Login

Transaq Ltd. Privacy Policy

  1. INTRODUCTION

This Privacy Policy describes the way in which Transaq Ltd. (henceforth, ‘We’, ‘Us’, or ‘Transaq’) uses, treats and handles consumer and business partner data.

In this Privacy Policy we describe who we are, how and why we process your personal data, how you can exercise your privacy rights and all other information that may be relevant to you. We try to provide you with all relevant information in a clear, concise and accessible format. If you have any questions regarding the use of your personal data after reading this privacy policy, please contact us at privacy@transaq.io with your concerns or clarifications.

This Privacy Policy may be changed over time, and you can find the most up-to-date Privacy Policy on our website. The last modification to this Privacy Policy was made on February 22, 2022.

  1. WHEN DOES THIS PRIVACY POLICY APPLY?

This Privacy Policy applies to all instances where we process personal data submitted by business clients and their end-users. Our business clients are affiliated partners (applications, websites and merchants), resellers, and agents that have integrated with our services. This Privacy Policy does not address the processing the personal data of applicants or employees in the context of their employment relationship with Us.

It is our policy to comply with privacy legislation within the jurisdictions we operate in. Because an individual’s privacy rights vary via jurisdiction, this Privacy Policy has a limited scope and application. Consequently, the rights and obligations contained in this Privacy Policy may not be available to all individuals or in all jurisdictions. If you are unsure if or how this Privacy Policy applies to you, please contact us at privacy@transaq.io for more information.

  1. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?

We are either a data controller or a data processor for the processing of all personal data that fall within the scope of this Privacy Policy. This Privacy Policy provides information on what personal data is collected, how and why it is processed by Us, and which persons or entities it may be provided to. We will not share your personal data with external parties, unless specifically requested by the data subject, or otherwise to comply with a legal obligation.

We share information globally, both internally within the company, and externally with our partners and with any entity you may choose to share with as a part of engaging our services. Your information may be transmitted to, stored and/or processed in the United States or other countries outside of where you live for the purposes described in this policy. Such transfers are necessary to provide our services set forth in the Terms and provide our Products to you. We obtain your consent for these data transfers to the United States and other countries.

  1. HOW DO WE PROCESS YOUR PERSONAL DATA?

4.1 When you use our services

We process your personal data when you use our platform and services. We use your data during our verification and authentication processes to enroll you into our system, so that you can prove your identity when interacting with our services. We store and manage your data so that it is secure and readily accessible to you and our business clients.

(a) CLIENT AND CLIENT DEVICE VERIFICATION

We process your personal data to verify your identity and your device. This verification process creates the basis for your ability to authenticate yourself in the form of encrypted, digital, on or off-device representations of one or multiple authentication vectors. As part of this process, you may be required to provide information and/or documentation to substantiate your identity, from which the authentication vectors are derived. We process all data submitted via this process by you or our business clients. If your engagement with our services is through one of our business clients who have integrated with our services, you may be prompted to enable certain authentication vectors as required by that service. You may choose to activate or deactivate any and all authentication vectors at any time, however your ability to authenticate based on such vectors may be the basis upon which you may access the services of those business clients. For these processing activities, our business clients are the data controller and we are the data processor.

When using our services for the first time, we need you to register your device. This may involve authentication, biometric (such as your fingerprint or facial recognition) or otherwise. You may be prompted to provide additional information depending on the level of authentication you have enabled on your device, or as required by our business clients. The only information that leaves your device during this process is a public key we use to verify your device- the private key counterpart and any authentication information (biometric or otherwise) remains within your device.

If you choose to enable biometric account recovery you will be required to provide an impromptu, unedited picture of yourself from a verified device. We process this image to produce an anonymized, digital, biometric representation that cannot be reverse engineered or used to identify you. This representation will be used to authenticate you should you need to recover your account in the event of lost/stolen devices. You may adjust and/or disable this feature at any point in time. We store the submitted image securely in case you request human intervention during the biometric account recovery process.

We process your username, e-mail address, IP address, MAC address, and any other personal data submitted for the establishment of a verification vector, such as first and last name and date of birth. For administrators and developers of our business clients, we process the same categories of personal data in addition to country of business.

The legal basis for this processing activity is the performance of a contract.

(b) DATA MANAGEMENT, STORAGE AND COLLECTION

We manage and store your personal data on behalf of and according to the instructions of our business clients if we come into possession of your personal data in the capacity of a data processor. We ensure that your personal data is secure and accessible to you and our business clients.

We process the personal data provided by you and our business clients. This processing is normally limited to your username, e-mail address, IP address, and MAC address but includes any other personal data submitted for the establishment of a verification vector, such as first and last name and date of birth.

The legal basis for this processing activity is the performance of a contract.

(c) MONITORING AND LOGGING

To ensure the security of your personal data we monitor the behaviour of our business clients’ developers and administrators. We collect log data to resolve any incidents that may arise and hold users, business clients, and their agents accountable.

We process personal data such as the username, activity, timestamps, user roles, and generated errors. The legal basis for this processing activity is our legitimate interest and performance of a contract.

(d) MAINTENANCE AND DEVELOPMENT OF SERVICES

We process your personal data in an aggregated, anonymized form to examine and improve our services. We use aggregated personal data to understand how users interact with our services, with the intention of adjusting and improving our services accordingly.

For this purpose, we may process personal data such as IP address, MAC address, authentication vector particulars (such as SMS, biometric, username and password), and geolocation of your network.

The legal basis for this processing activity is legitimate interest.

4.2 When you interact with Transaq

If you get in touch with us via info@transaq.io we use your personal data to reply to and answer your question. For this purpose, we process your name, contact details, your correspondence with us, your question and all other personal data which are necessary to answer your question.

When you contact us through social media platforms, we assume your consent to the collection, use and disclosure of your personal information for the purposes related to answering your questions and responding to you. We process your personal data accordingly, including your (user)name, email address, and the personal data you have included in your message.

When you register and provide us with your email address on our Website, we will use that email address to advertise and market to you, which includes sending promotional communications, targeted advertising and presenting you with relevant offers. You can opt out of marketing emails whenever you receive marketing communications from us.

The legal basis for this processing activity is consent.

4.3 For the management and improvement of our internal business operations

We collect personal information to manage, maintain and develop our business, including:

  • to establish, maintain and manage our relationship with you to provide or receive the products and services that have been requested (for example, we will use your personal information to establish your identity and authentication vectors);
  • to protect us against error, fraud, theft and damage to our goods, property, and interests;
  • to undertake incident investigation, response and mitigation;
  • to comply with your requests and any other reasonable purpose to which you consent.

4.4 To comply with the law

In some cases, we process your personal data to comply with laws and regulations. In order to comply with relevant laws and regulations, we may need to disclose your personal data to government institutions or supervisory authorities.

The categories of personal data processed for this purpose depends on the legal obligation and we will limit the processing of the personal data to what is strictly necessary to comply with that obligation.

  1. COOKIES

We also collect information through the use of cookies. Cookies are small files of information which save and retrieve information about your visit to this website – for example, how you entered our site, how you navigated through the site, and what information was of interest to you.
compliance benefits.

  1. WHO HAS ACCESS TO YOUR PERSONAL DATA?

6.1 Within Transaq

As a global organization, data we collect may be transferred internationally throughout our worldwide organization. Our employees are authorized to access personal data only to the extent necessary to serve the applicable purpose and to perform their jobs.

6.2 Third parties

The following third parties might have access to your personal data for the purpose of provisioning of their products or services to us:

  • Amazon Web Services (AWS) – hosting and storage services
  • Mailchimp – integrated marketing platform for small businesses
  • Google Analytics – statistics and analytics service

When third parties are given access to your personal data, we will take the required contractual, technical and organisational measures to ensure that your personal data are only processed to the extent that such processing is necessary. Such third parties will only process your personal data in accordance with applicable law.

In other cases, your personal data will not be supplied to third parties, except where required by law.

6.3 Sub-processors

When a third party processes your personal data solely following Transaq instructions, it acts as a data sub-processor. We enter into agreements with them including obligations and protections to ensure that they process your personal data solely to provide services to us.

  1. HOW IS YOUR PERSONAL DATA SECURED?

Transaq has taken adequate steps to ensure the confidentiality and security of your personal data. We have implemented appropriate technical, physical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing. Examples are IT security policies, staff training and secure servers.

  1. HOW LONG IS YOUR PERSONAL DATA RETAINED?

Your personal data will be removed or made anonymous when it is no longer necessary for the purposes or processes you consented to. Where We act as a processor the applicable retention periods are determined by our business clients.

  1. HOW CAN YOU EXERCISE YOUR PRIVACY RIGHTS?

You have the right to request a summary of your personal data. You may, in some cases, have the right to data portability, to request rectification and/or erasure of personal data, to restrict or otherwise object to the processing of your personal data.

To invoke any of the aforementioned rights

  • If you are one of our clients’ end-users: please contact our client directly.
  • If you are one of our client developers or admins: please contact us at privacy@transaq.io.

If you have consented to a certain purpose, you can withdraw your consent at any time. Please keep in mind that such withdrawal of consent is not retrospective in effect. You can contact us by using the contact details at the bottom of this Privacy Policy.

  1. QUESTIONS OR COMPLAINTS

If you have any further questions about the way we hand or process your personal data, please contact us at privacy@transaq.io.

Should you still be of the opinion that your request or complaint was not handled satisfactorily by us, you have the right to lodge a complaint with your local data protection supervisory authority. Please contact your local data protection supervisory authority through the contact details on their website.