Register

WhaleFin Privacy Policy (EU)

Effective date: Last reviewed on February 20, 2022

Please select your country / region of residence to view the version of the policy applicable to you.

·      European Economic Area and the United Kingdom

·      South Korea

·      Hong Kong

·      Japan

·      Taiwan

·      Philippines

·      Indonesia

·      United States

Introduction

This Privacy Policy sets out how WhaleFin Technologies Limited, and its affiliates and subsidiaries (“WhaleFin”, “we”, “us”, “our”) processes personal data obtained via our website https://www.whalefin.com/ and the “WhaleFin Platform” (including the WhaleFin mobile application software and any website protocols and applications made accessible to you by WhaleFin) (collectively the “Services”) – in our role as a data controller (i.e. when we are responsible for determining the purpose and means of the processing). This Privacy Policy also describes your data protection rights, including the right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “Your Rights and Choices” section below.

Personal Data We Collect

Personal data collected via the Services include:

·       Identification Data: Full name, date of birth, nationality, gender, utility bill, photographs (headshots, live photographs and photograph sets), occupation, passport, driver license, national identity card, passport number, passport details, driver license details, national identity card details and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws or integrity best practices.

·       Institutional Data: Employer identification number (or other similar number issued by a government), and/or personal identification information for all material beneficial owners and/or list of current directors of the institution.

·       Contact Data: Phone number and/or e-mail.

·       Geographic Location Data: IP address, country code, post code, work address for institutional customers, personal address and/or proof of address, such as a bank statement, housing contract or a utility bill.

·       Financial Data: Bank account information (e.g. account number, and sort code), remittances account, Bank Account Type (SWIFT/ABA), SWIFT code, ABA Number, legal tender deposit proof information, currency type, top-up amount, withdrawal amount, virtual assets (“red envelopes”, coupons, interest rate coupons), payment card primary account number (PAN), cryptocurrency deposit address, proposed investment amount, source of wealth, annual income and deposit plan.

·       Account Data: Account name, customer ID, password and/or username.

·       Transaction Data: Information about the transactions you make on our Services, such as the details of transactions orders, the details of payment, the name of the recipient, your name, the amount and/or timestamp virtual assets you hold in your account.

·       Usage Data: Authentication data, click-stream data, cookies, pixel tags and other similar technologies that uniquely identify your browser where you give consent to such technologies where your consent is required.

·       Biometric Data: Your facial biometric data obtained during KYC identity verification.

·       Technical Data: Device type, classification and model, unique device identification numbers (e.g. OAID, AndroidID, IDFV, IDFA, GAID, IMEI), Submit Source (Web or App), Telecom Operator Information, browser type and version, browser plug-in type and version, application version and SDK version, operating system and platform, language settings, privacy preferences, time zone setting, diagnostic data, such as crash logs and any other data we collect to measure technical diagnostics with your consent where required and other information stored or available on the device that you allow us to access when you visit the website or use the Services or applications, the full URL clickstream to, through and from the Services, cookie Identifier and your activity on our Services, including the pages you visited, the searches you made and, if relevant, the services you purchase.

·       Marketing and Communications Data: Marketing communication preference, survey responses, information provided to our support team, trading team, sales team and/or user research team.

·       Risk Management Data: Personal credit information, including repayment history, credit information and debt information, etc. Judicial Data, litigation-related, case-involved information, compliance assessment, the risk assessment, risk level, KYC authentication result and failure reason.

We obtain information about you in a number of ways through your use of our Services, including, but not limited to, through the account registration, event and webinar registrations, news and updates subscriptions, and information provided in the course of ongoing support service communications. We also receive information about you from third parties such as your payment providers and through publicly available sources. For example:

 

·       The banks you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well as your financial information, such as your bank account details.

·       Your business partners may provide us with your name and address, as well as financial information.

·       Advertising networks, analytics providers and search information providers may provide us with anonymized or de-identified information about you, such as confirming how you found our Services.

·       Credit reference agencies provide us with information that is used to corroborate the information you have provided to us.


How and Why We Use Your Personal Data


Purpose of Processing

Categories of Personal Data

Legal Basis (only applicable in the European Economic Area and the UK)

Data Retention

To register you as a new customer

·       Identification Data

·       Account Data

·       Contact Data

·       Financial Data

Performance of a contract

 

Relationship duration + 5 years after cancellation 

To carry out and comply with anti-money laundering requirements

·       Identification Data

·       Account Data

·       Contact Data

·       Financial Data

·       Biometric Data

Legitimate Interests (i.e. ensuring the integrity of our Services)

 

Consent for biometric data

Relationship duration + 5 years after cancellation 

To process and deliver our Services and any app features to you, including executing, managing and processing any instructions or orders you make

·       Identification Data

·       Contact Data

·       Financial Data

·       Transactional Data

·       Technical Data

·       Marketing and Communications Data

Performance of a contract

Relationship duration + 6 years after cancellation 

To manage, process, collect and transfer payments, fees and charges, and to collect and recover payments owed to us

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Transactional Data

·      Marketing and Communications Data

Performance of a contract

 10 years

To ensure good management of our payments, fees and charges and collection and recovery of payments owned to us

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

Performance of a contract

 10 years

To manage risk and crime prevention including performing anti-money laundering, counter-terrorism, sanction screening, fraud and other background checks, detecting, investigating, reporting and preventing financial crime in broad sense, obeying laws and regulations which apply to us and responding to complaints and resolving them

·      Identification Data

·      Contact Data

·      Account Data

·      Financial Data

·      Technical Data

·      Transactional Data

·      Data which might be revealed by KYC or other background checks (for example, because it has been reported in the press or is available in public registers)

Our legitimate interest in ensuring that we are not involved in dealing with the proceeds of criminal activities and do not assist in any other unlawful or fraudulent activities, as well as to develop and improve our internal systems for dealing with financial crime and to ensure effective dealing with complaints



Relationship duration + 6 years after cancellation 

To enable you to participate in and use our Services normally, and in case of abnormal use scenarios, we will use such data to locate and solve the issues. At the same time, we will also recommend more suitable products and services for you based on your business data

·      Identification Data

·      Contact Data

·      Account Data

·      Technical Data

·      Usage Data

·      Marketing and Communications Data

Performance of a contract

Consent, if required

Relationship duration + 6 years after cancellation 

To gather market data for studying customers' behavior, including their preference, interest and how they use our products/services, determining our marketing campaigns and growing our business

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Usage Data

·      Marketing and Communications Data

Legitimate interests of understanding our customers and improving our products and services

Consent for sending marketing communications where required

Relationship duration + 5 years after cancellation 

To administer and protect our Services and social media channels, including bans, troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data


We process your personal information in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services. Without processing your personal information, we may not be able to ensure the security of our Services

·      Identity Data

·      Account Data

·      Contact Data

·      Financial Data

·      Technical Data

·      Usage Data

·      Transactional Data

Legitimate interests:

Run our business, provision of administration and IT services, network security, prevent fraud and in the context of a business reorganization or group restructuring exercise

Relationship duration + 5 years after cancellation 

To deliver relevant Services and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

·      Identity Data

·      Account Data

·      Contact Data

·      Technical Data

·      Marketing and Communications Data

Legitimate interests:

Study how customers use our products/services,  develop them, grow our business and form our marketing strategy

 

Consent where legally required for using cookies and SDKs

Relationship duration + 5 years after cancellation 

To use data analytics to improve our Services, marketing, customer relationships and experiences

·      Technical Data

·      Usage Data

Legitimate interests: Define customer types for our products and services, keep our Services up-to-date and relevant, grow our business and develop our marketing strategies

 

Relationship duration + 5 years after cancellation 

To use the services of social media platforms or advertising platforms some of which will use the personal data they receive for their own purposes, including marketing purposes

·      Technical Data

·      Usage Data

Consent

Relationship duration + 5 years after cancellation 

To use the services of financial institutions, crime and fraud prevention companies, risk measuring companies to proactively prevent crime and fraud

·      Identification Data

·      Account Data

·      Contact Data

·      Risk management Data

·      Financial Data

·      Transactional Data

·      Technical Data

·      Usage Data

Legitimate interests:  Conduct our business activities on the market of financial services,  participate actively in the prevention of crime and fraud

Relationship duration + 5 years after cancellation 

To record voice calls and communications for compliance, maintaining client relationship, quality assurance and training purposes

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

·      Transactional Data

Legitimate interests:  Comply with the industry standards and requirements in payments services,  ensure the quality of our service, including by proper training of our personnel
Contract performance: provide customer service, build channels for suggestions, complaints and communication to improve your customer experience

Relationship duration + 5 years after cancellation 

To diagnose and resolve malfunction as soon as possible to enhance your user experience, in the event of any malfunction that disrupts your use of the Service (e.g. program crash, abnormal function, abnormal display)

·      Technical Data (including diagnostic data)

Consent

Relationship duration 5+ years after cancellation


How We May Share Your Personal Data

Please see “How and Why We Use Your Personal Data” section for detailed information on the recipients of your personal data.

Generally, we may share your personal data:

  • With our affiliates, partner organizations, or suppliers when it is reasonably necessary or desirable, such as helping to provide products and services to you or to analyse and improve the Services.

  • With our staff, agents, vendors, consultants, and other service providers who perform functions on our behalf. This might include, but is not necessarily limited to the business entities that provide e-mail address management and communication contact services, network equipment and application management providers and hosting entities, credit and debit card payment gateways and processors and the issuing and acquiring banks involved in the funds settlement procedures necessary to charge your cards or financial accounts, judicial, administrative and/or legal or financial accounting providers in the event that information must be reviewed or released in response to civil and/or criminal investigations, claims, lawsuits, or if we are subject to judicial or administrative process (such as an injunction) to release your information or to prosecute or defend legal actions, and other service providers that may be involved in the other types of services and activities otherwise discussed in this Privacy Policy.

  • To abide by applicable law or protect rights and interests. For example, we may disclose your personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse. 

  • In the event we sell or transfer all or a portion of our business assets (e.g., further to a merger, reorganization, liquidation, or any other business transaction), including negotiations of such transactions.


 

How We Use Tracking Technologies (“Cookies Policy”)

We may utilize online identification tools - such as cookies, web beacons, pixels or similar tracking technologies - in accordance with applicable law and requirements. “Cookies” are small text files placed on your device when you visit a website; they store information that is sent back to our servers or those of third parties. As described in more detail below, we use such technologies to:

  • Recognize new or past users;

  • Store your profile or authentication credentials if you are registered on the Services;

  • Improve the Services and to better understand your use of the Services;

  • Integrate with third-party social media websites;

  • Serve you with interest-based or targeted advertising;

  • Observe your behaviours and browsing activities over time across multiple websites or other platforms; and

  • Better understand the interests of our Services users.

Some cookies are required for certain uses of the Services. For example, if you choose to register an account through the Services, we will use cookies to facilitate your registration and remember your preferences.

Cookies are either “session” cookies, which are deleted when you end your browser session, or “persistent” cookies, which remain until you delete them or the party who served the cookie removes it. 


 

Different types of cookies may be used for specific purposes, for example:


 Cookie categories

Duration

Strictly Necessary Cookies

These cookies are necessary for the Services to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the website will not then work. These cookies do not store any personally identifiable information.

Up to 365 days

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and see how visitors move around the website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our website, and will not be able to monitor its performance.

Up to 2 years

Functional Cookies

These cookies enable our Services to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Up to 365 days

Targeting Cookies

These cookies may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other websites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising

Up to 365 days

Social media cookies

These cookies are set by a range of social media services that we have added to the website to enable you to share our content with your friends and networks. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

Up to 365 days

 

To see a list of all our cookies and their lifespan, or to opt-out of cookies, visit our cookie consent management platform available here.

You may also use your device or browser settings to disable certain tracking technologies. For example, you may turn off location tracking through your device’s or browser’s settings to disable the Services’ location tracking technologies, or set your browser settings either to receive our cookies or to use our Services without cookie functionality. Please note that if you restrict the use of tracking technologies, some functions of the Services may be unavailable, and we may not be able to present you with personally-tailored content. 

We may link the information collected by tracking technologies with other information we collect from you pursuant to this Privacy Policy. Similarly, the third parties who serve tracking technologies on our Services may link personal data we collect from you to other information they collect.

For more information on how Google Analytics uses data collected through the Services, visit: www.google.com/policies/privacy/partners/. To opt out of Google Analytics cookies, visit: http://www.google.com/settings/ads and https://tools.google.com/dlpage/gaoptout/.

Please contact us for more information on our use of tracking technologies and cookies.

How Long We Retain Your Personal Data

We will store your personal data for no longer than a period that is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records or take appropriate steps to properly anonymize it.

Please refer to the “How and Why We Use Your Personal Data” section above for relevant retention periods for each purpose of processing.


 

Personal Data Transfers

As WhaleFin operates globally, we do need to transfer your personal data internationally. In particular, your personal data may be transferred to and processed in Canada, Israel, Japan and possibly other countries.

Your Rights and Choices

You may have certain rights in relation to your personal data as required by the applicable law. Please refer to the Privacy Policy of your jurisdiction for details.  

How to Contact Us

Please contact us to make a query, raise a concern, or exercise your data protection rights.

The data controller for your personal data is WhaleFin Technologies Limited. You may reach out to our Data Security and Privacy Team here.

JURISDICTION-SPECIFIC ADDENDA

Additional provisions with respect to certain jurisdictions are included in the addenda to this Privacy Policy. If you are ordinarily resident in a jurisdiction listed, then the relevant terms for that jurisdiction apply to you. In the event of a conflict between an addendum and the front-end of this Privacy Policy, the provisions of the relevant addendum will prevail with respect to the relevant territory only.

EEA and UK

Personal Data Transfers

Where information is transferred outside the UK, the European Economic Area or Switzerland, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission or the UK Government, data is adequately protected by EU Commission approved standard contractual clauses or a vendor's Processor Binding Corporate Rules. For further information on the specific mechanism used to transfer your personal data, please contact us using the details below.

For transfers to Israel, please refer to the European Commission adequacy decision available here.

Your Rights and Choices

Subject to certain conditions, where the rights apply under applicable law, you may ask us to take the following actions in relation to your personal data:

  • Provide information in relation to processing your personal data and give you access to your personal data.

  • Update or correct inaccuracies in your personal data.

  • Delete your personal data.

  • Transfer a machine-readable copy of your personal data to you or a third party of your choice.

  • Restrict the processing of your personal data.

  • Object to our processing of your personal data for direct marketing purposes.

  • Object to reliance on our legitimate interests as the basis for processing of your personal data.

  • Where consent is the lawful basis, withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

These rights may be limited, for example, if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in the GDPR, UK GDPR, its local implementing legislation and the UK Data Protection Act 2018. We will inform you of relevant exemptions we rely upon when responding to any request you make.

You may exercise some of these rights and choices through account features such as editing your account settings when you are logged in. Additionally, you can submit these requests by e-mail or our postal address provided below. We may request specific information from you to help us confirm your identity prior to processing your request. If you would like to submit a complaint about our use of your personal data or our response to your requests regarding your personal data, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. If you are in the UK this will be the Information Commissioner’s Office.



WhaleFin Privacy Policy (HK)

Effective date: Last reviewed on February 20, 2022

Please select your country / region of residence to view the version of the policy applicable to you.

·      European Economic Area and the United Kingdom

·      South Korea

·      Hong Kong

·      Japan

·      Taiwan

·      Philippines

·      Indonesia

·      United States

Introduction

This Privacy Policy sets out how Whalefin Technologies Limited, and its affiliates and subsidiaries (“WhaleFin”, “we”, “us”, “our”) processes personal data obtained via our website https://www.whalefin.com/ and the “WhaleFin Platform” (including the WhaleFin mobile application software and any website protocols and applications made accessible to you by WhaleFin) (collectively the “Services”) – in our role as a data controller (i.e., when we are responsible for determining the purpose and means of the processing). This Policy also describes your data protection rights, including the right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “Your Rights and Choices” section below.

The Services are not available to users in Mainland China.

Personal Data We Collect

Personal data collected via the Services include:

·       Identification Data: Full name, date of birth, nationality, gender, utility bill, photographs (headshots, live photographs and photograph sets), occupation, passport, driver license, national identity card, passport number, passport details, driver license details, national identity card details and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws or integrity best practices.

·       Institutional Data: Employer identification number (or other similar number issued by a government), and/or personal identification information for all material beneficial owners, list of current directors of the institution.

·       Contact Data: Phone number and/or email.

·       Geographic Location Data: IP address, country code, post code, work address for institutional customers, personal address, proof of address such as a bank statement, housing contract or a utility bill.

·       Financial Data: Bank account information (e.g. account no, and sort code), remittances account, Bank Account Type (SWIFT/ABA), SWIFT code, ABA Number, legal tender deposit proof information, currency type, top-up amount, withdrawal amount, virtual assets (“red envelopes”, coupons, interest rate coupons), payment card primary account number (PAN), cryptocurrency deposit address, proposed investment amount, source of wealth, annual income and deposit plan.

·       Account Data: Account name, Customer ID, password, Username.

·       Transaction Data: Information about the transactions you make on our Services, such as the details of transactions orders, the details of payment, the name of the recipient, your name, the amount and/or timestamp virtual assets you hold in your account.

·       Usage Data: Authentication data, click-stream data, cookies, pixel tags and other similar technologies that uniquely identify your browser where you give consent to such technologies where your consent is required.

·       Biometric Data:  your facial biometric data obtained during KYC identity verification.

·       Technical Data: device type, classification and model, unique device identification numbers (e.g. OAID, AndroidID, IDFV, IDFA, GAID, IMEI), Submit Source (Web or App), Telecom Operator Information, Browser type and version,  browser plug-in type and version, application version and SDK version, operating system and platform, language settings, privacy preferences, time zone setting, diagnostic data, such as crash logs and any other data we collect to measure technical diagnostics with your consent where required and other information stored or available on the device that you allow us to access when you visit the Site or use the Services or applications, the full URL clickstream to, through and from the Services, cookie Identifier and your activity on our Services, including the pages you visited, the searches you made and, if relevant, the services you purchase.

·       Marketing and Communications Data: marketing communication preference, survey responses, information provided to our support team, trading team, sales team and/or user research team.

·       Risk Management Data: Personal credit information, including repayment history, credit information and debt information, etc. Judicial data, litigation-related, case-involved information, Compliance assessment, the risk assessment, risk level, KYC authentication result and failure reason.

We obtain information about you in a number of ways through your use of our Services, including through any of our Services, the account opening process, webinar sign-up forms, event subscribing, news and updates subscribing, and from information provided in the course of ongoing support service communications. We also receive information about you from third parties such as your payment providers and through publicly available sources. For example:

·      The banks you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well as your financial information such as your bank account details.

·      Your business partners may provide us with your name and address, as well as financial information.

·      Advertising networks, analytics providers and search information providers may provide us with anonymized or de-identified information about you, such as confirming how you found our Services.

·      Credit reference agencies provide us with information which is used to corroborate the information you have provided to us.



How and Why We Use Your Personal Data


Purpose of Processing

Categories of personal data

Data Retention

To register you as a new customer

·       Identification Data

·       Account Data

·       Contact Data

·       Financial Data

Relationship duration + 5 years after cancellation 

To carry out and comply with anti-money laundering requirements

·       Identification Data

·       Account Data

·       Contact Data

·       Financial Data

·       Biometric Data

Relationship duration + 5 years after cancellation 

To process and deliver our Services and any app features to you, including to execute, manage and process any instructions or orders you make

·       Identification Data

·       Contact Data

·       Financial Data

·       Transactional Data

·       Technical Data

·       Marketing and Communications Data

Relationship duration + 6 years after cancellation 

To manage, process, collect and transfer payments, fees and charges, and to collect and recover payments owed to us

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Transactional Data

·      Marketing and Communications Data

10 years

To ensure good management of our payments, fees and charges and collection and recovery of payments owned to us

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

10 years

To manage risk and crime prevention including performing anti-money laundering, counter terrorism, sanction screening, fraud and other background checks, detect, investigate, report and prevent financial crime in broad sense, obey laws and regulations which apply to us and response to complaints and resolving them

·      Identification Data

·      Contact Data

·      Account Data

·      Financial Data

·      Technical Data

·      Transactional Data

·      Data which might be revealed by KYC or other background checks (for example, because it has been reported in the press or is available in public registers)

Relationship duration + 6 years after cancellation 

To enable you to participate in and use our Services normally, in case of abnormal use scenarios, we will use such data to locate and solve the issues. At the same time, we will also recommend more suitable products and services for you based on your business data

·      Identification Data

·      Contact Data

·      Account Data

·      Technical Data

·      Usage Data

·      Marketing and Communications Data

Relationship duration + 6 years after cancellation 

To gather market data for studying customers' behavior including their preference, interest and how they use our products/services, determining our marketing campaigns and growing our business

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Usage Data

·      Marketing and Communications Data

Relationship duration + 5 years after cancellation 

To administer and protect our Services and social media channels including bans, troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data


We process your personal information in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services. Without processing your personal information, we may not be able to ensure the security of our Services

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

·      Technical Data

·      Usage Data

·      Transactional Data

Relationship duration + 5 years after cancellation 

To deliver relevant Services and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data
Marketing and Communications Data

Relationship duration + 5 years after cancellation 

To use data analytics to improve our Services, marketing, customer relationships and experiences

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To use the services of social media platforms or advertising platforms some of which will use the personal data they receive for their own purposes, including marketing purposes

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To use the services of financial institutions, crime and fraud prevention companies, risk measuring companies to proactively prevent crime and fraud

·      Identification Data

·      Account Data

·      Contact Data

·      Risk management Data

·      Financial Data

·      Transactional Data

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To record voice calls and communications for compliance, maintaining client relationship, quality assurance and training purposes

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

·      Transactional Data

Relationship duration + 5 years after cancellation 

To diagnose and resolve malfunction as soon as possible to enhance your user experience, in the event of any malfunction that disrupts your use of the Service (e.g. program crash, abnormal function, abnormal display)

·      Technical Data (including diagnostic data)

Relationship duration 5+ years after cancellation


How We May Share Your Personal Data

Please see “How and Why We Use Your Personal Data” section for detailed information on the recipients of your personal data.

Generally, we may share your personal data:

  • With our affiliates, partner organizations, or suppliers when it is reasonably necessary or desirable, such as to help provide products and services to you or analyse and improve the Services.

  • With our staff, agents, vendors, consultants, and other service providers who perform functions on our behalf. This might include, but is not necessarily limited to the business entities that provide e-mail address management and communication contact services, network equipment and application management providers and hosting entities, credit and debit card payment gateways and processors and the issuing and acquiring banks involved in the funds settlement procedures necessary to charge your cards or financial accounts, judicial, administrative and/or legal or financial accounting providers in the event that information must be reviewed or released in response to civil and/or criminal investigations, claims, lawsuits, or if we are subject to judicial or administrative process (such as an injunction) to release your information or to prosecute or defend legal actions, and other service providers which may be involved in the other types of services and activities otherwise discussed in this Privacy Policy.

  • To abide by applicable law or protect rights and interests.  For example, we may disclose your personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse. 

  • In the event we sell or transfer all or a portion of our business assets (e.g., further to a merger, reorganization, liquidation, or any other business transaction), including negotiations of such transactions.


 

How We Use Tracking Technologies (“Cookies Policy”)

We may utilize online identification tools—such as cookies, web beacons, pixels or similar tracking technologies—in accordance with applicable law and requirements. “Cookies” are small text files placed on your device when you visit a website; they store information which is sent back to our servers or those of third parties. As described in more detail below, we use such technologies to:

  • Recognize new or past users;

  • Store your profile or authentication credentials if you are registered on the Services;

  • Improve the Services and to better understand your use of the Services;

  • Integrate with third-party social media websites;

  • Serve you with interest-based or targeted advertising;

  • Observe your behaviours and browsing activities over time across multiple websites or other platforms; and

  • Better understand the interests of our Services users.

Some cookies are required for certain uses of the Services. For example, if you choose to register an account through the Services, we will use cookies to facilitate your registration and remember your preferences.

Cookies are either “session” cookies, which are deleted when you end your browser session, or “persistent” cookies, which remain until you delete them or the party who served the cookie removes it. 


 

Different types of cookies may be used for specific purposes, for example:


Cookie categories

Duration

Strictly Necessary Cookies

These cookies are necessary for the Services to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the website will not then work. These cookies do not store any personally identifiable information.

Up to 365 days

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and see how visitors move around the website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our website, and will not be able to monitor its performance.

Up to 2 years

Functional Cookies

These cookies enable our Services to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Up to 365 days

Targeting Cookies

These cookies may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other websites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising

Up to 365 days

Social media cookies

These cookies are set by a range of social media services that we have added to the website to enable you to share our content with your friends and networks. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

Up to 365 days

 

To see a list of all our cookies and their lifespan, or to opt-out of cookies, visit our cookie consent management platform available here.

You may also use your device or browser settings to disable certain tracking technologies.  For example, you may turn off location tracking through your device’s or browser’s settings to disable the Services’ location tracking technologies, or set your browser settings either to receive our cookies or to use our Services without cookie functionality.  Please note that if you restrict the use of tracking technologies, some functions of the Services may be unavailable, and we may not be able to present you with personally-tailored content. 

We may link the information collected by tracking technologies with other information we collect from you pursuant to this Privacy Policy. Similarly, the third parties who serve tracking technologies on our Services may link personal data we collect from you to other information they collect.

For more information on how Google Analytics uses data collected through the Services, visit: www.google.com/policies/privacy/partners/. To opt out of Google Analytics cookies, visit: http://www.google.com/settings/ads and https://tools.google.com/dlpage/gaoptout/.

Please contact us for more information on our use of tracking technologies and cookies.

How Long We Retain Your Personal Data

We will store your personal data for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law.  To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements.  Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records or take appropriate steps to properly anonymize it.

Please refer to the “How and Why We Use Your Personal Data” section above for relevant retention periods for each purpose of processing.


 

Personal Data Transfers

As WhaleFin operates globally, we do need to transfer your personal data internationally. In particular, your personal data may be transferred to and processed in Canada, Israel, Japan and possibly other countries.

Your Rights and Choices

You may have certain rights in relation to your personal data as required by the applicable law. Please refer to the Privacy Policy of your jurisdiction for details.  

How to Contact Us

Please contact us to make a query, raise a concern, or exercise your data protection rights.

The data controller for your personal data is WhaleFin Technologies Limited. You may reach out to our Data Security and Privacy Team here.

JURISDICTION-SPECIFIC ADDENDA

Additional provisions with respect to certain jurisdictions are included in the addenda to this privacy policy. If you are ordinarily resident in a jurisdiction listed, then the relevant terms for that jurisdiction apply to you. In the event of a conflict between an addendum and the front-end of this privacy policy, the provisions of the relevant addendum will prevail with respect to the relevant territory only.

HONG KONG

It is not mandatory for you to provide us with your personal data as mentioned above under “Personal Data We Collect”, but if you do not provide us with your personal data, we may not be able to provide you with our goods and services.

Direct Marketing

We may use your personal data such as your Identification Data, Account Data, Contact Data, Technical Data, Marketing and Communications Data for direct marketing purposes in relation to our products and services and we may only do so once we have obtained your consent. You may withdraw your consent any time by contacting our Data Security and Privacy Team here.

We may also provide your Technical Data and Usage Data to third parties for their direct marketing purposes and we may only do so once we have obtained your consent. You may withdraw your consent any time by contacting our Data Security and Privacy Team here.

Your Rights

You may contact our DPO Carl Hu in relation to your data access and data correction rights here.



WhaleFin Privacy Policy (Indonesia)

Effective date: Last reviewed on February 20, 2022

Please select your country / region of residence to view the version of the policy applicable to you.

·      European Economic Area and the United Kingdom

·      South Korea

·      Hong Kong

·      Japan

·      Taiwan

·      Philippines

·      Indonesia

·      United States

Introduction

This Privacy Policy sets out how WhaleFin Technologies Limited, and its affiliates and subsidiaries (“WhaleFin”, “we”, “us”, “our”) processes personal data obtained via our website https://www.whalefin.com/ and the “WhaleFin Platform” (including the WhaleFin mobile application software and any website protocols and applications made accessible to you by WhaleFin) (collectively the “Services”) – in our role as a data controller (i.e., when we are responsible for determining the purpose and means of the processing). This Policy also describes your data protection rights, including the right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “Your Rights and Choices” section below.

The Services are not available to users in Mainland China.

Personal Data We Collect

Personal data collected via the Services include:

·       Identification Data: Full name, date of birth, nationality, gender, utility bill, photographs (headshots, live photographs and photograph sets), occupation, passport, driver license, national identity card, passport number, passport details, driver license details, national identity card details and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws or integrity best practices.

·       Institutional Data: Employer identification number (or other similar number issued by a government), and/or personal identification information for all material beneficial owners, list of current directors of the institution.

·       Contact Data: Phone number and/or email.

·       Geographic Location Data: IP address, country code, post code, work address for institutional customers, personal address, proof of address such as a bank statement, housing contract or a utility bill.

·       Financial Data: Bank account information (e.g. account no, and sort code), remittances account, Bank Account Type (SWIFT/ABA), SWIFT code, ABA Number, legal tender deposit proof information, currency type, top-up amount, withdrawal amount, virtual assets (“red envelopes”, coupons, interest rate coupons), payment card primary account number (PAN), cryptocurrency deposit address, proposed investment amount, source of wealth, annual income and deposit plan.

·       Account Data: Account name, Customer ID, password, Username.

·       Transaction Data: Information about the transactions you make on our Services, such as the details of transactions orders, the details of payment, the name of the recipient, your name, the amount and/or timestamp virtual assets you hold in your account.

·       Usage Data: Authentication data, click-stream data, cookies, pixel tags and other similar technologies that uniquely identify your browser where you give consent to such technologies where your consent is required.

·       Biometric Data:  your facial biometric data obtained during KYC identity verification.

·       Technical Data: device type, classification and model, unique device identification numbers (e.g. OAID, AndroidID, IDFV, IDFA, GAID, IMEI), Submit Source (Web or App), Telecom Operator Information, Browser type and version,  browser plug-in type and version, application version and SDK version, operating system and platform, language settings, privacy preferences, time zone setting, diagnostic data, such as crash logs and any other data we collect to measure technical diagnostics with your consent where required and other information stored or available on the device that you allow us to access when you visit the Site or use the Services or applications, the full URL clickstream to, through and from the Services, cookie Identifier and your activity on our Services, including the pages you visited, the searches you made and, if relevant, the services you purchase.

·       Marketing and Communications Data: marketing communication preference, survey responses, information provided to our support team, trading team, sales team and/or user research team.

·       Risk Management Data: Personal credit information, including repayment history, credit information and debt information, etc. Judicial data, litigation-related, case-involved information, Compliance assessment, the risk assessment, risk level, KYC authentication result and failure reason.

We obtain information about you in a number of ways through your use of our Services, including through any of our Services, the account opening process, webinar sign-up forms, event subscribing, news and updates subscribing, and from information provided in the course of ongoing support service communications. We also receive information about you from third parties such as your payment providers and through publicly available sources. For example:

·       The banks you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well as your financial information such as your bank account details.

·       Your business partners may provide us with your name and address, as well as financial information.

·       Advertising networks, analytics providers and search information providers may provide us with anonymized or de-identified information about you, such as confirming how you found our Services.

·       Credit reference agencies provide us with information which is used to corroborate the information you have provided to us.



How and Why We Use Your Personal Data


Purpose of Processing

Categories of personal data

Data Retention

To register you as a new customer

·       Identification Data

·       Account Data

·       Contact Data

·       Financial Data

Relationship duration + 5 years after cancellation 

To carry out and comply with anti-money laundering requirements

·       Identification Data

·       Account Data

·       Contact Data

·       Financial Data

·       Biometric Data

Relationship duration + 5 years after cancellation 

To process and deliver our Services and any app features to you, including to execute, manage and process any instructions or orders you make

·       Identification Data

·       Contact Data

·       Financial Data

·       Transactional Data

·       Technical Data

·       Marketing and Communications Data

Relationship duration + 6 years after cancellation 

To manage, process, collect and transfer payments, fees and charges, and to collect and recover payments owed to us

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Transactional Data

·      Marketing and Communications Data

10 years

To ensure good management of our payments, fees and charges and collection and recovery of payments owned to us

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

10 years

To manage risk and crime prevention including performing anti-money laundering, counter terrorism, sanction screening, fraud and other background checks, detect, investigate, report and prevent financial crime in broad sense, obey laws and regulations which apply to us and response to complaints and resolving them

·      Identification Data

·      Contact Data

·      Account Data

·      Financial Data

·      Technical Data

·      Transactional Data

·      Data which might be revealed by KYC or other background checks (for example, because it has been reported in the press or is available in public registers)

Relationship duration + 6 years after cancellation 

To enable you to participate in and use our Services normally, in case of abnormal use scenarios, we will use such data to locate and solve the issues. At the same time, we will also recommend more suitable products and services for you based on your business data

·      Identification Data

·      Contact Data

·      Account Data

·      Technical Data

·      Usage Data

·      Marketing and Communications Data

Relationship duration + 6 years after cancellation 

To gather market data for studying customers' behavior including their preference, interest and how they use our products/services, determining our marketing campaigns and growing our business

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Usage Data

·      Marketing and Communications Data

Relationship duration + 5 years after cancellation 

To administer and protect our Services and social media channels including bans, troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data


We process your personal information in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services. Without processing your personal information, we may not be able to ensure the security of our Services

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

·      Technical Data

·      Usage Data

·      Transactional Data

Relationship duration + 5 years after cancellation 

To deliver relevant Services and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

·      Identification Data

·      Account Data
Contact Data

·      Technical Data
Marketing and Communications Data

Relationship duration + 5 years after cancellation 

To use data analytics to improve our Services, marketing, customer relationships and experiences

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To use the services of social media platforms or advertising platforms some of which will use the personal data they receive for their own purposes, including marketing purposes

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To use the services of financial institutions, crime and fraud prevention companies, risk measuring companies to proactively prevent crime and fraud

·      Identification Data

·      Account Data

·      Contact Data

·      Risk management Data

·      Financial Data

·      Transactional Data

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To record voice calls and communications for compliance, maintaining client relationship, quality assurance and training purposes

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

·      Transactional Data

Relationship duration + 5 years after cancellation 

To diagnose and resolve malfunction as soon as possible to enhance your user experience, in the event of any malfunction that disrupts your use of the Service (e.g. program crash, abnormal function, abnormal display)

·      Technical data (including diagnostic data)

Relationship duration 5+ years after cancellation


How We May Share Your Personal Data

Please see “How and Why We Use Your Personal Data” section for detailed information on the recipients of your personal data.

Generally, we may share your personal data:

  • With our affiliates, partner organizations, or suppliers when it is reasonably necessary or desirable, such as to help provide products and services to you or analyse and improve the Services.

  • With our staff, agents, vendors, consultants, and other service providers who perform functions on our behalf. This might include, but is not necessarily limited to the business entities that provide e-mail address management and communication contact services, network equipment and application management providers and hosting entities, credit and debit card payment gateways and processors and the issuing and acquiring banks involved in the funds settlement procedures necessary to charge your cards or financial accounts, judicial, administrative and/or legal or financial accounting providers in the event that information must be reviewed or released in response to civil and/or criminal investigations, claims, lawsuits, or if we are subject to judicial or administrative process (such as an injunction) to release your information or to prosecute or defend legal actions, and other service providers which may be involved in the other types of services and activities otherwise discussed in this Privacy Policy.

  • To abide by applicable law or protect rights and interests.  For example, we may disclose your personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse. 

  • In the event we sell or transfer all or a portion of our business assets (e.g., further to a merger, reorganization, liquidation, or any other business transaction), including negotiations of such transactions.


 

How We Use Tracking Technologies (“Cookies Policy”)

We may utilize online identification tools—such as cookies, web beacons, pixels or similar tracking technologies—in accordance with applicable law and requirements. “Cookies” are small text files placed on your device when you visit a website; they store information which is sent back to our servers or those of third parties. As described in more detail below, we use such technologies to:

  • Recognize new or past users;

  • Store your profile or authentication credentials if you are registered on the Services;

  • Improve the Services and to better understand your use of the Services;

  • Integrate with third-party social media websites;

  • Serve you with interest-based or targeted advertising;

  • Observe your behaviours and browsing activities over time across multiple websites or other platforms; and

  • Better understand the interests of our Services users.

Some cookies are required for certain uses of the Services. For example, if you choose to register an account through the Services, we will use cookies to facilitate your registration and remember your preferences.

Cookies are either “session” cookies, which are deleted when you end your browser session, or “persistent” cookies, which remain until you delete them or the party who served the cookie removes it. 


 

Different types of cookies may be used for specific purposes, for example:


Cookie categories

Duration

Strictly Necessary Cookies

These cookies are necessary for the Services to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the website will not then work. These cookies do not store any personally identifiable information.

Up to 365 days

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and see how visitors move around the website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our website, and will not be able to monitor its performance.

Up to 2 years

Functional Cookies

These cookies enable our Services to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Up to 365 days

Targeting Cookies

These cookies may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other websites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising

Up to 365 days

Social media cookies

These cookies are set by a range of social media services that we have added to the website to enable you to share our content with your friends and networks. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

Up to 365 days

 

To see a list of all our cookies and their lifespan, or to opt-out of cookies, visit our cookie consent management platform available here.

You may also use your device or browser settings to disable certain tracking technologies.  For example, you may turn off location tracking through your device’s or browser’s settings to disable the Services’ location tracking technologies, or set your browser settings either to receive our cookies or to use our Services without cookie functionality.  Please note that if you restrict the use of tracking technologies, some functions of the Services may be unavailable, and we may not be able to present you with personally-tailored content. 

We may link the information collected by tracking technologies with other information we collect from you pursuant to this Privacy Policy.  Similarly, the third parties who serve tracking technologies on our Services may link personal data we collect from you to other information they collect.

For more information on how Google Analytics uses data collected through the Services, visit: www.google.com/policies/privacy/partners/. To opt out of Google Analytics cookies, visit: http://www.google.com/settings/ads and https://tools.google.com/dlpage/gaoptout/.

Please contact us for more information on our use of tracking technologies and cookies.

How Long We Retain Your Personal Data

We will store your personal data for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law.  To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements.  Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records or take appropriate steps to properly anonymize it.

Please refer to the “How and Why We Use Your Personal Data” section above for relevant retention periods for each purpose of processing.


 

Personal Data Transfers

As WhaleFin operates globally, we do need to transfer your personal data internationally. In particular, your personal data may be transferred to and processed in Canada, Israel, Japan and possibly other countries.

Your Rights and Choices

You may have certain rights in relation to your personal data as required by the applicable law. Please refer to the Privacy Policy of your jurisdiction for details.  

How to Contact Us

Please contact us to make a query, raise a concern, or exercise your data protection rights.

The data controller for your personal data is WhaleFin Technologies Limited. You may reach out to our Data Security and Privacy Team here.

JURISDICTION-SPECIFIC ADDENDA

Additional provisions with respect to certain jurisdictions are included in the addenda to this privacy policy. If you are ordinarily resident in a jurisdiction listed, then the relevant terms for that jurisdiction apply to you. In the event of a conflict between an addendum and the front-end of this privacy policy, the provisions of the relevant addendum will prevail with respect to the relevant territory only.

INDONESIA

Personal Data Transfer

Where personal data is transferred abroad, the transfer will be done in compliance with the applicable laws and regulations in Indonesia. This includes, when required under the law, requiring the party who receives the personal data to implement all necessary measures to ensure that level of protection of personal data by the personal data recipient is equal to ours.

Data Retention

To comply with the applicable laws and regulations in Indonesia, we will store your personal data in an encrypted form.

Your Rights and Choice

As a data subject, you are entitled to certain rights and obligations, including rights to:

  • the confidentiality of your personal data. We will ensure that the confidentiality of your personal data is protected while processed and stored in our system.

  • change or update your personal data. Please note that this right to subject to the condition such change or update of your personal data does not interfere with our personal data management system, except if it is strictly required under the applicable laws and regulations.

  • obtain from us the history of your personal data processed by us.

  • request us to delete your personal data processed by us. Please note that some personal data might not be deleted by the applicable laws and regulations. In that case, we will not be able to comply with your request and will inform you of the reason of our refusal. 

The scope of the above rights might change should the applicable laws and regulations pertaining rights of a data subject also change. We will nevertheless ensure that your rights are always guaranteed pursuant to the applicable laws and regulations.

Should you have any query or request pertaining to your rights, please contact us. We will respond to you query or request as per the policy determined by us from time to time.



WhaleFin Privacy Policy (Japan)

Effective date: Last reviewed on February 20, 2022

Please select your country / region of residence to view the version of the policy applicable to you.

·      European Economic Area and the United Kingdom

·      South Korea

·      Hong Kong

·      Japan

·      Taiwan

·      Philippines

·      Indonesia

·      United States

Introduction

This Privacy Policy sets out how WhaleFin Technologies Limited, and its affiliates and subsidiaries (“WhaleFin”, “we”, “us”, “our”) processes personal data obtained via our website https://www.whalefin.com/ and the “WhaleFin Platform” (including the WhaleFin mobile application software and any website protocols and applications made accessible to you by WhaleFin) (collectively the “Services”) – in our role as a data controller (i.e. when we are responsible for determining the purpose and means of the processing). This Privacy Policy also describes your data protection rights, including the right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “Your Rights and Choices” section below.

Personal Data We Collect

Personal data collected via the Services include:

·       Identification Data: Full name, date of birth, nationality, gender, utility bill, photographs (headshots, live photographs and photograph sets), occupation, passport, driver license, national identity card, passport number, passport details, driver license details, national identity card details and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws or integrity best practices.

·       Institutional Data: Employer identification number (or other similar number issued by a government), and/or personal identification information for all material beneficial owners and/or list of current directors of the institution.

·       Contact Data: Phone number and/or e-mail.

·       Geographic Location Data: IP address, country code, post code, work address for institutional customers, personal address and/or proof of address, such as a bank statement, housing contract or a utility bill.

·       Financial Data: Bank account information (e.g. account number, and sort code), remittances account, Bank Account Type (SWIFT/ABA), SWIFT code, ABA Number, legal tender deposit proof information, currency type, top-up amount, withdrawal amount, virtual assets (“red envelopes”, coupons, interest rate coupons), payment card primary account number (PAN), cryptocurrency deposit address, proposed investment amount, source of wealth, annual income and deposit plan.

·       Account Data: Account name, customer ID, password and/or username.

·       Transaction Data: Information about the transactions you make on our Services, such as the details of transactions orders, the details of payment, the name of the recipient, your name, the amount and/or timestamp virtual assets you hold in your account.

·       Usage Data: Authentication data, click-stream data, cookies, pixel tags and other similar technologies that uniquely identify your browser where you give consent to such technologies where your consent is required.

·       Biometric Data: Your facial biometric data obtained during KYC identity verification.

·       Technical Data: Device type, classification and model, unique device identification numbers (e.g. OAID, AndroidID, IDFV, IDFA, GAID, IMEI), Submit Source (Web or App), Telecom Operator Information, browser type and version, browser plug-in type and version, application version and SDK version, operating system and platform, language settings, privacy preferences, time zone setting, diagnostic data, such as crash logs and any other data we collect to measure technical diagnostics with your consent where required and other information stored or available on the device that you allow us to access when you visit the website or use the Services or applications, the full URL clickstream to, through and from the Services, cookie Identifier and your activity on our Services, including the pages you visited, the searches you made and, if relevant, the services you purchase.

·       Marketing and Communications Data: Marketing communication preference, survey responses, information provided to our support team, trading team, sales team and/or user research team.

·       Risk Management Data: Personal credit information, including repayment history, credit information and debt information, etc. Judicial Data, litigation-related, case-involved information, compliance assessment, the risk assessment, risk level, KYC authentication result and failure reason.

We obtain information about you in a number of ways through your use of our Services, including, but not limited to, through the account registration, event and webinar registrations, news and updates subscriptions, and information provided in the course of ongoing support service communications. We also receive information about you from third parties such as your payment providers and through publicly available sources. For example:

 

·       The banks you use to transfer money to us will provide us with your basic personal data, such as your name and address, as well as your financial information, such as your bank account details.

·       Your business partners may provide us with your name and address, as well as financial information.

·       Advertising networks, analytics providers and search information providers may provide us with anonymized or de-identified information about you, such as confirming how you found our Services.

·       Credit reference agencies provide us with information that is used to corroborate the information you have provided to us.



How and Why We Use Your Personal Data


Purpose of Processing

Categories of Personal Data

Data Retention

To register you as a new customer

·       Identification Data

·       Account Data

·       Contact Data

·       Financial Data

Relationship duration + 5 years after cancellation 

To carry out and comply with anti-money laundering requirements

·       Identification Data

·       Account Data

·       Contact Data

·       Financial Data

·       Biometric Data

Relationship duration + 5 years after cancellation 

To process and deliver our Services and any app features to you, including executing, managing and processing any instructions or orders you make

·       Identification Data

·       Contact Data

·       Financial Data

·       Transactional Data

·       Technical Data

·       Marketing and Communications Data

Relationship duration + 6 years after cancellation 

To manage, process, collect and transfer payments, fees and charges, and to collect and recover payments owed to us

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Transactional Data

·      Marketing and Communications Data

 10 years

To ensure good management of our payments, fees and charges and collection and recovery of payments owned to us

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

 10 years

To manage risk and crime prevention including performing anti-money laundering, counter-terrorism, sanction screening, fraud and other background checks, detecting, investigating, reporting and preventing financial crime in broad sense, obeying laws and regulations which apply to us and responding to complaints and resolving them

·      Identification Data

·      Contact Data

·      Account Data

·      Financial Data

·      Technical Data

·      Transactional Data

·      Data which might be revealed by KYC or other background checks (for example, because it has been reported in the press or is available in public registers)

Relationship duration + 6 years after cancellation 

To enable you to participate in and use our Services normally, and in case of abnormal use scenarios, we will use such data to locate and solve the issues. At the same time, we will also recommend more suitable products and services for you based on your business data

·      Identification Data

·      Contact Data

·      Account Data

·      Technical Data

·      Usage Data

·      Marketing and Communications Data

Relationship duration + 6 years after cancellation 

To gather market data for studying customers' behavior, including their preference, interest and how they use our products/services, determining our marketing campaigns and growing our business

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Usage Data

·      Marketing and Communications Data

Relationship duration + 5 years after cancellation 

To administer and protect our Services and social media channels, including bans, troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data


We process your personal data in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services. Without processing your personal data, we may not be able to ensure the security of our Services

·      Identity Data

·      Account Data

·      Contact Data

·      Financial Data

·      Technical Data

·      Usage Data

·      Transactional Data

Relationship duration + 5 years after cancellation 

To deliver relevant Services and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

·      Identity Data

·      Account Data

·      Contact Data

·      Technical Data

·      Marketing and Communications Data

Relationship duration + 5 years after cancellation 

To use data analytics to improve our Services, marketing, customer relationships and experiences

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To use the services of social media platforms or advertising platforms some of which will use the personal data they receive for their own purposes, including marketing purposes

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To use the services of financial institutions, crime and fraud prevention companies, risk measuring companies to proactively prevent crime and fraud

·      Identification Data

·      Account Data

·      Contact Data

·      Risk management Data

·      Financial Data

·      Transactional Data

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To record voice calls and communications for compliance, maintaining client relationship, quality assurance and training purposes

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

·      Transactional Data

Relationship duration + 5 years after cancellation 

To diagnose and resolve malfunction as soon as possible to enhance your user experience, in the event of any malfunction that disrupts your use of the Service (e.g. program crash, abnormal function, abnormal display)

·      Technical Data (including diagnostic data)

Relationship duration 5+ years after cancellation


How We May Share Your Personal Data

Please see “How and Why We Use Your Personal Data” section for detailed information on the recipients of your personal data.

Generally, we may share your personal data:

  • With our affiliates, partner organizations, or suppliers when it is reasonably necessary or desirable, such as helping to provide products and services to you or to analyse and improve the Services.

  • With our staff, agents, vendors, consultants, and other service providers who perform functions on our behalf. This might include, but is not necessarily limited to the business entities that provide e-mail address management and communication contact services, network equipment and application management providers and hosting entities, credit and debit card payment gateways and processors and the issuing and acquiring banks involved in the funds settlement procedures necessary to charge your cards or financial accounts, judicial, administrative and/or legal or financial accounting providers in the event that information must be reviewed or released in response to civil and/or criminal investigations, claims, lawsuits, or if we are subject to judicial or administrative process (such as an injunction) to release your information or to prosecute or defend legal actions, and other service providers that may be involved in the other types of services and activities otherwise discussed in this Privacy Policy.

  • To abide by applicable law or protect rights and interests. For example, we may disclose your personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse. 

  • In the event we sell or transfer all or a portion of our business assets (e.g., further to a merger, reorganization, liquidation, or any other business transaction), including negotiations of such transactions.


 

How We Use Tracking Technologies (“Cookies Policy”)

We may utilize online identification tools - such as cookies, web beacons, pixels or similar tracking technologies - in accordance with applicable law and requirements. “Cookies” are small text files placed on your device when you visit a website; they store information that is sent back to our servers or those of third parties. As described in more detail below, we use such technologies to:

  • Recognize new or past users;

  • Store your profile or authentication credentials if you are registered on the Services;

  • Improve the Services and to better understand your use of the Services;

  • Integrate with third-party social media websites;

  • Serve you with interest-based or targeted advertising;

  • Observe your behaviours and browsing activities over time across multiple websites or other platforms; and

  • Better understand the interests of our Services users.

Some cookies are required for certain uses of the Services. For example, if you choose to register an account through the Services, we will use cookies to facilitate your registration and remember your preferences.

Cookies are either “session” cookies, which are deleted when you end your browser session, or “persistent” cookies, which remain until you delete them or the party who served the cookie removes it. 


 

Different types of cookies may be used for specific purposes, for example:


Cookie categories

Duration

Strictly Necessary Cookies

These cookies are necessary for the Services to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the website will not then work. These cookies do not store any personally identifiable information.

Up to 365 days

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and see how visitors move around the website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our website, and will not be able to monitor its performance.

Up to 2 years

Functional Cookies

These cookies enable our Services to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Up to 365 days

Targeting Cookies

These cookies may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other websites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising

Up to 365 days

Social media cookies

These cookies are set by a range of social media services that we have added to the website to enable you to share our content with your friends and networks. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

Up to 365 days

 

To see a list of all our cookies and their lifespan, or to opt-out of cookies, visit our cookie consent management platform available here.

You may also use your device or browser settings to disable certain tracking technologies. For example, you may turn off location tracking through your device’s or browser’s settings to disable the Services’ location tracking technologies, or set your browser settings either to receive our cookies or to use our Services without cookie functionality. Please note that if you restrict the use of tracking technologies, some functions of the Services may be unavailable, and we may not be able to present you with personally-tailored content. 

We may link the information collected by tracking technologies with other information we collect from you pursuant to this Privacy Policy. Similarly, the third parties who serve tracking technologies on our Services may link personal data we collect from you to other information they collect.

For more information on how Google Analytics uses data collected through the Services, visit: www.google.com/policies/privacy/partners/. To opt out of Google Analytics cookies, visit: http://www.google.com/settings/ads and https://tools.google.com/dlpage/gaoptout/.

Please contact us for more information on our use of tracking technologies and cookies.

How Long We Retain Your Personal Data

We will store your personal data for no longer than a period that is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records or take appropriate steps to properly anonymize it.

Please refer to the “How and Why We Use Your Personal Data” section above for relevant retention periods for each purpose of processing.


 

Personal Data Transfers

As WhaleFin operates globally, we do need to transfer your personal data internationally. In particular, your personal data may be transferred to and processed in Canada, Israel, Japan and possibly other countries.

Your Rights and Choices

You may have certain rights in relation to your personal data as required by the applicable law. Please refer to the Privacy Policy of your jurisdiction for details.  

How to Contact Us

Please contact us to make a query, raise a concern, or exercise your data protection rights.

The data controller for your personal data is WhaleFin Technologies Limited. You may reach out to our Data Security and Privacy Team here.



WhaleFin Privacy Policy (Korea)

Effective date: Last reviewed on February 20, 2022

Please select your country / region of residence to view the version of the policy applicable to you.

·      European Economic Area and the United Kingdom

·      South Korea

·      Hong Kong

·      Japan

·      Taiwan

·      Philippines

·      Indonesia

·      United States

Introduction

This Privacy Policy sets out how WhaleFin Technologies Limited (“WhaleFin”, “we”, “us”, “our”) processes personal data obtained via our website https://www.whalefin.com/ and the “WhaleFin Platform” (including the WhaleFin mobile application software and any website protocols and applications made accessible to you by WhaleFin) (collectively the “Services”) – in our role as a data controller (i.e. when we are responsible for determining the purpose and means of the processing). This Privacy Policy also describes your data protection rights, including the right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “Your Rights and Choices” section below.

Personal Data We Collect

Personal data collected via the Services include:

·       Identification Data: Full name, date of birth, nationality, gender, utility bill, photographs (headshots, live photographs and photograph sets), occupation, passport, driver license, national identity card, passport number, passport details, driver license details, national identity card details and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws or integrity best practices.

·       Institutional Data: Employer identification number (or other similar number issued by a government), and/or personal identification information for all material beneficial owners and/or list of current directors of the institution.

·       Contact Data: Phone number and/or e-mail.

·       Geographic Location Data: IP address, country code, post code, work address for institutional customers, personal address and/or proof of address, such as a bank statement, housing contract or a utility bill.

·       Financial Data: Bank account information (e.g. account number, and sort code), remittances account, Bank Account Type (SWIFT/ABA), SWIFT code, ABA Number, legal tender deposit proof information, currency type, top-up amount, withdrawal amount, virtual assets (“red envelopes”, coupons, interest rate coupons), payment card primary account number (PAN), cryptocurrency deposit address, proposed investment amount, source of wealth, annual income and deposit plan.

·       Account Data: Account name, customer ID, password and/or username.

·       Transaction Data: Information about the transactions you make on our Services, such as the details of transactions orders, the details of payment, the name of the recipient, your name, the amount and/or timestamp virtual assets you hold in your account.

·       Usage Data: Authentication data, click-stream data, cookies, pixel tags and other similar technologies that uniquely identify your browser where you give consent to such technologies where your consent is required.

·       Biometric Data: Your facial biometric data obtained during KYC identity verification.

·       Technical Data: Device type, classification and model, unique device identification numbers (e.g. OAID, AndroidID, IDFV, IDFA, GAID, IMEI), Submit Source (Web or App), Telecom Operator Information, browser type and version, browser plug-in type and version, application version and SDK version, operating system and platform, language settings, privacy preferences, time zone setting, diagnostic data, such as crash logs and any other data we collect to measure technical diagnostics with your consent where required and other information stored or available on the device that you allow us to access when you visit the website or use the Services or applications, the full URL clickstream to, through and from the Services, cookie Identifier and your activity on our Services, including the pages you visited, the searches you made and, if relevant, the services you purchase.

·       Marketing and Communications Data: Marketing communication preference, survey responses, information provided to our support team, trading team, sales team and/or user research team.

·       Risk Management Data: Personal credit information, including repayment history, credit information and debt information, etc. Judicial Data, litigation-related, case-involved information, compliance assessment, the risk assessment, risk level, KYC authentication result and failure reason.

We obtain information about you in a number of ways through your use of our Services, including, but not limited to, through the account registration, event and webinar registrations, news and updates subscriptions, and information provided in the course of ongoing support service communications. We also receive information about you from third parties, such as your payment providers and through publicly available sources. For example:

·       The banks you use to transfer money to us will provide us with your basic personal data, such as your name and address, as well as your financial information, such as your bank account details.

·       Your business partners may provide us with your name and address, as well as financial information.

·       Advertising networks, analytics providers and search information providers may provide us with anonymized or de-identified information about you, such as confirming how you found our Services.

·       Credit reference agencies provide us with information that is used to corroborate the information you have provided to us.



How and Why We Use Your Personal Data


Purpose of Processing

Categories of Personal Data

Data Retention

To register you as a new customer

·       Identification Data

·       Account Data

·       Contact Data

·       Financial Data

Relationship duration + 5 years after cancellation 

To carry out and comply with anti-money laundering requirements

·       Identification Data

·       Account Data

·       Contact Data

·       Financial Data

·       Biometric Data

Relationship duration + 5 years after cancellation 

To process and deliver our Services and any app features to you, including executing, managing and processing any instructions or orders you make

·       Identification Data

·       Contact Data

·       Financial Data

·       Transactional Data

·       Technical Data

·       Marketing and Communications Data

Relationship duration + 6 years after cancellation 

To manage, process, collect and transfer payments, fees and charges, and to collect and recover payments owed to us

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Transactional Data

·      Marketing and Communications Data

 10 years

To ensure good management of our payments, fees and charges and collection and recovery of payments owned to us

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

 10 years

To manage risk and crime prevention including performing anti-money laundering, counter-terrorism, sanction screening, fraud and other background checks, detecting, investigating, reporting and preventing financial crime in broad sense, obeying laws and regulations which apply to us and responding to complaints and resolving them

·      Identification Data

·      Contact Data

·      Account Data

·      Financial Data

·      Technical Data

·      Transactional Data

·      Data which might be revealed by KYC or other background checks (for example, because it has been reported in the press or is available in public registers)

Relationship duration + 6 years after cancellation 

To enable you to participate in and use our Services normally, and in case of abnormal use scenarios, we will use such data to locate and solve the issues. At the same time, we will also recommend more suitable products and services for you based on your business data

·      Identification Data

·      Contact Data

·      Account Data

·      Technical Data

·      Usage Data

·      Marketing and Communications Data

Relationship duration + 6 years after cancellation 

To gather market data for studying customers' behavior, including their preference, interest and how they use our products/services, determining our marketing campaigns and growing our business

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Usage Data

·      Marketing and Communications Data

Relationship duration + 5 years after cancellation 

To administer and protect our Services and social media channels, including bans, troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data


We process your personal data in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services. Without processing your personal data, we may not be able to ensure the security of our Services

·      Identity Data

·      Account Data

·      Contact Data

·      Financial Data

·      Technical Data

·      Usage Data

·      Transactional Data

Relationship duration + 5 years after cancellation 

To deliver relevant Services and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

·      Identity Data

·      Account Data

·      Contact Data

·      Technical Data

·      Marketing and Communications Data

Relationship duration + 5 years after cancellation 

To use data analytics to improve our Services, marketing, customer relationships and experiences

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To use the services of social media platforms or advertising platforms some of which will use the personal data they receive for their own purposes, including marketing purposes

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To use the services of financial institutions, crime and fraud prevention companies, risk measuring companies to proactively prevent crime and fraud

·      Identification Data

·      Account Data

·      Contact Data

·      Risk management Data

·      Financial Data

·      Transactional Data

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To record voice calls and communications for compliance, maintaining client relationship, quality assurance and training purposes

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

·      Transactional Data

Relationship duration + 5 years after cancellation 

To diagnose and resolve malfunction as soon as possible to enhance your user experience, in the event of any malfunction that disrupts your use of the Service (e.g. program crash, abnormal function, abnormal display)

·      Technical Data (including diagnostic data)

Relationship duration 5+ years after cancellation


How We May Share Your Personal Data

Please see “How and Why We Use Your Personal Data” section for detailed information on the recipients of your personal data.

Generally, we may share your personal data:

  • With our affiliates, partner organizations, or suppliers when it is reasonably necessary or desirable, such as helping to provide products and services to you or to analyse and improve the Services.

  • With our staff, agents, vendors, consultants, and other service providers who perform functions on our behalf. This might include, but is not necessarily limited to the business entities that provide e-mail address management and communication contact services, network equipment and application management providers and hosting entities, credit and debit card payment gateways and processors and the issuing and acquiring banks involved in the funds settlement procedures necessary to charge your cards or financial accounts, judicial, administrative and/or legal or financial accounting providers in the event that information must be reviewed or released in response to civil and/or criminal investigations, claims, lawsuits, or if we are subject to judicial or administrative process (such as an injunction) to release your information or to prosecute or defend legal actions, and other service providers that may be involved in the other types of services and activities otherwise discussed in this Privacy Policy.

  • To abide by applicable law or protect rights and interests. For example, we may disclose your personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse. 

  • In the event we sell or transfer all or a portion of our business assets (e.g., further to a merger, reorganization, liquidation, or any other business transaction), including negotiations of such transactions.


 

How We Use Tracking Technologies (“Cookies Policy”)

We may utilize online identification tools - such as cookies, web beacons, pixels or similar tracking technologies - in accordance with applicable law and requirements. “Cookies” are small text files placed on your device when you visit a website; they store information that is sent back to our servers or those of third parties. As described in more detail below, we use such technologies to:

  • Recognize new or past users;

  • Store your profile or authentication credentials if you are registered on the Services;

  • Improve the Services and to better understand your use of the Services;

  • Integrate with third-party social media websites;

  • Serve you with interest-based or targeted advertising;

  • Observe your behaviours and browsing activities over time across multiple websites or other platforms; and

  • Better understand the interests of our Services users.

Some cookies are required for certain uses of the Services. For example, if you choose to register an account through the Services, we will use cookies to facilitate your registration and remember your preferences.

Cookies are either “session” cookies, which are deleted when you end your browser session, or “persistent” cookies, which remain until you delete them or the party who served the cookie removes it. 


 

Different types of cookies may be used for specific purposes, for example:


Cookie categories

Duration

Strictly Necessary Cookies

These cookies are necessary for the Services to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the website will not then work. These cookies do not store any personally identifiable information.

Up to 365 days

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and see how visitors move around the website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our website, and will not be able to monitor its performance.

Up to 2 years

Functional Cookies

These cookies enable our Services to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Up to 365 days

Targeting Cookies

These cookies may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other websites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising

Up to 365 days

Social media cookies

These cookies are set by a range of social media services that we have added to the website to enable you to share our content with your friends and networks. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

Up to 365 days

 

To see a list of all our cookies and their lifespan, or to opt-out of cookies, visit our cookie consent management platform available here.

You may also use your device or browser settings to disable certain tracking technologies. For example, you may turn off location tracking through your device’s or browser’s settings to disable the Services’ location tracking technologies, or set your browser settings either to receive our cookies or to use our Services without cookie functionality. Please note that if you restrict the use of tracking technologies, some functions of the Services may be unavailable, and we may not be able to present you with personally-tailored content. 

We may link the information collected by tracking technologies with other information we collect from you pursuant to this Privacy Policy. Similarly, the third parties who serve tracking technologies on our Services may link personal data we collect from you to other information they collect.

For more information on how Google Analytics uses data collected through the Services, visit: www.google.com/policies/privacy/partners/. To opt out of Google Analytics cookies, visit: http://www.google.com/settings/ads and https://tools.google.com/dlpage/gaoptout/.

Please contact us for more information on our use of tracking technologies and cookies.

How Long We Retain Your Personal Data

We will store your personal data for no longer than a period that is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records or take appropriate steps to properly anonymize it.

Please refer to the “How and Why We Use Your Personal Data” section above for relevant retention periods for each purpose of processing.


 

Personal Data Transfers

As WhaleFin operates globally, we do need to transfer your personal data internationally. In particular, your personal data may be transferred to and processed in Canada, Israel, Japan and possibly other countries.

Your Rights and Choices

You may have certain rights in relation to your personal data as required by the applicable law. Please refer to the Privacy Policy of your jurisdiction for details.  

How to Contact Us

Please contact us to make a query, raise a concern, or exercise your data protection rights.

The data controller for your personal data is WhaleFin Technologies Limited. You may reach out to our Data Security and Privacy Team here.

JURISDICTION-SPECIFIC ADDENDA

Additional provisions with respect to certain jurisdictions are included in the addenda to this Privacy Policy. If you are ordinarily resident in a jurisdiction listed, then the relevant terms for that jurisdiction apply to you. In the event of a conflict between an addendum and the front-end of this Privacy Policy, the provisions of the relevant addendum will prevail with respect to the relevant territory only.

South Korea

Personal Data We Collect

Collecting and processing Marketing and Communications Data is optional. You reserve the right to object to the collection and processing of Marketing and Communications Data, in which case we will not collect and process your Marketing and Communications Data.

How Long We Retain Your Personal Data

We will continue to store user information for the following statutorily-prescribed periods, where applicable, including, but not limited to:

  • The E-Commerce Act:

    • Records on your cancellation of an order, your payment on a purchased item, and our supply of a good/service: 5 years

    • Records on the handling of consumer complaints or disputes: 3 years

    • Records on advertisements and labels: 6 months

  • The Protection of Communications Secrets Act 

    • Records on your visits to our Platform: 3 months

At the end of the retention period, we delete personal data stored in the form of electronic file by using technical means that make it impossible to restore the data. For personal data printed in papers, we shred it via paper shredder or incinerate it.

Entrustment of Processing of Personal Information and Personal Data Transfer

In order to provide our Services, we entrust the processing of your personal information to outside service providers overseas. Your personal information is entrusted to an appropriate entrusted party to perform the necessary service. Please see the details below about entrustment of processing of personal information and personal information transfer.

The name of the receiving party

Jumio Incorporation

The country to which personal information is transferred

US

The date and time, and methods of transfer

Will send upon new entry or update

The contact information of the person responsible for personal information management

privacy@jumio.com

The items of personal information to be transferred

Identification Data, Biometric Data

The purposes of receiving party’s use of the personal information

To carry out and comply with anti-money laundering requirements

The retention period

Relationship +3 years after cancellation


The name of the receiving party

World-Checkone

The country to which personal information is transferred

UK

The date and time, and methods of transfer

Will send upon new entry or update

The contact information of the person responsible for personal information management

contact@world-check.com

The items of personal information to be transferred

Identification Data, Account Data, Contact Data, Financial Data

The purposes of receiving party’s use of the personal information

To carry out and comply with anti-money laundering requirements

The retention period

Customer duration +3 years after cancellation


The name of the receiving party

Dow Jones

The country to which personal information is transferred

US

The date and time, and methods of transfer

Will send upon new entry or update

The contact information of the person responsible for personal information management

privacypolicy@dowjones.com

The items of personal information to be transferred

Identification Data, Account Data, Contact Data, Financial Data

The purposes of receiving party’s use of the personal information

To carry out and comply with anti-money laundering requirements

The retention period

Customer duration +3 years after cancellation


The name of the receiving party

OneTrust Technology Limited

The country to which personal information is transferred

Singapore

The date and time, and methods of transfer

Will send upon new entry or update

The contact information of the person responsible for personal information management

DPO@OneTrust.com

The items of personal information to be transferred

Identification Data, Account Data, Contact Data, Geographic Location Data, Technical Data

The purposes of receiving party’s use of the personal information

Processing of personal data and privacy management consent records, data subject rights request records, privacy preference selection records and other related data

The retention period

Relationship duration +5 years after cancellation


The name of the receiving party

Sensors Network Science and Technology (Beijing) Co., Ltd.

The country to which personal information is transferred

Japan

The date and time, and methods of transfer

Will send upon new entry or update

The contact information of the person responsible for personal information management

mkt@sensorsdata.cn

The items of personal information to be transferred

Geographic Location Data, Usage Data, Marketing and Communications Data

The purposes of receiving party’s use of the personal information

To analyse customer behavior

The retention period

3 years


The name of the receiving party

AppsFlyer Ltd.

The country to which personal information is transferred

Ireland

The date and time, and methods of transfer

Will send upon new entry or update

The contact information of the person responsible for personal information management

privacy@appsflyer.com

The items of personal information to be transferred

Geographic Location Data, Usage Data, Marketing and Communications Data

The purposes of receiving party’s use of the personal information

To analyse marketing attribution

The retention period

3 years


The name of the receiving party

Alphabet Inc. Google

The country to which personal information is transferred

US

The date and time, and methods of transfer

Will send upon new entry or update

The contact information of the person responsible for personal information management

Google DPO Emil Ochotta

getintouch@alphabet.com

The items of personal information to be transferred

Technical Data, Usage Data

The purposes of receiving party’s use of the personal information

To analyse the website’s access situation and traffic conversion

The retention period

Customer duration +5 years after cancellation


The name of the receiving party

Zendesk

The country to which personal information is transferred

Japan

The date and time, and methods of transfer

Will send upon new entry or update

The contact information of the person responsible for personal information management

privacy@zendesk.com

The items of personal information to be transferred

Identification Data, Account Data, Contact Data, Financial Data, Transactional Data

The purposes of receiving party’s use of the personal information

To provide customer service, build channels for suggestions, complaints and communication to improve WhaleFin customer experience

The retention period

Customer duration + 5 years after cancellation


Your Rights and Choices

You have the following rights in relation to the processing of your own personal information:

  • The right to be informed of the processing of such personal information;

  • The right to determine whether or not to consent and the scope of consent regarding the processing of such personal information;

  • The right to confirm whether such personal information is being processed or not and to request access (including the provision of copies) to such personal information;

  • The right to suspend the processing of, and to request correction, deletion, and destruction of such personal information; and

  • The right to appropriate redress for any damage arising out of the processing of such personal information through a prompt and fair procedure.

How We Protect Your Data

We take the following measures to ensure the safety of your personal information.

  • Administrative measures: information security and privacy management systems have been established, and data security and privacy protection policies, procedure, and standards have been set up. To ensure the effectiveness, we established structured internal control, implemented internal auditing, and provided employee information security and privacy awareness training multiple times a year.

  • Technical measures: implement strict access control for personal information through IAM (Identity and Access Management) and PAM (Privilege Account Management) to comply with the “need to know” and “data minimization” principles. We provide security control measures including encryption, desensitization, and auditing for personal data. At the network security level, we provide a variety of security control measures including a host intrusion detection system, web firewall, anti-DDOS attack, abnormal traffic analysis and security operation center. This equips us to have 24-hour effective security defence, detection and response capability. As for digital asset management, we incorporate multi-party computing technology to provide protection for crypto assets stored in hot and cold wallets.

  • Physical measures: different areas of the company are protected by different levels of access control. Key areas are equipped with video surveillance (CCTV) and fire protection measures. Cloud server assets are stored in the AWS Cloud datacenter, which provides reliable physical protection.



WhaleFin Privacy Policy (Philippines)

Effective date: Last reviewed on February 20, 2022

Please select your country / region of residence to view the version of the policy applicable to you.

·      European Economic Area and the United Kingdom

·      South Korea

·      Hong Kong

·      Japan

·      Taiwan

·      Philippines

·      Indonesia

·      United States

Introduction

This Privacy Policy sets out how WhaleFin Technologies Limited, and its affiliates and subsidiaries (“WhaleFin”, “we”, “us”, “our”) processes personal data obtained via our website https://www.whalefin.com/ and the “WhaleFin Platform” (including the WhaleFin mobile application software and any website protocols and applications made accessible to you by WhaleFin) (collectively the “Services”) – in our role as a data controller (i.e., when we are responsible for determining the purpose and means of the processing). This Policy also describes your data protection rights, including the right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “Your Rights and Choices” section below.

The Services are not available to users in Mainland China.

Personal Data We Collect

Personal data collected via the Services include:

·       Identification Data: Full name, date of birth, nationality, gender, utility bill, photographs (headshots, live photographs and photograph sets), occupation, passport, driver license, national identity card, passport number, passport details, driver license details, national identity card details and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws or integrity best practices.

·       Institutional Data: Employer identification number (or other similar number issued by a government), and/or personal identification information for all material beneficial owners, list of current directors of the institution.

·       Contact Data: Phone number and/or email.

·       Geographic Location Data: IP address, country code, post code, work address for institutional customers, personal address, proof of address such as a bank statement, housing contract or a utility bill.

·       Financial data: Bank account information (e.g. account no, and sort code), remittances account, Bank Account Type (SWIFT/ABA), SWIFT code, ABA Number, legal tender deposit proof information, currency type, top-up amount, withdrawal amount, virtual assets (“red envelopes”, coupons, interest rate coupons), payment card primary account number (PAN), cryptocurrency deposit address, proposed investment amount, source of wealth, annual income and deposit plan.

·       Account Data: Account name, Customer ID, password, Username.

·       Transaction Data: Information about the transactions you make on our Services, such as the details of transactions orders, the details of payment, the name of the recipient, your name, the amount and/or timestamp virtual assets you hold in your account.

·       Usage Data: Authentication data, click-stream data, cookies, pixel tags and other similar technologies that uniquely identify your browser where you give consent to such technologies where your consent is required.

·       Biometric Data:  your facial biometric data obtained during KYC identity verification.

·       Technical Data: device type, classification and model, unique device identification numbers (e.g. OAID, AndroidID, IDFV, IDFA, GAID, IMEI), Submit Source (Web or App), Telecom Operator Information, Browser type and version,  browser plug-in type and version, application version and SDK version, operating system and platform, language settings, privacy preferences, time zone setting, diagnostic data, such as crash logs and any other data we collect to measure technical diagnostics with your consent where required and other information stored or available on the device that you allow us to access when you visit the Site or use the Services or applications, the full URL clickstream to, through and from the Services, cookie Identifier and your activity on our Services, including the pages you visited, the searches you made and, if relevant, the services you purchase.

·       Marketing and Communications Data: marketing communication preference, survey responses, information provided to our support team, trading team, sales team and/or user research team.

·       Risk Management data: Personal credit information, including repayment history, credit information and debt information, etc. Judicial data, litigation-related, case-involved information, Compliance assessment, the risk assessment, risk level, KYC authentication result and failure reason.

We obtain information about you in a number of ways through your use of our Services, including through any of our Services, the account opening process, webinar sign-up forms, event subscribing, news and updates subscribing, and from information provided in the course of ongoing support service communications. We also receive information about you from third parties such as your payment providers and through publicly available sources. For example:

·       The banks you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well as your financial information such as your bank account details.

·       Your business partners may provide us with your name and address, as well as financial information.

·       Advertising networks, analytics providers and search information providers may provide us with anonymized or de-identified information about you, such as confirming how you found our Services.

·       Credit reference agencies provide us with information which is used to corroborate the information you have provided to us.


 

How and Why We Use Your Personal Data

 

Purpose of Processing

Categories of personal data

Legal Basis

Data Retention

To register you as a new customer

·       Identification Data

·       Account Data

·       Contact Data

·       Financial Data

Performance of a contract

 

Relationship duration + 5 years after cancellation 

To carry out and comply with anti-money laundering requirements

·       Identification Data

·       Account Data

·       Contact Data

·       Financial Data

·       Biometric Data

Legitimate Interests (i.e. ensuring the integrity of our Services)

 

Consent for biometric data

Relationship duration + 5 years after cancellation 

To process and deliver our Services and any app features to you, including to execute, manage and process any instructions or orders you make

·       Identification Data

·       Contact Data

·       Financial Data

·       Transactional Data

·       Technical Data

·       Marketing and Communications Data

Performance of a contract

Relationship duration + 6 years after cancellation 

To manage, process, collect and transfer payments, fees and charges, and to collect and recover payments owed to us

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Transactional Data

·      Marketing and Communications Data

Performance of a contract

10 years

To ensure good management of our payments, fees and charges and collection and recovery of payments owned to us

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

Performance of a contract

10 years

To manage risk and crime prevention including performing anti-money laundering, counter terrorism, sanction screening, fraud and other background checks, detect, investigate, report and prevent financial crime in broad sense, obey laws and regulations which apply to us and response to complaints and resolving them

·      Identification Data

·      Contact Data

·      Account Data

·      Financial Data

·      Technical Data

·      Transactional Data

·      Data which might be revealed by KYC or other background checks (for example, because it has been reported in the press or is available in public registers)

Our legitimate interest in ensuring that we are not involved in dealing with the proceeds of criminal activities and do not assist in any other unlawful or fraudulent activities, as well as to develop and improve our internal systems for dealing with financial crime and to ensure effective dealing with complaints)



Relationship duration + 6 years after cancellation 

To enable you to participate in and use our Services normally, in case of abnormal use scenarios, we will use such data to locate and solve the issues. At the same time, we will also recommend more suitable products and services for you based on your business data

·      Identification Data

·      Contact Data

·      Account Data
Technical Data
Usage Data
Marketing and Communications Data

Performance of a contract

Consent, if required

Relationship duration + 6 years after cancellation 

To gather market data for studying customers' behavior including their preference, interest and how they use our products/services, determining our marketing campaigns and growing our business

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Usage Data

·      Marketing and Communications Data

Legitimate interests of understanding our customers and improving our products and services

Consent for sending marketing communications where required

Relationship duration + 5 years after cancellation 

To administer and protect our Services and social media channels including bans, troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data


We process your personal information in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services. Without processing your personal information, we may not be able to ensure the security of our Services

·      Identity Data

·      Account Data

·      Contact Data

·      Financial Data

·      Technical Data

·      Usage Data

·      Transactional Data

Legitimate interests to run our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise

Relationship duration + 5 years after cancellation 

To deliver relevant Services and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

·      Identity Data

·      Account Data
Contact Data

·      Technical Data
Marketing and Communications Data

Legitimate interests: to study how customers use our products/services, to develop them, to grow our business and to form our marketing strategy

 

Consent where legally required for using cookies and SDKs.

Relationship duration + 5 years after cancellation 

To use data analytics to improve our Services, marketing, customer relationships and experiences

·      Technical Data
Usage Data

Legitimate interests: Define customer types for our products and services, keep our Services up-to-date and relevant, grow our business and develop our marketing strategies

 

Relationship duration + 5 years after cancellation 

To use the services of social media platforms or advertising platforms some of which will use the personal data they receive for their own purposes, including marketing purposes

·      Technical Data
Usage Data

Consent

Relationship duration + 5 years after cancellation 

To use the services of financial institutions, crime and fraud prevention companies, risk measuring companies to proactively prevent crime and fraud

·      Identification Data

·      Account Data

·      Contact Data

·      Risk management Data

·      Financial Data

·      Transactional Data

·      Technical Data

·      Usage Data

Legitimate interests to conduct our business activities on the market of financial services, to participate actively in the prevention of crime and fraud

Relationship duration + 5 years after cancellation 

To record voice calls and communications for compliance, maintaining client relationship, quality assurance and training purposes

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

·      Transactional Data

Legitimate interests: to comply with the industry standards and requirements in payments services, to ensure quality of our service, including by proper training of our personnel


Contract performance: provide customer service, build channels for suggestions, complaints and communication to improve your customer experience

Relationship duration + 5 years after cancellation 

To diagnose and resolve malfunction as soon as possible to enhance your user experience, in the event of any malfunction that disrupts your use of the Service (e.g. program crash, abnormal function, abnormal display)

·      Technical data (including diagnostic data)

Consent

Relationship duration 5+ years after cancellation


How We May Share Your Personal Data

Please see “How and Why We Use Your Personal Data” section for detailed information on the recipients of your personal data.

Generally, we may share your personal data:

  • With our affiliates, partner organizations, or suppliers when it is reasonably necessary or desirable, such as to help provide products and services to you or analyse and improve the Services.

  • With our staff, agents, vendors, consultants, and other service providers who perform functions on our behalf. This might include, but is not necessarily limited to the business entities that provide e-mail address management and communication contact services, network equipment and application management providers and hosting entities, credit and debit card payment gateways and processors and the issuing and acquiring banks involved in the funds settlement procedures necessary to charge your cards or financial accounts, judicial, administrative and/or legal or financial accounting providers in the event that information must be reviewed or released in response to civil and/or criminal investigations, claims, lawsuits, or if we are subject to judicial or administrative process (such as an injunction) to release your information or to prosecute or defend legal actions, and other service providers which may be involved in the other types of services and activities otherwise discussed in this Privacy Policy.

  • To abide by applicable law or protect rights and interests.  For example, we may disclose your personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse.  

  • In the event we sell or transfer all or a portion of our business assets (e.g., further to a merger, reorganization, liquidation, or any other business transaction), including negotiations of such transactions.


 

How We Use Tracking Technologies (“Cookies Policy”)

We may utilize online identification tools—such as cookies, web beacons, pixels or similar tracking technologies—in accordance with applicable law and requirements. “Cookies” are small text files placed on your device when you visit a website; they store information which is sent back to our servers or those of third parties.  As described in more detail below, we use such technologies to:

  • Recognize new or past users;

  • Store your profile or authentication credentials if you are registered on the Services;

  • Improve the Services and to better understand your use of the Services;

  • Integrate with third-party social media websites;

  • Serve you with interest-based or targeted advertising;

  • Observe your behaviours and browsing activities over time across multiple websites or other platforms; and

  • Better understand the interests of our Services users.

Some cookies are required for certain uses of the Services. For example, if you choose to register an account through the Services, we will use cookies to facilitate your registration and remember your preferences.

Cookies are either “session” cookies, which are deleted when you end your browser session, or “persistent” cookies, which remain until you delete them or the party who served the cookie removes it. 


 

Different types of cookies may be used for specific purposes, for example:


 Cookie categories

Duration

Strictly Necessary Cookies

These cookies are necessary for the Services to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Up to 365 days

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Up to 2 years

Functional Cookies

These cookies enable our Services to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Up to 365 days

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Up to 365 days

Social media cookies

These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

Up to 365 days

 

To see a list of all our cookies and their lifespan, or to opt-out of cookies, visit our cookie consent management platform available here.

You may also use your device or browser settings to disable certain tracking technologies.  For example, you may turn off location tracking through your device’s or browser’s settings to disable the Services’ location tracking technologies, or set your browser settings either to receive our cookies or to use our Services without cookie functionality.  Please note that if you restrict the use of tracking technologies, some functions of the Services may be unavailable, and we may not be able to present you with personally-tailored content. 

We may link the information collected by tracking technologies with other information we collect from you pursuant to this Privacy Policy.  Similarly, the third parties who serve tracking technologies on our Services may link personal data we collect from you to other information they collect.

For more information on how Google Analytics uses data collected through the Services, visit: www.google.com/policies/privacy/partners/. To opt out of Google Analytics cookies, visit: http://www.google.com/settings/ads and https://tools.google.com/dlpage/gaoptout/.

Please contact us for more information on our use of tracking technologies and cookies.

How Long We Retain Your Personal Data

We will store your personal data for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law.  To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements.  Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records or take appropriate steps to properly anonymize it.

Please refer to the “How and Why We Use Your Personal Data” section above for relevant retention periods for each purpose of processing.


 

Personal Data Transfers

As WhaleFin operates globally, we do need to transfer your personal information internationally. In particular, your personal information will be transferred to and processed in the United States, Canada, China, Singapore, Hong Kong, Taiwan and Israel.

Your Rights and Choices

You may have certain rights in relation to your personal data as required by the applicable law. Please refer to the Privacy Policy of your jurisdiction for details.  

How to Contact Us

Please contact us to make a query, raise a concern, or exercise your data protection rights.

The data controller for your personal data is WhaleFin Technologies Limited. You may reach out to our Data Security and Privacy Team here.

JURISDICTION-SPECIFIC ADDENDA

Additional provisions with respect to certain jurisdictions are included in the addenda to this privacy policy. If you are ordinarily resident in a jurisdiction listed, then the relevant terms for that jurisdiction apply to you. In the event of a conflict between an addendum and the front-end of this privacy policy, the provisions of the relevant addendum will prevail with respect to the relevant territory only.

Philippines

Your Rights and Choices

Subject to certain conditions, where the rights apply under applicable law, you may ask us to take the following actions in relation to your personal data:

  • Provide you with information about our processing of your personal data and give you access to your personal data.

  • Update or correct inaccuracies in your personal data.

  • Delete, destroy, erase, suspend or block your personal data.

  • Transfer to you or a third party of your choice a machine-readable copy of your personal data in an electronic or structured format that is commonly used.

  • Restrict the processing of your personal data.

  • Stop or cease from processing your personal data upon the exercise of your right to object where such processing is based on your consent or legitimate interest or is for direct marketing purposes.  

  • Where consent is the lawful basis, you may withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

You also have a right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data as well as a right to lodge a complaint before the National Privacy Commission.

The above rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. We will inform you of exemptions we rely upon when responding to any request you make.

You may exercise some of these rights and choices through account features such as editing your account settings when you are logged in.  Additionally, you can submit these requests by email or our postal address provided below.  We may request specific information from you to help us confirm your identity prior to processing your request.  If you would like to submit a complaint about our use of your personal data or our response to your requests regarding your personal data, you may contact us or submit a complaint to the National Privacy Commission.

How to Contact Us

To make a query, raise a concern, or exercise your data protection rights, please contact us at

Data Protection Officer

WhaleFin Technologies Limited

103 Sham Peng Tong Plaza, Victoria, Mahe, Seychelles

dpo@whalefin.com

 

 

WhaleFin Privacy Policy (Taiwan)

Effective date: Last reviewed on February 20, 2022

Please select your country / region of residence to view the version of the policy applicable to you.

·      European Economic Area and the United Kingdom

·      South Korea

·      Hong Kong

·      Japan

·      Taiwan

·      Philippines

·      Indonesia

·      United States

Introduction

This Privacy Policy sets out how WhaleFin Technologies Limited, and its affiliates and subsidiaries (“WhaleFin”, “we”, “us”, “our”) processes personal data obtained via our website https://www.whalefin.com/ and the “WhaleFin Platform” (including the WhaleFin mobile application software and any website protocols and applications made accessible to you by WhaleFin) (collectively the “Services”) – in our role as a data controller (i.e., when we are responsible for determining the purpose and means of the processing). This Policy also describes your data protection rights, including the right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “Your Rights and Choices” section below.

The Services are not available to users in Mainland China.

Personal Data We Collect

Personal data collected via the Services include:

·       Identification Data: Full name, date of birth, nationality, gender, utility bill, photographs (headshots, live photographs and photograph sets), occupation, passport, driver license, national identity card, passport number, passport details, driver license details, national identity card details and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws or integrity best practices.

·       Institutional Data: Employer identification number (or other similar number issued by a government), and/or personal identification information for all material beneficial owners, list of current directors of the institution.

·       Contact Data: Phone number and/or email.

·       Geographic Location Data: IP address, country code, post code, work address for institutional customers, personal address, proof of address such as a bank statement, housing contract or a utility bill.

·       Financial Data: Bank account information (e.g. account no, and sort code), remittances account, Bank Account Type (SWIFT/ABA), SWIFT code, ABA Number, legal tender deposit proof information, currency type, top-up amount, withdrawal amount, virtual assets (“red envelopes”, coupons, interest rate coupons), payment card primary account number (PAN), cryptocurrency deposit address, proposed investment amount, source of wealth, annual income and deposit plan.

·       Account Data: Account name, Customer ID, password, Username.

·       Transaction Data: Information about the transactions you make on our Services, such as the details of transactions orders, the details of payment, the name of the recipient, your name, the amount and/or timestamp virtual assets you hold in your account.

·       Usage Data: Authentication data, click-stream data, cookies, pixel tags and other similar technologies that uniquely identify your browser where you give consent to such technologies where your consent is required.

·       Biometric Data: your facial biometric data obtained during KYC identity verification.

·       Technical Data: device type, classification and model, unique device identification numbers (e.g. OAID, AndroidID, IDFV, IDFA, GAID, IMEI), Submit Source (Web or App), Telecom Operator Information, Browser type and version,  browser plug-in type and version, application version and SDK version, operating system and platform, language settings, privacy preferences, time zone setting, diagnostic data, such as crash logs and any other data we collect to measure technical diagnostics with your consent where required and other information stored or available on the device that you allow us to access when you visit the Site or use the Services or applications, the full URL clickstream to, through and from the Services, cookie Identifier and your activity on our Services, including the pages you visited, the searches you made and, if relevant, the services you purchase.

·       Marketing and Communications Data: marketing communication preference, survey responses, information provided to our support team, trading team, sales team and/or user research team.

·       Risk Management Data: Personal credit information, including repayment history, credit information and debt information, etc. Judicial data, litigation-related, case-involved information, Compliance assessment, the risk assessment, risk level, KYC authentication result and failure reason.

We obtain information about you in a number of ways through your use of our Services, including through any of our Services, the account opening process, webinar sign-up forms, event subscribing, news and updates subscribing, and from information provided in the course of ongoing support service communications. We also receive information about you from third parties such as your payment providers and through publicly available sources. For example:

·       The banks you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well as your financial information such as your bank account details.

·       Your business partners may provide us with your name and address, as well as financial information.

·       Advertising networks, analytics providers and search information providers may provide us with anonymized or de-identified information about you, such as confirming how you found our Services.

·       Credit reference agencies provide us with information which is used to corroborate the information you have provided to us.



How and Why We Use Your Personal Data


Purpose of Processing

Categories of personal data

Data Retention

To register you as a new customer

·       Identification Data

·       Account Data

·       Contact Data

·       Financial Data

Relationship duration + 5 years after cancellation 

To carry out and comply with anti-money laundering requirements

·       Identification Data

·       Account Data

·       Contact Data

·       Financial Data

·       Biometric Data

Relationship duration + 5 years after cancellation 

To process and deliver our Services and any app features to you, including to execute, manage and process any instructions or orders you make

·       Identification Data

·       Contact Data

·       Financial Data

·       Transactional Data

·       Technical Data

·       Marketing and Communications Data

Relationship duration + 6 years after cancellation 

To manage, process, collect and transfer payments, fees and charges, and to collect and recover payments owed to us

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Transactional Data

·      Marketing and Communications Data

10 years

To ensure good management of our payments, fees and charges and collection and recovery of payments owned to us

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

10 years

To manage risk and crime prevention including performing anti-money laundering, counter terrorism, sanction screening, fraud and other background checks, detect, investigate, report and prevent financial crime in broad sense, obey laws and regulations which apply to us and response to complaints and resolving them

·      Identification Data

·      Contact Data

·      Account Data

·      Financial Data

·      Technical Data

·      Transactional Data

·      Data which might be revealed by KYC or other background checks (for example, because it has been reported in the press or is available in public registers)

Relationship duration + 6 years after cancellation 

To enable you to participate in and use our Services normally, in case of abnormal use scenarios, we will use such data to locate and solve the issues. At the same time, we will also recommend more suitable products and services for you based on your business data

·      Identification Data

·      Contact Data

·      Account Data

·      Technical Data

·      Usage Data

·      Marketing and Communications Data

Relationship duration + 6 years after cancellation 

To gather market data for studying customers' behavior including their preference, interest and how they use our products/services, determining our marketing campaigns and growing our business

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Usage Data

·      Marketing and Communications Data

Relationship duration + 5 years after cancellation 

To administer and protect our Services and social media channels including bans, troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data


We process your personal information in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services. Without processing your personal information, we may not be able to ensure the security of our Services

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

·      Technical Data

·      Usage Data

·      Transactional Data

Relationship duration + 5 years after cancellation 

To deliver relevant Services and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Marketing and Communications Data

Relationship duration + 5 years after cancellation 

To use data analytics to improve our Services, marketing, customer relationships and experiences

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To use the services of social media platforms or advertising platforms some of which will use the personal data they receive for their own purposes, including marketing purposes

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To use the services of financial institutions, crime and fraud prevention companies, risk measuring companies to proactively prevent crime and fraud

·      Identification Data

·      Account Data

·      Contact Data

·      Risk management Data

·      Financial Data

·      Transactional Data

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To record voice calls and communications for compliance, maintaining client relationship, quality assurance and training purposes

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

·      Transactional Data

Relationship duration + 5 years after cancellation 

To diagnose and resolve malfunction as soon as possible to enhance your user experience, in the event of any malfunction that disrupts your use of the Service (e.g. program crash, abnormal function, abnormal display)

·      Technical Data (including diagnostic data)

Relationship duration 5+ years after cancellation


How We May Share Your Personal Data

Please see “How and Why We Use Your Personal Data” section for detailed information on the recipients of your personal data.

Generally, we may share your personal data:

  • With our affiliates, partner organizations, or suppliers when it is reasonably necessary or desirable, such as to help provide products and services to you or analyse and improve the Services.

  • With our staff, agents, vendors, consultants, and other service providers who perform functions on our behalf. This might include, but is not necessarily limited to the business entities that provide e-mail address management and communication contact services, network equipment and application management providers and hosting entities, credit and debit card payment gateways and processors and the issuing and acquiring banks involved in the funds settlement procedures necessary to charge your cards or financial accounts, judicial, administrative and/or legal or financial accounting providers in the event that information must be reviewed or released in response to civil and/or criminal investigations, claims, lawsuits, or if we are subject to judicial or administrative process (such as an injunction) to release your information or to prosecute or defend legal actions, and other service providers which may be involved in the other types of services and activities otherwise discussed in this Privacy Policy.

  • To abide by applicable law or protect rights and interests.  For example, we may disclose your personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse. 

  • In the event we sell or transfer all or a portion of our business assets (e.g., further to a merger, reorganization, liquidation, or any other business transaction), including negotiations of such transactions.


 

How We Use Tracking Technologies (“Cookies Policy”)

We may utilize online identification tools—such as cookies, web beacons, pixels or similar tracking technologies—in accordance with applicable law and requirements. “Cookies” are small text files placed on your device when you visit a website; they store information which is sent back to our servers or those of third parties. As described in more detail below, we use such technologies to:

  • Recognize new or past users;

  • Store your profile or authentication credentials if you are registered on the Services;

  • Improve the Services and to better understand your use of the Services;

  • Integrate with third-party social media websites;

  • Serve you with interest-based or targeted advertising;

  • Observe your behaviours and browsing activities over time across multiple websites or other platforms; and

  • Better understand the interests of our Services users.

Some cookies are required for certain uses of the Services. For example, if you choose to register an account through the Services, we will use cookies to facilitate your registration and remember your preferences.

Cookies are either “session” cookies, which are deleted when you end your browser session, or “persistent” cookies, which remain until you delete them or the party who served the cookie removes it. 


 

Different types of cookies may be used for specific purposes, for example:


Cookie categories

Duration

Strictly Necessary Cookies

These cookies are necessary for the Services to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the website will not then work. These cookies do not store any personally identifiable information.

Up to 365 days

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and see how visitors move around the website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our website, and will not be able to monitor its performance.

Up to 2 years

Functional Cookies

These cookies enable our Services to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Up to 365 days

Targeting Cookies

These cookies may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other websites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising

Up to 365 days

Social media cookies

These cookies are set by a range of social media services that we have added to the website to enable you to share our content with your friends and networks. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

Up to 365 days

 

To see a list of all our cookies and their lifespan, or to opt-out of cookies, visit our cookie consent management platform available here.

You may also use your device or browser settings to disable certain tracking technologies.  For example, you may turn off location tracking through your device’s or browser’s settings to disable the Services’ location tracking technologies, or set your browser settings either to receive our cookies or to use our Services without cookie functionality. Please note that if you restrict the use of tracking technologies, some functions of the Services may be unavailable, and we may not be able to present you with personally-tailored content. 

We may link the information collected by tracking technologies with other information we collect from you pursuant to this Privacy Policy. Similarly, the third parties who serve tracking technologies on our Services may link personal data we collect from you to other information they collect.

For more information on how Google Analytics uses data collected through the Services, visit: www.google.com/policies/privacy/partners/. To opt out of Google Analytics cookies, visit: http://www.google.com/settings/ads and https://tools.google.com/dlpage/gaoptout/.

Please contact us for more information on our use of tracking technologies and cookies.

How Long We Retain Your Personal Data

We will store your personal data for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law.  To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements.  Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records or take appropriate steps to properly anonymize it.

Please refer to the “How and Why We Use Your Personal Data” section above for relevant retention periods for each purpose of processing.


 

Personal Data Transfers

As WhaleFin operates globally, we do need to transfer your personal data internationally. In particular, your personal data may be transferred to and processed in Canada, Israel, Japan and possibly other countries.

Your Rights and Choices

You may have certain rights in relation to your personal data as required by the applicable law. Please refer to the Privacy Policy of your jurisdiction for details.  

How to Contact Us

Please contact us to make a query, raise a concern, or exercise your data protection rights.

The data controller for your personal data is WhaleFin Technologies Limited. You may reach out to our Data Security and Privacy Team here.

JURISDICTION-SPECIFIC ADDENDA

Additional provisions with respect to certain jurisdictions are included in the addenda to this privacy policy. If you are ordinarily resident in a jurisdiction listed, then the relevant terms for that jurisdiction apply to you. In the event of a conflict between an addendum and the front-end of this privacy policy, the provisions of the relevant addendum will prevail with respect to the relevant territory only.

Taiwan

Your Rights and Choices

You are entitled to the following rights with regard to our collection and procession of your personal data:

  • To request to review the personal data collected about you;

  • To request a copy of the personal data collected about you;

  • To update or correct the personal data collected about you;

  • To demand the cessation of the collection, processing, or use of the personal data collected about you; and

  • To delete the personal data collected about you.

 

You may also object to our processing of the personal data collected about you for direct marketing purposes the first time that we use the personal data collected about you for direct marketing purposes or any time after the first instance. In either case, we will immediately cease such use.

We will respect your decision to object to our collection, processing, or use of the personal data collected about you; however, such decision may result in you being unable to access some or all of our Services.

To execute your rights above, please contact us via the email address mentioned at “How to Contact Us.



WhaleFin Privacy Policy (US)

Effective date: Last reviewed on Febraury 20, 2022

Please select your country / region of residence to view the version of the policy applicable to you.

·      European Economic Area and the United Kingdom

·      South Korea

·      Hong Kong

·      Japan

·      Taiwan

·      Philippines

·      Indonesia

·      United States

Introduction

This Privacy Policy sets out how WhaleFin Technologies Limited, and its affiliates and subsidiaries (“WhaleFin”, “we”, “us”, “our”) processes personal data obtained via our website https://www.whalefin.com/ and the “WhaleFin Platform” (including the WhaleFin mobile application software and any website protocols and applications made accessible to you by WhaleFin) (collectively the “Services”) – in our role as a data controller (i.e. when we are responsible for determining the purpose and means of the processing). This Privacy Policy also describes your data protection rights, including the right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “Your Rights and Choices” section below.

Personal Data We Collect

Personal data collected via the Services include:

·       Identification Data: Full name, date of birth, nationality, gender, utility bill, photographs (headshots, live photographs and photograph sets), occupation, passport, driver license, national identity card, passport number, passport details, driver license details, national identity card details and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws or integrity best practices.

·       Institutional Data: Employer identification number (or other similar number issued by a government), and/or personal identification information for all material beneficial owners and/or list of current directors of the institution.

·       Contact Data: Phone number and/or e-mail.

·       Geographic Location Data: IP address, country code, post code, work address for institutional customers, personal address and/or proof of address, such as a bank statement, housing contract or a utility bill.

·       Financial Data: Bank account information (e.g. account number, and sort code), remittances account, Bank Account Type (SWIFT/ABA), SWIFT code, ABA Number, legal tender deposit proof information, currency type, top-up amount, withdrawal amount, virtual assets (“red envelopes”, coupons, interest rate coupons), payment card primary account number (PAN), cryptocurrency deposit address, proposed investment amount, source of wealth, annual income and deposit plan.

·       Account Data: Account name, customer ID, password and/or username.

·       Transaction Data: Information about the transactions you make on our Services, such as the details of transactions orders, the details of payment, the name of the recipient, your name, the amount and/or timestamp virtual assets you hold in your account.

·       Usage Data: Authentication data, click-stream data, cookies, pixel tags and other similar technologies that uniquely identify your browser where you give consent to such technologies where your consent is required.

·       Biometric Data: Your facial biometric data obtained during KYC identity verification.

·       Technical Data: Device type, classification and model, unique device identification numbers (e.g. OAID, AndroidID, IDFV, IDFA, GAID, IMEI), Submit Source (Web or App), Telecom Operator Information, browser type and version, browser plug-in type and version, application version and SDK version, operating system and platform, language settings, privacy preferences, time zone setting, diagnostic data, such as crash logs and any other data we collect to measure technical diagnostics with your consent where required and other information stored or available on the device that you allow us to access when you visit the website or use the Services or applications, the full URL clickstream to, through and from the Services, cookie Identifier and your activity on our Services, including the pages you visited, the searches you made and, if relevant, the services you purchase.

·       Marketing and Communications Data: Marketing communication preference, survey responses, information provided to our support team, trading team, sales team and/or user research team.

·       Risk Management Data: Personal credit information, including repayment history, credit information and debt information, etc. Judicial Data, litigation-related, case-involved information, compliance assessment, the risk assessment, risk level, KYC authentication result and failure reason.

We obtain information about you in a number of ways through your use of our Services, including, but not limited to, through the account registration, event and webinar registrations, news and updates subscriptions, and information provided in the course of ongoing support service communications. We also receive information about you from third parties such as your payment providers and through publicly available sources. For example:

·       The banks you use to transfer money to us will provide us with your basic personal data, such as your name and address, as well as your financial information, such as your bank account details.

·       Your business partners may provide us with your name and address, as well as financial information.

·       Advertising networks, analytics providers and search information providers may provide us with anonymized or de-identified information about you, such as confirming how you found our Services.

·       Credit reference agencies provide us with information that is used to corroborate the information you have provided to us.



How and Why We Use Your Personal Data


Purpose of Processing

Categories of Personal Data

Data Retention

To register you as a new customer

·       Identification Data

·       Account Data

·       Contact Data

·       Financial Data

Relationship duration + 5 years after cancellation 

To carry out and comply with anti-money laundering requirements

·       Identification Data

·       Account Data

·       Contact Data

·       Financial Data

·       Biometric Data

Relationship duration + 5 years after cancellation 

To process and deliver our Services and any app features to you, including executing, managing and processing any instructions or orders you make

·       Identification Data

·       Contact Data

·       Financial Data

·       Transactional Data

·       Technical Data

·       Marketing and Communications Data

Relationship duration + 6 years after cancellation 

To manage, process, collect and transfer payments, fees and charges, and to collect and recover payments owed to us

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Transactional Data

·      Marketing and Communications Data

 10 years

To ensure good management of our payments, fees and charges and collection and recovery of payments owned to us

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

 10 years

To manage risk and crime prevention including performing anti-money laundering, counter-terrorism, sanction screening, fraud and other background checks, detecting, investigating, reporting and preventing financial crime in broad sense, obeying laws and regulations which apply to us and responding to complaints and resolving them

·      Identification Data

·      Contact Data

·      Account Data

·      Financial Data

·      Technical Data

·      Transactional Data

·      Data which might be revealed by KYC or other background checks (for example, because it has been reported in the press or is available in public registers)

Relationship duration + 6 years after cancellation 

To enable you to participate in and use our Services normally, and in case of abnormal use scenarios, we will use such data to locate and solve the issues. At the same time, we will also recommend more suitable products and services for you based on your business data

·      Identification Data

·      Contact Data

·      Account Data

·      Technical Data

·      Usage Data

·      Marketing and Communications Data

Relationship duration + 6 years after cancellation 

To gather market data for studying customers' behavior, including their preference, interest and how they use our products/services, determining our marketing campaigns and growing our business

·      Identification Data

·      Account Data

·      Contact Data

·      Technical Data

·      Usage Data

·      Marketing and Communications Data

Relationship duration + 5 years after cancellation 

To administer and protect our Services and social media channels, including bans, troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data


We process your personal data in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services. Without processing your personal data, we may not be able to ensure the security of our Services

·      Identity Data

·      Account Data

·      Contact Data

·      Financial Data

·      Technical Data

·      Usage Data

·      Transactional Data

Relationship duration + 5 years after cancellation 

To deliver relevant Services and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

·      Identity Data

·      Account Data

·      Contact Data

·      Technical Data

·      Marketing and Communications Data

Relationship duration + 5 years after cancellation 

To use data analytics to improve our Services, marketing, customer relationships and experiences

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To use the services of social media platforms or advertising platforms some of which will use the personal data they receive for their own purposes, including marketing purposes

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To use the services of financial institutions, crime and fraud prevention companies, risk measuring companies to proactively prevent crime and fraud

·      Identification Data

·      Account Data

·      Contact Data

·      Risk management Data

·      Financial Data

·      Transactional Data

·      Technical Data

·      Usage Data

Relationship duration + 5 years after cancellation 

To record voice calls and communications for compliance, maintaining client relationship, quality assurance and training purposes

·      Identification Data

·      Account Data

·      Contact Data

·      Financial Data

·      Transactional Data

Relationship duration + 5 years after cancellation 

To diagnose and resolve malfunction as soon as possible to enhance your user experience, in the event of any malfunction that disrupts your use of the Service (e.g. program crash, abnormal function, abnormal display)

·      Technical Data (including diagnostic data)

Relationship duration 5+ years after cancellation


How We May Share Your Personal Data

Please see “How and Why We Use Your Personal Data” section for detailed information on the recipients of your personal data.

Generally, we may share your personal data:

  • With our affiliates, partner organizations, or suppliers when it is reasonably necessary or desirable, such as helping to provide products and services to you or to analyse and improve the Services.

  • With our staff, agents, vendors, consultants, and other service providers who perform functions on our behalf. This might include, but is not necessarily limited to the business entities that provide e-mail address management and communication contact services, network equipment and application management providers and hosting entities, credit and debit card payment gateways and processors and the issuing and acquiring banks involved in the funds settlement procedures necessary to charge your cards or financial accounts, judicial, administrative and/or legal or financial accounting providers in the event that information must be reviewed or released in response to civil and/or criminal investigations, claims, lawsuits, or if we are subject to judicial or administrative process (such as an injunction) to release your information or to prosecute or defend legal actions, and other service providers that may be involved in the other types of services and activities otherwise discussed in this Privacy Policy.

  • To abide by applicable law or protect rights and interests. For example, we may disclose your personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse. 

  • In the event we sell or transfer all or a portion of our business assets (e.g., further to a merger, reorganization, liquidation, or any other business transaction), including negotiations of such transactions.


 

How We Use Tracking Technologies (“Cookies Policy”)

We may utilize online identification tools - such as cookies, web beacons, pixels or similar tracking technologies - in accordance with applicable law and requirements. “Cookies” are small text files placed on your device when you visit a website; they store information that is sent back to our servers or those of third parties. As described in more detail below, we use such technologies to:

  • Recognize new or past users;

  • Store your profile or authentication credentials if you are registered on the Services;

  • Improve the Services and to better understand your use of the Services;

  • Integrate with third-party social media websites;

  • Serve you with interest-based or targeted advertising;

  • Observe your behaviours and browsing activities over time across multiple websites or other platforms; and

  • Better understand the interests of our Services users.

Some cookies are required for certain uses of the Services. For example, if you choose to register an account through the Services, we will use cookies to facilitate your registration and remember your preferences.

Cookies are either “session” cookies, which are deleted when you end your browser session, or “persistent” cookies, which remain until you delete them or the party who served the cookie removes it. 


 

Different types of cookies may be used for specific purposes, for example:


Cookie categories

Duration

Strictly Necessary Cookies

These cookies are necessary for the Services to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the website will not then work. These cookies do not store any personally identifiable information.

Up to 365 days

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and see how visitors move around the website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our website, and will not be able to monitor its performance.

Up to 2 years

Functional Cookies

These cookies enable our Services to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Up to 365 days

Targeting Cookies

These cookies may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other websites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising

Up to 365 days

Social media cookies

These cookies are set by a range of social media services that we have added to the website to enable you to share our content with your friends and networks. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

Up to 365 days

 

To see a list of all our cookies and their lifespan, or to opt-out of cookies, visit our cookie consent management platform available here.

You may also use your device or browser settings to disable certain tracking technologies.  For example, you may turn off location tracking through your device’s or browser’s settings to disable the Services’ location tracking technologies, or set your browser settings either to receive our cookies or to use our Services without cookie functionality. Please note that if you restrict the use of tracking technologies, some functions of the Services may be unavailable, and we may not be able to present you with personally-tailored content. 

We may link the information collected by tracking technologies with other information we collect from you pursuant to this Privacy Policy. Similarly, the third parties who serve tracking technologies on our Services may link personal data we collect from you to other information they collect.

For more information on how Google Analytics uses data collected through the Services, visit: www.google.com/policies/privacy/partners/. To opt out of Google Analytics cookies, visit: http://www.google.com/settings/ads and https://tools.google.com/dlpage/gaoptout/.

Please contact us for more information on our use of tracking technologies and cookies.

How Long We Retain Your Personal Data

We will store your personal data for no longer than a period that is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records or take appropriate steps to properly anonymize it.

Please refer to the “How and Why We Use Your Personal Data” section above for relevant retention periods for each purpose of processing.


 

Personal Data Transfers

As WhaleFin operates globally, we do need to transfer your personal data internationally. In particular, your personal data may be transferred to and processed in Canada, Israel, Japan and possibly other countries.

Your Rights and Choices

You may have certain rights in relation to your personal data as required by the applicable law. Please refer to the Privacy Policy of your jurisdiction for details.  

How to Contact Us

Please contact us to make a query, raise a concern, or exercise your data protection rights.

The data controller for your personal data is WhaleFin Technologies Limited. You may reach out to our Data Security and Privacy Team here.

JURISDICTION-SPECIFIC ADDENDA

Additional provisions with respect to certain jurisdictions are included in the addenda to this Privacy Policy. If you are ordinarily resident in a jurisdiction listed, then the relevant terms for that jurisdiction apply to you. In the event of a conflict between an addendum and the front-end of this Privacy Policy, the provisions of the relevant addendum will prevail with respect to the relevant territory only.

United States

This Addendum to our Privacy Policy supplements the information contained in WhaleFin’s General Privacy Policy (“Policy”).  It provides certain notices required by U.S. law, and it explains rights that U.S. residents may have with respect to their personal information under applicable laws. 

As used in this Addendum, “personal information” means information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household located within the United States.  “Personal information” does not include publicly available information from government records or widely distributed media; information made available to the general public by the consumer; lawfully obtained, truthful information that is a matter of public concern; or deidentified or aggregated consumer information.

 

 

 

 

Categories of Personal Information We Collect in the United States

We have collected the following categories of personal information from individuals in the United States, including within the last twelve months:

·      Identifiers: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

·      Personal information categories protected by certain data breach notification laws: Name, signature, social security number, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, bank account number, credit card number, debit card number, other financial information, or biometric information.

·      Characteristics of protected classifications under state or federal law: Age, citizenship, marital status, or sex/gender.

·      Commercial information: Including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

·      Internet or other similar network activity: Including, but not limited to, browsing history, search history, or information about a consumer's interaction with a website, application, or advertisement.

·      Sensitive personal information: Including personal information that reveals social security number, driver’s license, state identification card, passport number, account log-in, financial accounts, debit card, credit card number plus applicable security code, passwords or credentials for access to an account, biometric information, and citizenship status. We will obtain affirmative consent before collecting such information from you, where required by law. Biometric information is used exclusively for the purposes of identity verification, and provision of biometric information is not required to access WhaleFin services.

We collect, use, retain, and share a consumer’s personal information only as reasonably necessary and proportionate to achieve the purposes for which the personal information was collected or processed, or for another disclosed purpose that is compatible with the context in which the personal information was collected.

Sharing Personal Information

We may disclose your personal information to a third party for a limited and specified business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the third party to both keep your personal information confidential and not use it for any purpose except performing the contract. The contract obligates the third party to comply with applicable state privacy laws and requires the party to notify us if it determines that it can no longer meet its obligations under those laws. Under such agreements, we retain the right, upon notice, to take reasonable steps to remediate unauthorized use of personal information. We have disclosed each of the categories of personal information listed above for a business purpose, including within the preceding 12 months. We do not sell or disclose personal information for non-business purposes.

Sharing of Personal Information Associated with Financial Accounts

WhaleFin may share non-public personal information pertaining to its non-institutional customers’ financial accounts (including but not limited to information supplied when applying for a WhaleFin financial account and financial transactions conducted using WhaleFin financial services) only:

·      As necessary to complete a transaction that you initiate,

·      To our business partners that help us provide and advertise WhaleFin services to you, after we have entered into written agreements that require the service providers to only use your personal information in the course of providing services to WhaleFin,

·      As necessary to comply with the law or to protect our legal rights, or

·      After obtaining express consent.

Your Privacy Rights (including for California Residents)

Subject to certain conditions, including appropriate verification of your identity, you may ask us to take the following actions in relation to your personal information:

  • Deletion of your personal information.

  • Correction of inaccurate personal information that we maintain, taking into account the nature of the personal information and our purposes for processing it.

  • Access to the categories and specific pieces of personal information that we have collected about you, the categories of sources from which your personal information is collected, and/or our business purpose for collecting your personal information. 

  • Information about our disclosure, sharing, or sale of your personal information, including the categories of your personal information disclosed, shared, or sold; our business purpose for doing so; and the categories of third parties to whom the personal information was disclosed, sold or shared. 

  • Opt-out or withdrawal of consent for our use of your sensitive personal information.

Under certain circumstances, we may be required to honor such requests by residents of individual U.S. states, including California. WhaleFin reserves sole discretion over whether to voluntarily honor requests when not required to do so by applicable laws, and our response to such requests may be time limited where permitted by applicable laws. WhaleFin will not discriminate against any U.S. individual based on their decision to make any privacy rights-related request. However, deletion of your personal information or limiting the use of certain technologies may impact your ability to access or use certain Services.

Only you or a person whom you have authorized, in writing, to act on your behalf may make a request related to your personal information. This includes a request for information, deletion, correction, or other limitations to the use of your personal information. You may also make a verifiable request on behalf of your child under the age of 16 years old.

Please contact us to submit a request.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.