GENERAL
This Privacy Policy governs RoundSquare’s collection, use, disclosure and other processing of your Personal Data arising from your access to or use of the RoundSquare Platform and/or the RoundSquare Services, including registering for or subscribing to an Account, and buying and/or using our products and services.
As used in this Privacy Policy, “RoundSquare”, “we”, “us” or “our” refers to, as applicable, (a) RoundSquare , a Virtual asset service provider, registered with the Andorran Trade and Companies Register under the number XXXXXXXXXX, with its registered address at RoundSquare, Av. Príncep Benlloch, 30, AD500 Andorra la Vella , Andorra. RoundSquare Finance is data controllers under this Privacy Policy, which sets out the manner in which each of those companies as data controllers in respect of their respective clients, may use your Personal Data.
Capitalised items in this Privacy Policy have the meaning set out in the Definitions section below. Other shall have the same meaning as ascribed to them in the relevant RoundSquare Terms of Use.
Acceptance of this Privacy Policy
By accepting this Privacy Policy or by accessing or using the RoundSquare Platform and/or the RoundSquare Services, you: (a) acknowledge that you have the right, capacity and authority to accept this Privacy Policy; (b) acknowledge that you have read and understand this Privacy Policy; and (c) consent to the processing of your personal data by RoundSquare in accordance with this Privacy Policy. If you do not agree to this Privacy Policy, do not accept it and do not access or use the RoundSquare Platform and/or the RoundSquare Services.
Updates to this Privacy Policy
This Privacy Policy was last revised on March, 25 2023 We may update this Privacy Policy from time to time to ensure ongoing compliance with DP Law and for any other purpose we deem reasonably necessary, so it is advisable that you review it frequently. Changes to this Privacy Policy will be announced on our website or through similar means for a reasonable length of time prior to and following the change(s) taking effect. Your continued access to or use of the RoundSquare Platform and/or the RoundSquare Services constitutes your acknowledgment and acceptance of such changes.
Purpose and Scope of this Privacy Policy
RoundSquare is committed to protecting and respecting your privacy. The purpose of this Privacy Policy is to describe:
- The types of Personal Data we collect and how it may be used;
- Our use of cookies and similar technology;
- How and why, we may disclose your Personal Data to third parties;
- The cross-border transfer of your Personal Data within, particularly outside of the European Economic Area (“EEA”), as applicable; and always in accordance with the precepts set forth in Chapter Five of the Llei 29/2021, del 28 d’octubre, qualificada de protecció de dades personals.
- Your statutory rights concerning your Personal Data;
- The security measures we use to protect and prevent the loss, misuse or alteration of Personal Data; and
- RoundSquare’s retention of your Personal Data.
This Privacy Policy does not apply to websites, applications or services that are not linked to this Privacy Policy or to those operated by third parties. RoundSquare is not responsible for and shall have no liability whatsoever in connection with such third party’s processing of your information. We encourage you to review the privacy policies posted on those websites, applications and services.
COLLECTION AND USE OF PERSONAL INFORMATION
A. Personal Data We Collect
We collect the Personal Data which you provide directly to us or which we generate when you open an Account, perform any transactions on the RoundSquare Platform, or use other RoundSquare Services. This may include:
- Contact information, such as name, home address, email address and telephone number;
- Account information, such as username, password, Account settings and preferences;
- Financial information, such as occupation, bank account numbers, bank statement and trading information;
- Identity verification information, such as gender, ID number, tax number or images of your government-issued ID, passport, national ID card or driver’s We also use third-party authentication services that may collect biometric data as part of the account creation and identity verification process, and those entities may collect your biometric identifiers or information;
- Residence verification information, such as utility bill details or similar information;
- Demographic information, such as age, income, education, and employment status;
- Image in photo or video form (where required as part of our know-your-customer checks), which may also include biometric data processed during a video verification process;
- Records of our discussions, if you contact us or we contact you (including records of phone and video calls);
- Information regarding the way in which you use our Services, such as when you used our Services, and the specific Services you used and the Transactions you carried out; and
- Other information relating to communications with us, whether through the RoundSquare website or via e-mail, over the phone or via any other medium.
We also automatically collect certain computer, device and browsing information when you access/use the RoundSquare Platform or the RoundSquare Services. This information is aggregated to provide statistical data about our users’ browsing actions and patterns, and does not personally identify individuals. This information may include:
- Computer or mobile device information, including IP address, operating system, network system, browser type and settings;
- Geolocation information; and
- Website usage information.
Finally, we may collect Personal Data from third-party partners and public sources, which include:
- Reputational information;
- Financial information; and
- Business activities of corporate customers.
We need to collect certain types of information for compliance with legal requirements relating to our anti-fraud/anti-money-laundering/counter-financing-of-terrorism/know-your-customer obligations. If this information is not provided, we may not be able to provide a Service for you.
It is important to note that the Personal Data we collect when you create an Account will be retained for the mandatory retention period set forth by applicable law as it is necessary for us to maintain an exhaustive documentation of our operations as required from us as regulated financial sector professionals, even if your Account has not been successfully activated (e.g. if Account verification has not been completed) or no transaction has been made using it.
B. Use of Cookies and Similar Technology
The RoundSquare Platform uses cookies. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Cookies are typically stored on your computer’s hard drive. Information collected from cookies is used by us to evaluate the effectiveness of our Site, analyse trends and administer the Platform. The information collected from cookies allows us to determine such things as which parts of the Site website are most visited and what difficulties our visitors may experience in accessing the Site. With this knowledge, we can improve the quality of your experience on the Platform by recognising and delivering more of the most desired features and information, as well as by resolving access difficulties. We also use cookies and/or a technology known as web bugs or clear gifs, which are typically stored in emails to help us confirm your receipt of, and response to, our emails, and to provide you with a more personalized experience when using our Site.
We use one or more third-party service providers, to assist us in better understanding the use of our Site. Our service provider(s) will place cookies on the hard drive of your computer and will receive information that we select that will educate us on such things as how visitors navigate around our Site, what products are browsed and general Transaction information. Our Service provider(s) will analyse this information and provide us with aggregate reports. The information and analysis provided by our Service provider(s) will be used to assist us in better understanding our visitors’ interests in our Site and how to better serve those interests. The information collected by our Service provider(s) may be linked to and combined with information that we collect about you while you are using the Platform. Our service provider(s) is/are contractually restricted from using the information they receive from our Site for any other purpose than to assist us.
If you want to avoid using cookies altogether, you can disable cookies in your browser. However, disabling cookies might make it impossible for you to use certain features of our website or Services, such as logging in to your Account or making Transactions.
For more information about cookies, the types of cookies we use and how we use them please see our Cookie Policy.
C. How We Use Your Personal Data
We collect, use, disclose and / or otherwise process your Personal Data for a variety of reasons. We need some information to enter into and perform our contract to provide our Services to you – for example, your contact and payment details. Some information processing is required by law, including but not limited to, due to our anti-money laundering, counter-financing of terrorism and anti-fraud screening obligations. Where we process special categories of personal data (for example, your biometric data during the identity verification process), we may ask for your consent, but may also, as permitted by law, rely on substantial public interest (regulatory requirements, preventing fraud, terrorist financing and/or money laundering) or our right to establish, exercise or defend legal claims.
Some Personal Data is processed because you have given your consent, which can be withdrawn. We collect, use, disclose and/or process other Personal Data because we have legitimate business interests to do so, having taken into account your rights, interests and freedoms.
We may use your Personal Data to:
- Create and administer your Account and generally for accounting, billing, maintenance of legal documentation and claim and dispute management. Related processing operations are necessary for the performance of a contract with you (or to take steps at your request prior to entering into a contract) and for compliance with legal obligations to which we are subject;
- Provide Services to you and process your RoundSquare transactions. Related processing operations are necessary for the performance of a contract with you and for compliance with legal obligations to which we are subject;
- Verify your identity in accordance with applicable know-your-customer, anti-money-laundering/counter-financing of terrorism and other financial-sector legislation or regulations, including those required for compliance with the RoundSquare Anti-Money Laundering Policy, as well as address other law enforcement needs as described in our Terms of Use, and generally as required for compliance with legislation and regulations applicable to RoundSquare. We may also share your Personal Data with other financial institutions, for example as authorized under Section 314(b) of the US Patriot Act and/or any other applicable regulation, and with tax authorities, including the US Internal Revenue Service, pursuant to the Foreign Account Tax Compliance Act (“FATCA”), to the extent that this statute may be determined to apply to RoundSquare. Related processing operations are necessary for the performance of a contract with you and for compliance with legal obligations to which we are subject;
- Prevent fraud and other financial crimes. Related processing operations are necessary for compliance with legal obligations to which we are subject and for purposes of our legitimate interests (that is, developing and improving our anti-fraud system, preventing, detecting, investigating and prosecuting security threats, fraud, financial crimes, misconduct or other illegal or malicious activity and meeting our legal responsibilities);
- Personalise your RoundSquare Platform and Services experience. Related processing operations are necessary for purposes of our legitimate interests (that is, improving our Services);
- Analyse the Site and RoundSquare Platform usage and improve the Site and RoundSquare Platform offerings through surveys, research, planning and statistical analysis. Related processing operations are necessary for purposes of our legitimate interests (that is, improving and promoting our Services);
- Respond to your customer service requests and support needs. Related processing operations are necessary for the performance of a contract with you and for purposes of our legitimate interests (that is, improving our Services and offering you the best experience);
- Conduct internal operational and administrative processes, such as accounting, risk management, compliance and record keeping functions, staff training, quality control and any other purposes that are necessary for the performance of our contract with you. Related processing operations are necessary for purposes of our legitimate interests (that is, improving and promoting our Services, improving risk management practices and ensuring quality control); and
- Contact you about the RoundSquare Services. The email address you provide may be used to communicate information and updates related to your use of RoundSquare Services.
In the event we require to use your Personal Data for any other purposes, we will notify you and obtain your consent beforehand, unless we are required or permitted under DP Law to process your personal data without your consent.
Automated Decision Making
We may make automated decisions on certain matters. For example, we may do this to decide whether we can provide our Services to you based on a credit check/risk profiling. Depending on the outcome of the credit check/risk profiling, a decision is reached automatically as to whether we are able to provide products or Services to you based on your credit worthiness.
If you disagree with the decision you are entitled to contest this by contacting us at the following email address: dpo@RoundSquare.finance
D. Marketing
We may also occasionally communicate company news, updates, promotions and information relating to similar products and Services provided by RoundSquare. We may also administer a contest, promotion, giveaway. survey or another Site or Platform feature as is further explained on the Site. We shall only do this where you have given us your consent or otherwise where we are permitted to do so under DP Law, including in pursuit of our legitimate interests (that is, promoting our Services).
We may share Personal Data with third parties to help us with our marketing and promotional projects, or to help us with sending marketing communications.
If you want to opt out of receiving promotional and marketing emails, text messages, posts and other forms of communication from us (or our promotional partners), which you might receive in accordance with this section, you can choose one of the following ways:
- Log into your Account and update your profile in Account settings;
- Click “unsubscribe” at the bottom of an email we sent you; or
- Contact us at dpo@roundsquare.finance and request to opt out.
If you do opt out of receiving promotional and marketing messages, we can still contact you regarding our business relationship with you, such as Account status and activity updates, survey requests in respect of products and Services we have provided to you after you have opted out, reservation confirmations or respond to your inquiries or complaints, and similar communications.
DISCLOSING AND TRANSFERRING PERSONAL DATA
We may disclose your Personal Data to third parties and legal and regulatory authorities and transfer your Personal Data outside the EEA, as described below.
A. Disclosures to Third Parties
There are certain circumstances where we may transfer your Personal Data to employees, contractors and to other parties.
- We may share your Personal Data with other members of our group of companies so we can provide the best service across our group. They are bound to your Personal Data in accordance with this Privacy Policy;
- We may use a third-party processor to process personal and formal identification data for the purpose of verifying the identity of our users by using ID document verification and facial biometrics technologies. The processor may collect your full name, nationality, date of birth, gender, social security number, tax ID number, email address, phone number, IP address, passport details, driver’s license details and national identity card details. Additionally, the processor may collect a photograph or video of you to perform a facial or liveness check.
- We may also share your Personal Data with certain contractors or service providers that may process your Personal Data for us. Examples include marketing or advertising agencies, IT specialists, database providers, backup and disaster recovery specialists, email providers or outsourced call centres. Our suppliers and Service providers are required to meet our standards on processing information and security. The information we provide them, including your Personal Data, will only be provided in relation to the performance of their function; and
- We may also share your Personal Data with certain other third parties. We will do this either when we receive your consent or because we need them to see your Personal Data to provide products or services to you. These include our banking and payments providers, credit reference agencies, anti-fraud or anti-money laundering/counter-financing-of-terrorism databases, screening agencies and other partners we do business with.
Your Personal Data may be transferred to other third-party organisations in certain scenarios in pursuit of our legitimate interests (that is, facilitating corporate transactions, protecting our rights and property and the rights, property and safety of others, resolving disputes, and complying with any applicable legal obligations to which we are subject):
- If we are discussing selling or transferring a part or all of our business your Personal Data may be transferred to prospective purchasers under suitable confidentiality terms;
- If we are reorganised or sold, your Personal Data may be transferred to a buyer who can continue to provide our services to you;
- If we are required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example law enforcement; and
- If we are defending a legal claim, your Personal Data may be transferred as required in relation to defending such claim.
Your Personal Data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be Personal Data.
RoundSquare’s third-party Service providers are contractually bound to protect and use your Personal Data only for the purposes for which it was disclosed, except as otherwise required or permitted by law. We ensure that such third parties will be bound by terms complying with DP Law.
B. Disclosures to Legal Authorities
We may share your Personal Data with law enforcement, data protection authorities, government officials and other authorities when:
- Compelled by court order or other legal procedure;
- Disclosure is necessary to report suspected illegal activity; or
- Disclosure is necessary to investigate violations of this Privacy Policy or our Terms of Use; or
- Disclosure without your consent is otherwise required or permitted under DP Law.
C. International Transfers of Personal Data
We store and process your Personal Data in data centres around the world, where RoundSquare facilities or service providers are located. As such, we may carry out cross-border transfers of your Personal Data outside of the European Union, in accordance with the precepts set forth in Chapter Five of the Llei 29/2021, del 28 d’octubre, qualificada de protecció de dades personals.
We may transfer your Personal Data outside of the European Union or outside of your country of origin. Some of the countries to which your Personal Data may be transferred to for these purposes that are located outside the EU do not benefit from the adequacy decision issued by the EU Commission regarding protection afforded to Personal Data in that country. Details of these specific countries can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en. Such transfers are undertaken in accordance with our legal and regulatory obligations, and appropriate safeguards under applicable DP Law will be implemented, such as standard data protection clauses, with data recipients or processors approved by competent authorities. A description of appropriate safeguards may be requested at the address set out in the Contact Us section.
YOUR STATUTORY RIGHTS
You have certain rights concerning your Personal Data under DP Law, as mentioned below, and can exercise them by contacting us at dpo@RoundSquare.finance. Please note that these rights may differ depending on the applicable DP Law.
Once a request is received RoundSquare will answer without undue delay and, in any case, within one month. If the complexity or number of requests received does not allow RoundSquare to answer to the particular request within the time frame, RoundSquare is entitled to extend that period for up to two extra months by informing you about such delay within the initial period.
Access: Subject to applicable DP Law, you are entitled to ask us if we are processing your Personal Data and, if we are, you can request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and certain other information about it to check that we are processing it lawfully. We process a large quantity of information and can thus request, under certain circumstances and in accordance with applicable DP Law, that before your Personal Data is delivered, you shall confirm your identity and specify the information or processing activities to which your request relates. There are certain circumstances where we may refuse, or we are required to deny, an access request; for example, we may be required to deny an access request where the Personal Data subject of such request could reveal Personal Data about another individual.
Correction: Subject to applicable DP Law, you are entitled to request that any incomplete or inaccurate Personal Data we hold about you is corrected. There are certain circumstances where we may refuse a correction request; for example, we may refuse a correction request in respect of a document related to an ongoing prosecution.
Erasure: you are entitled to ask us to delete or remove Personal Data in certain circumstances. There are also certain circumstances where we may refuse a request for erasure; for example, we may refuse an erasure request where the Personal Data is required for compliance with law or in connection with claims.
Restriction: Subject to applicable DP Law, you are entitled to ask us to suspend the processing of certain parts of your Personal Data; for example, if you want us to establish its accuracy or disclose the reason for processing it. There are certain circumstances whereby we may require reasonable notice before we suspend processing your Personal Data pursuant to your request.
Transfer: Subject to applicable DP Law, you may request the transfer of a certain part of your Personal Data to another party.
Objection: Subject to applicable DP Law, where we are processing your Personal Data based on a legitimate interest (or that of a third party) you may challenge this. However, we may be entitled to continue processing your Personal Data based on our legitimate interests or where this is relevant to legal claims or where processing is otherwise required or permitted under applicable DP Law. You also have the right to object where we are processing your Personal Data for direct marketing purposes. There are certain circumstances whereby we may require reasonable notice before we cease processing your Personal Data pursuant to your objection.
Automated decisions: Subject to applicable DP Law, you may contest any automated decision made about you where this has a legally or similarly significant effect and ask for it to be reconsidered.
Where you have given consent to a particular processing, you have the right to withdraw such consent by email at dpo@RoundSquare.finance Note that such withdrawal will only be effective for the future and that, according to applicable DP Law, it does not affect the lawfulness of processing based on consent given before such withdrawal and it does not affect any legal consequences arising from such withdrawal. For example, if we are prevented from processing your Personal Data due to your withdrawal of consent, you might be unable to access or use the RoundSquare Platform or the RoundSquare Services (or parts thereof) if such access or use requires us to process your Personal Data.
You also have a right to lodge a complaint with a supervisory authority regarding our privacy practices or our processing of your Personal Data.
SECURITY OF PERSONAL DATA
We use a variety of security measures to ensure the confidentiality of your Personal Data, and to protect your Personal Data from (a) loss, (b) theft, (c) unauthorised access, processing alteration or destruction, (d) misuse or (e) other similar risks. These security measures include, but are not limited to:
- Password protected directories and databases;
- Secure Sockets Layered (SSL) technology to ensure that your Personal Data is fully encrypted and sent across the Internet securely; and
- PCI Scanning to actively protect our servers from hackers and other vulnerabilities.
All financially sensitive and/or credit information is transmitted via SSL technology and encrypted in our database. Only authorised RoundSquare personnel are permitted access to your Personal Data, and these personnel are required to treat your Personal Data as highly confidential. The security measures will be reviewed regularly in light of new and relevant legal and technical developments.
We do not ask for financial or payment information, such as your credit card number, passcode, account number or PIN number, in an e-mail, text or any other form of communication that we use to contact you. Please always check that any website on which you are asked for financial or payment information in relation to our services is operated by RoundSquare. If you do receive a suspicious request, do not provide your information and report it by contacting one of our Service representatives as set in this Privacy Policy.
You are responsible for keeping your Account passcode, membership numbers and PIN numbers safe and secure. Do not share those with anyone. If there is an unauthorised use or any other breach of security involving your information, you must notify us as soon as possible (see the Contact Us section below).
RETENTION OF PERSONAL DATA
We retain Personal Data for as long as necessary to fulfil purposes described in this Privacy Policy, subject to our own legal and regulatory obligations. The criteria we may use to determine the retention period for certain categories of data include:
- How long you have been a RoundSquare member;
- Whether there are contractual or legal obligations that exist that require us to retain Personal Data for a certain period of time;
- Whether there is any ongoing legal or financial claim that relates to your relationship with us;
- Whether any applicable law, statute or regulation allows for a specific retention period; and
- What the expectation for retention was at the time Personal Data was provided to us.
In accordance with our record-keeping obligations, we will retain Account and other Personal Data at all times while your Account exists and we reserve the right to retain your Personal Data after your Account is closed (a) for as long as it is necessary to fulfil the purpose for which it was collected; (b) for at least five years (in some cases up to ten years, as required by applicable law) after an Account is closed; or (c) for as long as retention is required or permitted by applicable DP Law.
DEFINITIONS AND INTERPRETATION
“Account” means the contractual arrangement wherein a RoundSquare member has accepted our Terms of Use and this Privacy Policy, and received approval to use the RoundSquare Services, including the purchase and sale of Virtual Assets and to perform associated Transactions;
“RoundSquare Platform” means hardware and software technologies, including the RoundSquare website (www.RoundSquare.Finance) or any other websites, the RoundSquare mobile app and other RoundSquare platforms or applications, used by RoundSquare to provide the RoundSquare Service as set out in our Terms of Use;
“RoundSquare Services” means the services provided by RoundSquare as set out in our Terms of Use.
“DP Law” means data protection laws applicable to RoundSquare, including the EU General Data Protection Regulation 2016/679 and its successors or implementing texts and other applicable data protection laws; the Directiva (UE) 2016/680 del Parlament Europeu i del Consell, de 27 d’abril de 2016, relativa a la protecció de les persones físiques pel que fa al tractament de dades personals per part de les autoritats competents per a fins de prevenció, investigació , detecció o enjudiciament d’infraccions penals o d’execució de sancions penals, i a la lliure circulació de les dades esmentades i per la qual es deroga la Decisió Marc 2008/977/JAI del Consell; the Llei 29/2021, del 28 d’octubre, qualificada de protecció de dades personals;
“Include”, “includes”, “including”, “for example” and “such as” will be interpreted to be followed by “without limitation”.
“Personal Data” means information that identifies an individual or from which an individual may be identified, or other information defined as “personal information,” “personal data,” or “personally identifiable information” under DP Law. Personal Data does not include anonymised, de-identified and/or aggregated data that does not identify a specific user;
“Processing” means the carrying out of any operation or set of operations in relation to Personal Data, including collecting, using, disclosing, recording, holding, organising, adapting, altering, retrieving, combining, transmitting, transferring, erasing or destroying personal data, and “process” and “processed” will be construed accordingly.