Privacy Policy
This Privacy Policy governs privacy of the clients, visitors, representatives, beneficial owners of clients – legal entities (“you”, “your”, “user”) of https://www.tetobank.com/ (“Website”), Android and IOS mobile apps (“Apps”), served and operated by us, Teto Finance Inc., a company duly incorporated in Canada, British Columbia, Incorporation number: BC1406818, registered office: 5811 Cooney Road, Suite 305, South Tower, Richmond BC V6X 3M1, Canada (“we”, “us”, “our”, “Company”) and describes what Personal Data is collected and how it is used, processed, stored and managed by us, under the applicable legislation, while you visit or use our Website, use Apps and our Services.
This Privacy Policy also serves as a privacy notice, informing you about why and how we collect and manage your Personal Data.
If you use our Services, you acknowledge that you have read and understood all of the terms and guidelines. By using our Services, you expressly agree to this Privacy Policy and expressly consent to and agree to the processing of your Personal Data as set forth herein. Consent provided by you under this Privacy Policy is treated taken as given in a written form.
This Privacy Policy is governed, construed, interpreted, and enforced in accordance with the laws of Canada and the European Union. If any term of this Privacy Policy is found to be inapplicable or unenforceable under the law, it will have no effect on the application or enforceability of the remaining elements of this Privacy Policy. If you do not agree with this Privacy Policy, you should immediately stop using our Website, App, and Services.
We reserve the right to change, vary, and revise this Privacy Policy whenever lawfully required or in light of marketing, commercial, technological, or other upgrades, or as we deem necessary. Unless clearly specified differently, such revised or updated versions will take effect as of the publishing date. By using our Website, Apps and/or Services, you agree to and accept the terms of this Privacy Policy, including its modifications. If you do not agree with any revision, alteration, or update, you must discontinue using our Website, Apps, Services.
1. GENERAL PROVISIONS
The Company is responsible for Personal Information in its possession or custody, including information that has been transferred to a third party for processing.
The Company hereby confirms that it in compliance with the PIPEDA, GDPR.
We only use Personal Data for the purposes outlined in our Privacy Policy. We only transfer your Personal Data to other parties if it is necessary, as described below.
The Company implements the Principles Set Out in the National Standard of Canada Entitled Model Code for the Protection of Personal Information (CAN/CSA-Q830- 96). Data Protection Officer indicated below is accountable for the Company’s compliance with these principles.
The collection of Personal Information is limited to that which is necessary for the purposes identified by us. Both the amount and the type of information collected is limited to that which is necessary to fulfil the purposes identified.
The Company uses contractual means to provide a comparable level of protection while the information is being processed by a third party.
The Website, Apps or application programming interface necessary to access Services may contain links to third-party websites, plug-ins, and apps. Clicking on those links or activating those connections may allow third parties to collect and share data about you. We have no control over these third-party sites and are not responsible for their privacy statements and policies.
2. PERSONAL DATA THAT COULD BE COLLECTED BY US
Depending on whether and how a client uses our Services, Website, Apps, we will collect, use, store, and transfer various types of your Personal Data, which are divided into the following categories.
Category of Personal Data
Types of data
Identity Data
Your e-mail address, first name, maiden name, last name, username or other identifier, date of birth, gender, residential address, postal address, citizenship, contact phone number, crypto-asset wallet address, crypto exchange, source of funds, and wealth.
Identity documents (national identity cards, passport, driving license or other forms of identification documents), proof of address documentation, occupation, employment industry, financial standing.
Confirmation that you are a director, board member, employee, representative, or an owner or an ultimate beneficial owner etc. of a company being our client, information on the ownership and control structure of a client – legal entity.
Please note that we may also ask you to prove ownership or control of a particular blockchain address, account. We are required to ask for this information to comply with AntiMoney Laundering (“AML”), Counter-Terrorism Financing (“CTF”) requirements, and to ensure we safeguard against and report any suspicious activity.
Biometrics
Photo, video, audio of Personal Data subject, other biometric identifiers and/or biometric information of Personal Data subject.
Social identity data and Preference Data
Data on referrals to you, close connections, preferences, interests, favorites, risk assessment, compliance evaluation, work address, and groups.
Your marketing and communication preferences, survey replies, and connections with others whose Personal Data we may collect or store.
Verification Data
Personal Data which we collect for the purpose of conducting client due diligence under applicable AML/CTF laws, photo, direct video transmission recording.
Background Data
We collect as well Personal Data available in open source.
Transactions data
Personal Data regarding your fiat transactions, crypto-assets exchange, transfer transactions, transactions activity logs, billing, crypto-assets and settlement details obtained by us when you use our Services; orders, instructions, transfers detail, history; other details of any transactions you enter into using the Website, Apps and/or Services.
Technical Data
Domain and host from which you access the Internet, operator and carrier data, your computers or other usable devices IP address, device type, category and model, web browser type and the operating system software, unique IDs of your devices, time zone setting, location data, language data, operating system and platform, diagnostics data such as crash logs and any other data we collect for the purposes of measuring technical diagnostics, and other data.
Profile Data
Your username and password, login data, your identification number as our client, requests by you for Services, communication between us and you, a client.
Marketing and Communication data
Your preferences in receiving marketing from us or third parties, communication between us and you, your survey responses, voice record of communication between you and us.
This data is not exhaustive and is intended to provide you with an idea of how to use fundamentally obtained data. We shall keep a record of the data collected and the purposes for which it is processed.
It may be impracticable to deal with you on an anonymous basis or using a pseudonym.
Please be noted, that if you directly disclose your Personal Data, or sensitive Personal Data (such as, among others, racial or ethnic origin, political opinions, religious beliefs, physical or mental health, membership in any organizations, etc.), through public features, this information may be collected and used by other persons.
Furthermore, we consider certain categories of Personal Data to be sensitive, and such sensitive data requires additional safeguards. We will only collect, use, store, and transfer your sensitive data if we can meet both, the legal basis requirement and at least one of the required extra conditions.
The additional conditions are as follows:
circumstances specified by regulatory rules: Personal Data are processed in such circumstances prescribed by regulations;
consent: you have given consent to the processing of your sensitive data; information made public by you: the sensitive data has become public as a result of your actions;
legal proceedings: the processing is necessary for the purpose of, or in connection with, any legal proceedings, for obtaining legal advice, or is otherwise necessary for establishing, exercising, or defending legal rights;
public functions: the processing is necessary for the exercise of any functions conferred on any person by or under an enactment.
3. PERSONAL DATA PROCESSING PURPOSES
For the purposes of the applicable law, we as Data Controller of your Personal Data must securely retain any data submitted by you to us and/or received by us otherwise.
We may use your Personal Data, for the following purposes (which are considered to be informed to you before or when you (or client – legal entity where you are a representative, or beneficial owner) start using Services, Website or Apps):
Purpose
Details
Contractual Purpose
to register you at our Website, Apps, to enter into, perform contract and deliver Services properly (which may include disclosure to relevant third parties as defined by us); to process and deliver Services and any Website, Apps features to you, including to execute, manage and process any instructions or orders you make; to manage, process, collect and transfer payments, transfers, fees and charges, and to collect and recover payments owed to us;
Analytical Purpose
to collect general and particular statistics of the Website, Apps use, activities of clients, for sending communications, notices, updates, surveys; for client service support and ancillary purposes; to collect statistics regarding use of our Website, Apps concerning visits and activities of clients, potential clients on our Website, Apps, including analytics services such as Google Analytics, etc. (this analysis helps us run our Website, Apps more efficiently and improve and personalize client’s online experience), to keep our records updated and to study how clients use our Services;
Marketing and Advertising Purpose
to send you welcome email following registration procedures; to send you occasionally our Services updates; to contact you for surveys purposes (you do not have to respond to such surveys); for other marketing purposes; to advertise our Services to you and understand the effectiveness of the advertising we serve to you. We could use your Personal Data and decide which Services and offers may be relevant for you. You will receive marketing communications from us if you have requested information from us and consented to receive marketing communications, or if you have purchased from us and you have not opted out of receiving such communications.
Compliance Purpose
to maintain accuracy of our records; to verify your Personal Data for the purpose of managing our client relationships and observing the Know Your Client (“KYC”) rules; to comply with legal and regulatory obligations with respect to AML/CTF, prevention of criminal activity and lawfully protect our legal interests, make relevant risk assessments and management; to use the services of financial institutions, crime and fraud prevention companies, risk measuring companies; background checks, detect, investigate, report and prevent financial crime in broad sense, obey laws and regulations which apply to us and resolving them;
Communicati on Purpose
to contact a client for administrative purposes such as client support service, address technical or legal issues related to the Services provided, or share updates and notifications about the Services
Note that we may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your data. If you need details about specific grounds for Personal Data processing by us, please contact us.
We will only use your Personal Data for the purposes for which it was collected, unless we reasonably believe that we need to use it for another reason, which is compatible with the original purpose. If you need an explanation of how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your Personal Data for an unconnected reason, we will tell you and explain the legal basis for doing so.
We may also need to process your Personal Data in connection with or during the negotiation of any merger, financing, acquisition, business transfer, assignment, bankruptcy, dissolution, transaction, or procedure involving all or a portion of our shares, company, or assets. This will be based on our legitimate interests in carrying out the transaction or meeting our legal responsibilities.
4. SOURCE OF OBTAINING YOUR PERSONAL DATA
From the client when the client provides Personal Data for identification, verification and KYC purposes;
From you when you visit our Website/App, and/or use Services;
From you when you enter into a contract with us;
From you when you submit any requests, complaints, e-mails to us;
From financial institutions, other entities;
From registers; From our partners, such as identification/verification vendors;
From other sources
We use different methods to collect information from and about you, including through:
Direct collection
A client may provide us with Personal Data by directly communicating with us, such as by filling out forms, uploading a visual image of yourself to the service, sending an email, or otherwise. This includes Personal Data a client supplies when applies for Services, visits our Website, use sour Apps, Services, provides feedback or contacts us, responds to advertisements sent to a client, or participates in a poll, including through social media channels. We also collect Personal Data when we provide assistance or support to clients or potential clients regarding our Services.
Automated technologies
When you connect with us through our Website, Apps, we will automatically collect your Personal Data. We collect this Personal Data using cookies, server logs, and other methods. Though such information is not submitted by a client, it relates to you and is considered Personal Data under the PIPEDA, GDPR. It has two subtypes: 1) Static (once created, this information usually remains constant. For example, an internal user id. 2) Dynamic (this subtype fluctuates depending on the activities you conduct).
Publicly available sources or indirectly collected Personal Data
We also obtain information about you from third parties or publicly available sources, or when a client does not provide it directly (e.g., an IP address).
5. LEGAL BASIS FOR PERSONAL DATA PROCESSING
Processing is necessary for the entry into or performance of a contract between the client and us, for performance of the contract to which our client is a party. We are is processing Personal Data for contractual and communication purposes, for entering into or for performing a contract entered into between us and the client;
Processing is necessary for compliance with a legal obligation to which we are subject, for compliance with a legal obligation to which we are subject, including, but not limited to, AML and CFT requirements;
Processing is necessary for the purposes of the legitimate interests pursued by us. We are processing Personal Data for purposes set forth above under legitimate interest. As part of this, we must maintain and develop our Website, Apps, technical systems and ITinfrastructure, technical and organizational solutions that may also use your Personal Data, in order to provide you with adequate Services. We also process your Personal Data for protection of your or another person vital interests;
A consent to the processing of Personal Data. We are processing Personal Data for marketing purpose under a client’s consent, meaning freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of Personal Data relating to you;
another basis prescribed by the law.
6. SECURITY MEASURE
Data security is extremely important to us, and we organize and implement all necessary and relevant procedures and technology to safeguard and secure your Personal Data collected by us. Security measures are implemented to protect Personal Data from involuntary or unauthorized processing, disclosure, or destruction.
Personal Information is protected by us by security safeguards appropriate to the sensitivity of the information.
Our security safeguards protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. The Company protects Personal Information regardless of the format in which it is held.
Depending on the nature of the risks presented by the proposed processing of your Personal Data, we will have in place the following appropriate security measures:
organizational measures (including but not limited to personnel training, policy development, security clearances and limiting access on a “need-toknow” basis);
technical measures (including but not limited to physical protection of data, physical measures, encryption, passwords); and
securing ongoing availability, integrity, and accessibility (including but not limited to ensuring appropriate back-ups of Personal Data are held).
Unless we are required or permitted by law to do so, and subject to our relevant third-party business relationships (our partners, service providers, contractors, agents, financial institutions, social media etc.), we will not disclose your Personal Data to any irrelevant third parties for security purposes.
We also restrict access to Personal Data to just those personnel, contractors, advisors, and auditors who need it to perform their job or service tasks. Personal Data is only accessible to our personnel and contractors that require it for their work. We conduct periodic evaluations to verify that appropriate information processing rules and procedures are understood and followed. All of our physical, electronic, and procedural precautions are intended to follow applicable laws and regulations.
To utilize all of the features and functions of our Website, Apps, you may be asked to submit certain Personal Data, including your password(s). You are responsible for keeping your password(s) confidential and secure.
While we strive to protect your Personal Data, please keep in mind that the transfer of any information over the Internet is not completely secure and is done at your own risk and discretion. We cannot, therefore, guarantee the security of your Personal Data transmission to our Website, Apps when it is outside our reasonable control.
While there is an inherent risk in sharing data over the Internet, we have implemented suitable security measures to protect your Personal Data from being mistakenly lost, used, damaged, or accessed in an unauthorized or unlawful manner, altered, or disclosed.
7. PERSONAL DATA SUBJECT RIGHTS
We need to make you aware of your rights. The rights you have depend on the reason we are processing your Personal Data
Right to Access – right to ask us to provide a copy of Personal Data which we process, access to your Personal Data, which enables you to obtain confirmation of whether we are processing your Personal Data. You have the right to request the following additional information concerning your Personal Data:
the purposes of the processing;
the categories of Personal Data concerned;
the recipient(s) or category(ies) of recipient to whom/which Personal Data have been or will be disclosed;
the criteria determining the period for which Personal Data will be stored etc.
Right to Rectification – you have the right to ask us to rectify Personal Data in case the data is incorrect or incomplete. The Company takes care that the Personal Information that is used on an ongoing basis, including information that is disclosed to third parties, generally be accurate and up-to-date, unless.
Right to Erasure (sometimes called Right-to-be-forgotten) – you have the right to ask us to erase Personal Data, unless we are is obliged to continue processing your Personal Data under law or under a contract between the user and us, or in case we have has other lawful grounds for the continued processing of Personal Data.
You may amend or remove any portion of your Personal Data at any time by using the Website interface, Apps, or contacting or emailing us at [email protected] . Such amendment or removal of certain Personal Data may lead to limiting or cessation of your access to Services.
Your Personal Data will not be erased immediately; it will be stored at our facility to comply with statutory obligations, including PIPEDA, GDPR regulations, AML and CFT requirements. As required by the AML and CFT requirements, we must store any collected information within a fixed term from relationship termination. This period may be further extended in certain cases if so provided by and in accordance with the applicable legislation. Biometrics is processed and stored so long as the other Personal Data as set forth in this Privacy Policy. Your Personal Data will be removed from our records after this period has passed
Right to Restriction – you have the right to ask us to restrict the processing of the Personal Data in case the data is incorrect or incomplete or in case Personal Data is processed unlawfully.
Upon amendment or removal of your Personal Data, it is archived and safekept separately from processed Personal Data. Such restricted Personal Data is processed purely for storing purposes and cannot be accessed automatically or by unauthorized personnel. Restricted data may only be used or restored only in select ways prescribed by law or legal proceeding. Upon expiry of storage term, restricted Personal Data is deleted.
Your Personal Data is stored for as long as their storage is required for appropriate purposes for the processing of Personal Data, as well as in accordance with the applicable laws (including but not limited to AML/CFT laws). Personal Data may be stored in an electronic form and/or in paper format, provided always that your Personal Data will be stored securely and protected against unauthorized or unlawful processing and against loss or destruction, using appropriate technical and organizational measures. When assessing the length of the storage of Personal Data, we take into account existing regulatory requirements, aspects of contractual performance, your instructions, and our legitimate interests.
If your Personal Data is no longer needed for the purposes specified, we will delete them or destroy.
Information Availability – you have the right to receive Personal Data concerning you provided to us, in a structured, commonly used and machinereadable format. We are obliged and have provided all the information which you have right to receive.
Right to Data Portability – you have the right to ask us to provide you or, in case it is technically feasible, a third party, your Personal Data, which you have provided to us and which is processed in accordance with your consent or a contract between you and us. Note that this right only applies to the automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Right to Object – you have the right to object to processing your Personal Data in case there is a reason to believe that we have no lawful grounds for processing the Personal Data and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your Personal Data which override your rights and freedoms.
Right to Withdraw Consent for Data Processing – you have the right to withdraw the consent granted for the processing of Personal Data at any time. Withdrawal does not affect the lawfulness of the processing conducted before the withdrawal. If you withdraw your consent, we may not be able to provide certain Services to you, but we will advise you if this is the case at the time you withdraw your consent.
Right to File a Complaint – you have the right to file complaints regarding your Personal Data. In addition, you have a right to lodge a complaint with the respective supervisory body.
8. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
We may transfer your Personal Data to the following third parties:
Regulatory authorities to whom we are obligated to disclose your Personal Data under the law, AML and CFT requirements; agencies that deal with law enforcement; entities in cases of fraud or collusion prevention, identity verification, payment processing, credit reference; banks/financial institutions; courts;
Our related entities, personnel, officers, agents, contractors, designated representatives, other companies that provide services to us, other third parties to satisfy the purposes for which the information was collected or for another purpose, if that other purpose is closely related to the primary purpose of collection and a natural person would reasonably expect us to disclose the information for that secondary purpose;
Third parties who help us analyze the information we collect so that we can administer, support, improve or develop our business and Services we provide; Identification and verification service providers engaged by us for your verification, performance of AML and CFT requirements, as well as other software service providers who assist us to provide Services;
Our professional advisers such as consultants, bankers, professional indemnity insurers, brokers and auditors so that we can meet our regulatory obligations, and administer, support, improve or develop our business; Server hosts, which store our data, communication service providers, which help us stay in touch with you; Third parties, including those in the blockchain and fintech industry, marketing and advertising sectors, to use your information in order to let you know about services which may be of interest to you in accordance with PIPEDA, GDPR;
Banking, financial service providers; Debt recovery agencies who assist us with the recovery of debts owed to us; To facilitate the sale of all or a substantial part of our assets or business or to companies with which we propose to merge or who propose to acquire us and their advisers;
and Other third parties which services, facilities we use, in order to provide our Services and deal with certain processes necessary for the operation of the Website, Apps, perform internal procedures and law requirements.
We have taken steps to guarantee that third parties which process your Personal Data have appropriate technological and organizational safeguards in place to secure this Personal Data, and we will also ensure that they are PIPEDA, GDPR compliant. We have taken precautions to guarantee that third parties contracted by us preserve the confidentiality and security of Personal Data, and that Personal Data is handled exclusively for the purposes set forth in this Privacy Policy.
Personal Data shall not be processed (or cause to be processed) in a country that has not been designated by Canada and the European Commission as providing an adequate level of data protection unless it has put in place such measures as are necessary to ensure such transfer is in compliance with personal data protection laws, except where otherwise required by applicable law. However, when collected Personal Data is transferred outside of Canada, the EEA, we must guarantee that the appropriate safeguards, such as standard contractual clauses and data processing agreements, are in place.
On our Website, Apps, we include or may include references or links to third-party websites. External links can be clickable text, banners, or picture connections to other websites, with no restrictions. We have no control over outbound websites and are not responsible for their content, terms of service, or policies. This Privacy Policy applies only to this Website, Apps and does not cover your use of other websites, including those of our partners and service providers, social media, and so on. We recommend that you review the privacy policies of other websites before using them.
9. PERSONAL DATA USE IN COMMUNICATION AND MARKETING
We may contact you via phone, email, SMS, or push notification to advise you about current and new Services that may be of interest to you.
We shall guarantee that any email we send as marketing conforms with the PIPEDA, GDPR and includes an ‘unsubscribe’ button so that you may opt out of any future marketing communications. You can deny marketing messages delivered via push notifications by declining the applicable permission in your phone or tablet settings, but this will prevent you from receiving further messages from us via push notification. You may also opt out of receiving marketing communications from us by using the contact information provided below.
You can also contact us and request that your information be removed from our marketing list. We will make every effort to remove your information from our marketing list within a reasonable time frame.
Our marketing list may be managed by software and servers located overseas, and your Personal Data may be transported overseas as part of our marketing efforts.
We will also send communications that are required or necessary to send to users of our Website, Apps, that contain information about important changes or developments to or the operation of the Website, Apps, or as well as other communications you request from us. You may not opt out of receiving these communications but you may be able to adjust the media and format through which you receive these notices.
10.HOW LONG DO WE STORE PERSONAL DATA
We store Personal Data within the term of its processing by us, third parties engaged by us for Services providing, and additionally 5 years (unless a longer term is prescribed by the law) after termination of a business relationship with the client, other cases set forth in the law, unless longer term is required by the applicable law.
11.COMPLAINTS AND REQUESTS
If you have any queries in relation to this Privacy Policy, you wish to access or correct the Personal Data we hold about you, or make a complaint, please contact us at:
Email: [email protected] (our Data Protection Officer).
We aim to resolve all complaints as soon as possible. Where we cannot resolve a complaint within that period, we will notify you of the reason for the delay as well as advising the time by which we expect to resolve the complaint.
In order to disclose information to you in response to a request for access we may require you to provide us with certain information to verify your identity. PIPEDA, GDPR may prescribe exceptions which may affect your right to access your Personal Data.
If you believe that there has been a breach of PIPEDA, GDPR, we invite you to contact us as soon as possible.
If we become aware of a security breach, we may seek to notify you electronically so that you can take appropriate preventive measures. If a security breach occurs, we may make a notice on the Website, Apps.
When Personal Data breach is anticipated to result in a high risk to clients, your rights and freedoms, we will inform you.
If you are not satisfied with our handling of a complaint or the outcome of a complaint you have the right to lodge a complaint with an appropriate authority:
Contact Details:
https://www.priv.gc.ca/en/contact-the-opc/
Should we lawfully receive your Personal Data from a third party, you will have the same rights regarding information in question as related to information you provided to us directly or we have collected during cooperation with you
12.COOKIES
Our Website uses Cookies (“Cookies”), small text files saved to your computer or device in order to customize and improve your experience while visiting and using our Website, according to our Cookies Policy. Our Website uses a Cookies choice reservation allowing you to accept/enable or refuse/disable the use and saving of our Cookies on your computer or another usable device.
You can read more about Cookies by visiting our Cookies Policy.
13.CHANGES TO PRIVACY POLICY
Our Privacy Policy is reviewed and updated on a regular basis to ensure that any new obligations and technologies, as well as any changes to our business operations and practices, are taken into account, as well as that it remains abreast of the changing regulatory environment. Any Personal Data we store will be subject to our most recent Privacy Policy.
If we decide to update our Privacy Policy, we will post those changes here and other places we deem necessary.
14.DEFINITIONS
The following terms has the meaning as defined below:
Data Controller of your Personal Data means a legal entity that determines the purposes, conditions and manner of any processing activities that it carries out.
GDPR means the General Data Protection Regulation (EU) 2016/679, of the European Parliament and of the Council of 27 April 2016 On the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC, as amended, replaced, or superseded and in force from time to time, and as transposed into member-state legislation
Personal Data/Personal Information means any information which relates to an identified or identifiable natural person. An identifiable person is one who can be identified directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. It does not include data where the identity has been removed (anonymous data).
PIPEDA means Personal Information Protection and Electronic Documents Act of Canada (S.C. 2000, assented to 2000-04-13)
Services encompass the services that the Company identifies as being covered by the Company via the Website/Apps.
