Last modified: 23 February 2022
CAPTELA LTD (hereinafter “the company” “we”, “us”, “our” or “our company”) with registration number HE388822, is the controller of the information collected or provided directly through our website, www.captela.com, through our online social media accounts, through our mobile apps, through our watch apps, through emails and/or telephone calls, and/or in any other manner through your contact, as our client, and/or through our clients’ clients’ contact and/or through the contact of any other interested party with our company. We respect our clients’ privacy and the privacy of our clients’ clients and are committed to protecting it through our compliance with applicable privacy and data protection laws and regulations.
“Company” means CAPTELA LTD, registered in the Republic of Cyprus, with registration number HE 388822, VAT number CY10388822X and registered office at 33 Neas Engomis Street, Engomi, Nicosia 2409, Cyprus.
“Personal Information” means any information that relates to a living Individual (not companies or other legal persons) which can be reasonably linked to that Individual. “Personal Information” mentioned in this policy also refers to “Sensitive Personal Information” (see definition below).
“Special Categories of Personal Information (Sensitive Information)” are the ones revealing an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, offences & criminal convictions, criminal history, security measures, trade union memberships, the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person and data concerning health or data concerning a natural person’s sex life or sexual orientation.
“MNPI” – Material Non Personal Information is data which is NOT Personal or Sensitive information but by nature should be limited to appropriate staff or management.
“Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
“Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. For the purposes of this Policy, the Data Controller refers to our Company.
“EEA” means the European Economic Area.
“Processing” of Personal Data shall mean any operation or set of operations that is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation, alteration, maintenance, retrieval, access, consultation, use, transfer, transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
“Third Party” is any natural or legal person, public authority, agency, or any other body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process the data.
“Data Subject” is an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“Clients” means any natural or legal persons that are in a contractual relationship with our Company and have been categorized as clients of the Company.
“Clients’ clients” means any natural or legal persons that are in a contractual relationship with our Company’s clients and/or any third party that is associated with our clients in their ordinary course of business.
“Cookies” refer to the cookies of the company’s website as defined in our Cookies Policy.
“Cookies Policy” means the Cookies Policy of the company’s website which can be found at www.ebanq.com/cookie_policy/
“Associates” Directors, managers and employees of the company as well as the subcontractors, principals and its affiliates.
“Principal” is any natural or legal person that has designated our Company as its Agent to act on their behalf.
“DPO” – Data Protection Officer is the person responsible to set and maintain appropriate procedures to ensure adherence to the Personal Data Protection regulation.
“PIA” – Privacy Impact Assessment is the new obligation on data controllers and data processors to conduct a Data Protection Impact Assessment (also known as a privacy impact assessment, or PIA) before undertaking any processing that presents a specific privacy risk by virtue of its nature, scope, or purposes.
“Profiling” is any form of automated processing of personal data intended to evaluate certain personal aspects relating to an individual, or to analyse or predict in particular that person’s performance at work, economic situation, location, health, personal preferences, reliability, or behaviour.
“Transfer outside EEA” is subject to restrictions. As with the Data Protection Directive, data does not need to be physically transported to be transferred. Viewing data hosted in another location would amount to a transfer for GDPR purposes.
To support its mission within the services sector, the Company uses Personal Information to provide a variety of related services under one roof as a one-stop shop. This policy about the privacy of Personal Information (the “Policy”) has been adopted in order to assist in establishing and maintaining an adequate level of Personal Information privacy in the collecting, processing, disclosing and cross-border transfer of Personal Information including that relating to current, past and prospective Company Personnel, clients, suppliers, principals, contractors and business associates of the company.
Our company respects the Privacy rights of any person whose personal Data we are entrusted with and it complies with laws and regulations protecting Personal Information. This Policy explains the relevant data privacy principles for the protection of Personal Information and how such principles are to be implemented.
- Scope and Applicability
- This Policy covers all Personal (and sensitive) Information collected, processed, shared, or used by the Company.
- It applies to all our Associates, Clients, Clients’ Clients and Third Parties that are involved in our Company’s ordinary course of business.
- This Policy contains the Company’s Data processing standards.
- This Policy must be implemented by all Company’s Associates Clients, Clients’ Clients and Third Parties that are involved in our Company’s ordinary course of business.
- Collection of Personal Information:
We collect and use several types of information of the individuals we cooperate with, of our clients and sometimes of our clients’ clients including information by which you may be personally identified and that is defined as personal data or personally identifiable information under applicable law (“Personal Information”), such as your first and last name, email address, billing information, demographics, telephone number, or other (online) contact information, identification number, other personal details and financial details where applicable.
- Information we automatically collect online:
We automatically collect certain technical information from visitors to our Site(s), such as the Internet protocol (IP) address of their device through IP Locator, their login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platforms. We also collect information through Google Analytics and/or Facebook Ads to be able to provide the best possible service for our clients.
- We collect information submitted to us:
- Through our online services on our platform at www.captela.com and/or through our apps and/or emails: We may collect Personal Information when you visit our website, when you use our apps, when you login to your profile, when you communicate with us via online chat services, when we update your profile information, when we inform you about how we performed your requested services, through our email communications, when you inform us of any special requests or preferences you may have, or sign up for a newsletter or participate in a survey, contest, or promotional offer.
- Through our offline services: We may collect Personal Information from you offline, through our telephones services we provide for you and your clients, when you visit our service points and receive any of our services, contact us via any other means for customer service.
- Through other sources: We may receive Personal Information from third parties including without limitation, your clients, recruitment agencies, credit check agencies, agencies providing compliance checks, sub-agents, and other partners.
- Categories of Personal Information collected
The Categories of Personal Information that we collect online on our platform, through our website, www.captela.com, or offline through telecommunications and/or by any other means as described in paragraph 6 above, include:
- Any information that you provide by filling in forms, in particular at the time of first contact with us.
- Any information that is used for the purpose of maintaining your online account with us (your profile).
- Any information that you instruct us to register and/or file and/or submit on your online profile such as your call history, message history, client’s information etc.
- Any information that your clients may give us for the purposes of carrying out our telephone services to you.
- Any personal or sensitive information of your clients that they may give us for the purposes of carrying out our telephone services to you.
- Personal Information is also collected when you enter a contest or promotion sponsored by us, and when you report a problem with our Website.
- Records and copies of your correspondence (including email addresses), if you contact us or when we contact you.
- Details of transactions you carry out, if any, and of the fulfilment of your orders.
- Purposes for Which We Use Your Personal Information
In general, we use information that we collect about you or that you provide to us, including Personal Information and Sensitive Personal Information, for following purposes:
- Provision of services: to provide you with information, products or services that you request from us;
- Customer management: to manage your account, to provide you with customer support and with notices about your account, including notices, notices about changes to any products or services we offer or provide through it;
- Advertising: following explicit consent to communicate with you about products or services that may be of interest to you either from us, our affiliates or other third parties;
- Functionality and security: to detect, prevent, and respond to actual or potential fraud, illegal activities, or intellectual property infringement;
- Compliance: to enforce our terms and conditions and to comply with our legal obligations as these derive from the applicable laws or our regulators;
- Disclosure of Your Personal Information
We want you to understand when and to whom we disclose Personal Information and other information we have collected about you or your activities on the Website. We do not share your Personal Information with third parties except as indicated below:
- Service providers. To our authorized service providers that perform certain services on our behalf, including for purposes of provision of the services you requested from us, customer management and security. These services may include fulfilling orders, processing credit card payments, performing maintenance on our website, risk and fraud detection and mitigation, providing customer service and marketing assistance. These service providers may have access to Personal Information needed to perform their functions but are not permitted to share or use such information for any other purposes. We have taken all reasonable steps to ensure that they comply with the current data protection regulations.
- Marketing. To send you administrative information, marketing communications, promotional offers, periodic customer satisfaction, market research or quality assurance surveys (to the extent permitted after we have obtained your consent);
- To personalize your experience when you use our services;
- To allow you to participate in contests and other promotions and to administer these activities;
- For our business purposes, such as data analysis, audits, security and fraud monitoring and prevention (including through the use of closed circuit television, and other security systems), enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities;
- Governmental Authorities: We also disclose your Personal Information to other third parties, including official authorities, courts, or other public bodies:
- In response to a subpoena or similar investigative demand, a court order or other judicial or administrative order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; to comply with applicable law or cooperate with law enforcement, government or regulatory agencies; or to enforce our Website terms and conditions or other agreements or policies; or as otherwise required by law (including responding to any government or regulatory request). In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion.
- Resolve complaints, and handle requests for data access or correction. Comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering and anti-terrorism; comply with legal process; and respond to requests from public and governmental authorities (including those outside your country of residence).
- Wrongdoing. To the extent a disclosure is necessary in connection with efforts to investigate, prevent, report or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to maintain and protect the security and integrity of our Website or infrastructure.
- Third Parties. Third parties to whom we may disclose Personal Information may have their own privacy policies which describe how they use and protect Personal Information. If you want to learn more about their privacy practices, we encourage you to visit the websites of those third parties.
- We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. In particular, we may transfer non-Personal Information and process it outside your country of residence, wherever the Website, its affiliates and service providers operate. We may combine non-Personal Information we collect with additional non-Personal Information collected from other sources. We also may share aggregated information with third parties, including advisors, advertisers and investors, for the purpose of conducting general business analysis.
- Storage and Protection of Your Personal Information
- The information that we collect about you, including Personal Information, will be stored and processed in Cyprus and/or in remote cases in the Countries in which we and our Associates above maintain facilities. If you are located in the European Union or other regions with laws governing data collection and use that may differ from European data protection laws, please note that in the course of providing you with the service you requested we may transfer Personal Information to some of these countries and jurisdictions that have data protection laws that do not provide the exact same level of protection as in your jurisdiction, however we make every effort possible to verify and audit that the processor and sub processors provide the best level of protection of personal data.
- We store our client’s data and personal information, which is collected during the ordinary course of our business and/or during the KYC process and/or during our commercial transactions into Captela’s private servers.
- We store our clients’ data and personal information, which is collected during and after the deployment of our software, using the AWS RDS database (Amazon Web Services Regional Database Service). AWS RDS data is encrypted at rest by default. AWS RDS encrypted instances use the industry-standard AES-256 encryption algorithm. The daily backups that are performed are encrypted via AWS S3-SSE (AES-256 encryption Algorithm). System data and data backups are stored in the AWS region eu-central-1 (Frankfurt). Customer will be notified in advance in writing 30 days in advance of any proposed change to data storage location.
- We use versioning and MFA-delete for AWS S3 buckets with backups and logs.
- AWS RDS uses KMS to ensure data integrity.
- We use segregation via Amazon Virtual Private Cloud (Amazon VPC), which enables isolation of database instances.
- We use network access control lists, private subnets and security groups with IP allow-listing to limit access to the database.
- We use encryption in transit: private links for connections to RDS with industry-standard encrypted IPsec VPN.
- We are committed to protecting the Personal Information you share with us. We use all reasonable precautions to secure your Personal Information as well as the appropriate physical, technical, organizational and administrative security measures to help protect your Personal Information from unauthorized or unlawful access, use or disclosure, and from accidental loss, destruction or damage.
- Where our Associates and/or developers and/or engineers and/or third parties process the Personal Information on behalf of the Company, we will ensure that the Associates and/or developers and/or engineers and/or third parties are under an obligation: (i) not to process or transfer the Personal Information except pursuant to instructions from the Company (which should take the form of a written agreement); and (ii) to take appropriate measures to protect the Personal Information to an extent substantially similar to the protections provided by the Company.
- We support online security using secure server technology, as described above, because we want your data to be safe. We use state-of-the-art security arrangements and facilities on our platform and website to maintain data security. Unfortunately, the transmission of information via the internet cannot be guaranteed 100% completely secure and we cannot guarantee the security of your Personal Information that is transferred over the internet.
- How We Protect the Security of Your Personal Information – We take appropriate security measures (including physical, electronic and procedural measures) to safeguard your Personal Information from unauthorized access and disclosure. For example, only authorized employees and/or our Associates are permitted to access Personal Information, and they may do so only for permitted business functions. In addition, we have trained our employees on how to handle, manage and process personal data, applied upgraded technical measures and transformed our policies and procedures in a way that will comply with the General Data Protection Regulation (the “GDPR”). Our Website Users should also take care with how they handle and disclose their Personal Information and should avoid sending Personal Information through insecure email. We are not responsible for circumventions of any privacy settings or security measures contained on the Website.
- If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance by sending an email to our Company’s DPO at firstname.lastname@example.org.
- Regarding the retention period of the Personal Information please refer to paragraph 11 below.
- Retention of Personal Information
- To the extent we have collected your Personal Data for purposes of provision of services, customer management, and customization of content (for descriptions of these purposes see above), we keep your Personal Information for as long as you have an account with the Website, as needed to provide you with our respective services and in compliance with relevant laws of Cyprus.
- Personal Information on your profile on our website is stored for as long as your client profile is active and/or as long as you have a contractual relationship with our Company as a Client. We will maintain all the information in your customer profile for a period of 12 months even where your contractual relationship ends and your customer profile becomes inactive for security purposes.
- Financial Information and/or transactional information between our Company and you as a Client will be maintained for a period of 6 years for tax purposes.
- Personal Information used for marketing and advertising purposes will be stored for a period of 12 months and the period can be renewed with your consent.
- The period for which we keep your Personal Information that is necessary for compliance and legal enforcement purposes varies and depends on the nature of our legal obligations and claims in the individual case.
- For further information regarding other specific retention periods please contact us at email@example.com.
- Cookies and Online Tracking Policy
- A browser cookie is a small file saved on your hard drive when you visit certain websites. Browser cookies store information that a web site may use for a variety of purposes such as to personalize your experience and to gather web site statistical data, such as which pages you visit, what material you download, your Internet provider’s domain name and country, and the addresses of websites you visited immediately before, and after, visiting a particular web site. You can configure your browser to accept or reject browser cookies or to notify you when you are offered a cookie so you can accept or reject it.
- Legal Bases for Collection, Use and Disclosure of Your Personal Information
There are different legal bases that we rely on to collect, use and disclose your Personal Information, namely:
- Performance of contract: The use of your Personal Information for purposes of providing the services, customer management and functionality and security as described above is necessary to perform the services provided to you under our term and conditions and any other contract that you have with us.
- Compliance with legal obligation: We are permitted to use your Personal Information in to the extent this is required to comply with a legal obligation to which we are subject.
- Choices About How We Collect, Use and Disclose Your Personal Information
- We strive to provide you with choices regarding the Personal Information you provide to us.
- You can choose not to provide us with certain Personal Information, but that may result in you being unable to use certain services.
- When you register with us, you may be given a choice as to whether you want to receive email messages, newsletters or advertising material about product updates, improvements, special offers, or containing special distributions of content by us. If consented yet later on you decide you no longer want to receive commercial or promotional emails or newsletters from us, you will need to avail yourself of the unsubscribe mechanism set out in the applicable communication. It may take up to seven days for us to process an opt-out request. We may send you other types of transactional and relationship email communications, such as service announcements, administrative notices, and surveys, without offering you the opportunity to opt out of receiving them as these will relate directly to your relationship with us.
- If you provided Personal Information, you may terminate your relationship with us at any time as per the provision of the between us agreement or engagement. If you choose to do so, your Personal Information will be deleted in accordance with our retention policy.
- Your Rights Related to Your Personal Information
- Subject to the provisions of the General Data Protection Regulation (GDPR), you have certain rights regarding the Personal Information we collect, use or disclose and that is related to you, including the right:
- to receive information on the Personal Information concerning we hold about you and how such Personal Information is used (right to access);
- to rectify inaccurate Personal Information concerning you (right to data rectification);
- to delete/erase your Personal Information (right to erasure/deletion, “right to be forgotten”);
- to receive the Personal Information provided by you in a structured, commonly used and machine-readable format and to transmit those Personal Information to another data controller (right to data portability)
- to object to the use of your Personal Information where such use is based on our legitimate interests or on public interests (right to object); and
- in some cases, to restrict our use of your Personal Information (right to restriction of processing).
- If we ask for your consent to use your Personal Information, you can withdraw your consent at any time.
- You may, at any time, send us an email to firstname.lastname@example.org to exercise your above rights in accordance with the applicable legal requirements and limitations. If you are located in the EEA, you have a right to lodge a complaint with your local data protection authority.
- Note that some requests to delete certain Personal Information will require the deletion of your user account as the provision of user accounts are inextricably linked to the use of certain Personal Information (e.g., your email address). Also note that it is possible that we require additional information from you in order to verify your authorization to make the request and to honour your request.
- Information used for Marketing purposes
- We will provide you with regular opportunities to tell us your marketing preferences, including in our communications to you. To tell us your marketing preferences and to opt-out, you can contact us using the information in the “Contact Us” section below.
- Receiving email messages and text messages from us: If you no longer want to receive marketing-related emails or text messages from us on an ongoing basis, you may opt-out of receiving these marketing-related messages by clicking on the link to “unsubscribe” provided in each message or by contacting us.
- Receiving telephone communications and postal mail from us: If you no longer want to receive mobile messages, telephone communications or postal mail from us on an ongoing basis, you may opt-out of receiving these marketing-related communications by contacting us.
- We aim to comply with your opt-out request(s) within a reasonable time period. Please note that if you opt-out as described above, we will not be able to remove your Personal Information from the databases of third parties with whom we have already shared your Personal Information (i.e., to those to whom we have already provided your Personal Information as of the date on which we respond to your opt-out request). Please also note that if you do opt-out of receiving marketing communications from us, we may still send you other important administrative communications from which you cannot opt-out.
- Enforcement; Cooperation
- No Rights of Third Parties
- No Error Free Performance
- Contact Information
- You may also contact us by mail at CAPTELA LTD, 33 Neas Engomis Street, Engomi, Nicosia 2409, Cyprus.