  • incident response procedures.

Access to Personal Data shall be limited to personnel who require such access for legitimate business purposes.

5.4. Access Control

The Company shall take reasonable measures to ensure that access to Personal Data is granted only to authorised individuals.

Access rights may be assigned according to:

  • job responsibilities;
  • operational requirements;
  • compliance requirements;
  • security requirements.

Access rights may be modified, restricted or revoked whenever necessary.

5.5. Security Testing and Monitoring

The Company may perform periodic reviews of its information security framework.

Such reviews may include:

  • security assessments;
  • vulnerability assessments;
  • penetration testing;
  • access reviews;
  • infrastructure monitoring;
  • audit activities.

The frequency and scope of such activities shall be determined by the Company.

5.6. Data Breach Management

The Company maintains procedures for identifying, investigating and responding to security incidents involving Personal Data.

Where required by applicable law, the Company shall notify relevant supervisory authorities and affected Data Subjects within applicable legal timeframes.

The Company shall determine the appropriate response measures based on:

  • the nature of the incident;
  • the categories of data affected;
  • the potential impact on Data Subjects;
  • applicable legal requirements.

5.7. Responsibility of Data Subjects

Data Subjects are encouraged to take reasonable steps to protect their own information, including:

  • maintaining password security;
  • protecting access credentials;
  • avoiding disclosure of sensitive information to unauthorised persons;
  • reporting suspected security incidents.

The Company shall not be responsible for security failures resulting from actions or omissions outside its reasonable control.

6. Processing Records and Accountability

6.1. Processing Records

The Company may maintain records relating to Personal Data processing activities in accordance with applicable legal requirements.

Such records may include:

  • categories of Personal Data processed;
  • purposes of processing;
  • categories of recipients;
  • data retention periods;
  • security measures;
  • international transfers;
  • lawful bases for processing.

6.2. Accountability Principle

The Company shall be responsible for demonstrating compliance with applicable data protection legislation.

To support accountability obligations, the Company may maintain:

  • internal policies;
  • training records;
  • compliance reviews;
  • audit reports;
  • security documentation;
  • risk assessments;
  • processing records.

6.3. Internal Reviews

The Company may periodically review processing activities to ensure compliance with:

  • applicable laws;
  • internal policies;
  • contractual obligations;
  • regulatory requirements.

The scope and frequency of reviews shall be determined by the Company.

6.4. Third-Party Due Diligence

Where third parties process Personal Data on behalf of the Company, the Company may perform reasonable due diligence procedures before engaging such providers.

Such procedures may include evaluation of:

  • security controls;
  • compliance capabilities;
  • operational capabilities;
  • contractual safeguards.

The Company may periodically reassess third-party providers where appropriate.

6.5. Employee Responsibilities

Employees, contractors and authorised representatives who process Personal Data shall be required to comply with:

  • this Privacy Policy;
  • applicable laws;
  • internal procedures;
  • confidentiality obligations.

Failure to comply may result in disciplinary action or other measures permitted by law.

7. Data Retention and Storage

7.1. General Retention Principles

The Company shall retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law.

Retention periods may vary depending upon:

  • the category of data;
  • the purpose of processing;
  • regulatory requirements;
  • legal obligations;
  • business requirements.

7.2. Retention of Client Information

The Company may retain information relating to:

  • account registration;
  • identity verification;
  • transaction history;
  • communications;
  • complaints;
  • compliance reviews;
  • contractual relationships.

Such information may be retained following termination of the business relationship where necessary.

7.3. AML and Regulatory Retention Requirements

Where required by applicable laws and regulations, the Company may retain:

  • KYC documentation;
  • AML documentation;
  • transaction records;
  • sanctions screening results;
  • source of funds records;
  • source of wealth records;
  • compliance investigation records.

Such retention may continue for periods prescribed by applicable legislation.

7.4. Litigation and Dispute Retention

The Company may retain Personal Data where necessary for:

  • legal proceedings;
  • regulatory proceedings;
  • dispute resolution;
  • investigations;
  • enforcement of legal rights.

Such retention may continue until the relevant matter has been fully resolved.

7.5. Secure Deletion

Where Personal Data is no longer required and no legal basis for continued retention exists, the Company shall take reasonable steps to securely delete, anonymise or otherwise dispose of such information.

The method of deletion shall depend on:

  • the nature of the data;
  • storage systems used;
  • legal requirements;
  • technical feasibility.

8. Risk Assessment and Data Protection Governance

8.1. Risk-Based Approach

The Company applies a risk-based approach to the protection of Personal Data.

The Company shall identify, assess and manage risks associated with Personal Data processing activities.

Risk assessments may consider:

  • likelihood of harm;
  • severity of impact;
  • categories of Personal Data;
  • volume of data processed;
  • technological factors;
  • operational factors.

8.2. Data Protection Impact Assessments

Where required by applicable law, the Company may conduct Data Protection Impact Assessments ("DPIAs") before undertaking processing activities likely to result in elevated risks to Data Subjects.

DPIAs may evaluate:

  • necessity of processing;
  • proportionality of processing;
  • risks to individuals;
  • mitigation measures.

8.3. Compliance Governance

The Company may establish governance structures designed to support compliance with data protection obligations.

Such structures may include:

  • designated compliance personnel;
  • privacy management functions;
  • internal review procedures;
  • escalation procedures;
  • reporting mechanisms.

8.4. Incident Management

The Company may maintain procedures for identifying and responding to:

  • security incidents;
  • privacy incidents;
  • operational incidents;
  • compliance incidents.

Such procedures may include investigation, mitigation, documentation and corrective action measures.

8.5. Continuous Improvement

The Company recognises that privacy and information security risks evolve over time.

Accordingly, the Company may periodically review and improve:

  • security controls;
  • privacy procedures;
  • governance frameworks;
  • training programmes;
  • monitoring systems.

The Company reserves the right to modify its privacy controls where necessary to address changing risks, technologies, legal requirements and business needs.

9. Profiling and Automated Decision-Making

9.1. General Principles of Profiling

The Company may use profiling techniques and automated processing methods where permitted by applicable law and where necessary for legitimate business, compliance, operational, security or regulatory purposes.

For the purposes of this Privacy Policy, profiling means any form of automated processing of Personal Data used to evaluate, analyse or predict certain aspects relating to an individual.

Such analysis may relate to:

  • customer behaviour;
  • account activity;
  • transaction patterns;
  • service preferences;
  • risk indicators;
  • fraud indicators;
  • compliance indicators;
  • security indicators.

The Company shall implement appropriate safeguards when profiling activities are conducted.

9.2. Purposes of Profiling

Profiling may be used for purposes including:

Risk Assessment

To evaluate financial, operational, compliance or security risks associated with a business relationship.

Fraud Prevention

To identify potentially suspicious, fraudulent or unauthorised activity.

Anti-Money Laundering Controls

To assist in detecting unusual transaction patterns, sanctions risks, suspicious behaviour and financial crime indicators.

Customer Relationship Management

To better understand customer needs, preferences and service requirements.

Service Improvement

To improve products, services, website functionality and customer experience.

Marketing Activities

To provide relevant information regarding products, services and educational materials where permitted by law.

9.3. Automated Monitoring Systems

The Company may utilise automated systems designed to:

  • detect unusual account activity;
  • identify security threats;
  • identify potential fraud;
  • identify compliance risks;
  • monitor transaction behaviour;
  • assess operational risks.

Such systems may operate continuously and may generate alerts requiring further review.

9.4. Human Review

Where appropriate, automated assessments may be supplemented by human review.

The Company may review automated decisions where:

  • required by law;
  • necessary for compliance purposes;
  • necessary to resolve disputes;
  • appropriate under the circumstances.

The Company shall maintain procedures designed to ensure reasonable oversight of automated processes.

9.5. Automated Decision-Making Rights

Where applicable laws grant rights relating to automated decision-making, Data Subjects may exercise such rights in accordance with applicable legislation.

The Company may request additional information necessary to evaluate and respond to such requests.

9.6. Fraud and Compliance Screening

The Company reserves the right to utilise automated systems for:

  • sanctions screening;
  • AML screening;
  • transaction monitoring;
  • identity verification;
  • fraud detection;
  • security monitoring.

The Company may combine information obtained from multiple sources for such purposes.

10. International Requirements and Cross-Border Compliance

10.1. Compliance with International Data Protection Standards

The Company is committed to complying with applicable international data protection requirements relevant to its operations.

The Company shall process Personal Data in accordance with:

  • the General Data Protection Regulation (GDPR);
  • applicable national privacy laws;
  • financial sector compliance requirements;
  • information security obligations;
  • other applicable legal requirements.

Where multiple legal frameworks apply, the Company shall take reasonable measures to ensure compliance with the highest applicable standard where required by law.

10.2. International Operations

The Company may conduct business activities across multiple jurisdictions.

As a result, Personal Data may be processed by:

  • affiliated entities;
  • service providers;
  • compliance providers;
  • technology providers;
  • operational support providers;

located in different jurisdictions.

The Company shall implement reasonable safeguards designed to protect Personal Data regardless of processing location.

10.3. Cross-Border Data Transfers

Where Personal Data is transferred outside the jurisdiction of collection, the Company shall take reasonable measures to ensure that such transfers comply with applicable data protection requirements.

Such measures may include:

  • standard contractual clauses;
  • adequacy decisions;
  • contractual safeguards;
  • organisational safeguards;
  • technical safeguards.

The Company reserves the right to utilise any lawful transfer mechanism recognised under applicable legislation.

10.4. Regulatory Cooperation

The Company may cooperate with:

  • supervisory authorities;
  • financial regulators;
  • data protection authorities;
  • governmental agencies;
  • law enforcement agencies;
  • courts and tribunals.

Such cooperation may require the disclosure, transfer or review of Personal Data where permitted or required by law.

10.5. Conflicts of Law

Where different legal requirements apply simultaneously, the Company shall take reasonable steps to comply with applicable legal obligations.

Where compliance with one legal requirement may conflict with another, the Company shall determine an appropriate course of action based on legal advice, regulatory guidance and applicable law.

10.6. Updates to Regulatory Requirements

The Company reserves the right to modify this Privacy Policy to reflect:

  • legislative changes;
  • regulatory developments;
  • judicial decisions;
  • industry standards;
  • technological developments;
  • operational requirements.

Any updated version shall become effective in accordance with the publication procedures established by the Company.

11. Contact Information and Data Subject Requests

11.1. Contacting the Company

Questions, requests, complaints or concerns relating to this Privacy Policy or the processing of Personal Data may be directed to the Company using the contact information provided below.

Data Subjects are encouraged to contact the Company before submitting complaints to supervisory authorities so that concerns may be reviewed and addressed efficiently.

11.2. Data Protection Contact

Requests relating to privacy, data protection and Personal Data processing may be submitted to:

Email: [email protected]

The Company may update contact information from time to time.

The latest contact information shall be published through the Company's official communication channels.

11.3. Submission of Requests

Requests may relate to:

  • access to Personal Data;
  • correction of Personal Data;
  • deletion of Personal Data;
  • restriction of processing;
  • portability of Personal Data;
  • withdrawal of consent;
  • objections to processing;
  • privacy concerns;
  • complaints.

The Company may request identity verification before processing any request.

11.4. Verification of Identity

To protect Personal Data and prevent unauthorised disclosure, the Company may require Data Subjects to provide information necessary to verify identity before responding to any request.

The Company reserves the right to refuse requests where identity cannot be adequately verified.

11.5. Response Timeframes

The Company shall make reasonable efforts to respond to requests within the timeframes required by applicable law.

Where permitted by law, response periods may be extended where:

  • requests are complex;
  • requests are repetitive;
  • additional information is required;
  • exceptional circumstances apply.

The Company shall inform the Data Subject where an extension is required.

11.6. Complaints

If a Data Subject believes that Personal Data has been processed in violation of applicable law, the Data Subject may submit a complaint to the Company.

The Company shall review complaints in accordance with its internal procedures.

The submission of a complaint shall not affect the Data Subject's right to contact a competent supervisory authority.

11.7. Changes to this Privacy Policy

The Company reserves the right to amend, modify or replace this Privacy Policy at any time.

Updated versions may be published through:

  • the Company's website;
  • the Personal Area;
  • electronic communications;
  • other communication channels used by the Company.

The Data Subject is responsible for reviewing the latest version of this Privacy Policy.

Continued use of the Company's services following publication of an updated Privacy Policy shall constitute acknowledgement of the revised version to the extent permitted by applicable law.

11.8. Effective Date

This Privacy Policy shall become effective upon publication by the Company and shall remain in force until amended, replaced or withdrawn.

This Privacy Policy supersedes all previous versions relating to the processing of Personal Data by the Company.