Vault Group SVG trading as Vault Wallet, Vault Digital Wallet (“we” or “us” or “Vault Wallet” or “Vault Digital Wallet” or “VaultWallet.com” or “Vault Group SVG”) Vault Group SVG LLC, Trading as Vault Wallet, Vault Digital Wallet. Established in St Vincents and the Grenadines with the registration number 2309LLC2022 with the Registered address at First Floor, First St Vincent Bank Building, James Street, Kingstown, VC0100, P.O Box 1574, St. Vincents and the Grenadines, is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data (as defined in the Privacy Act 2003 (“PA”) and the General Data Protection Act 2018 (“GDPR”)) (the “Personal Data”) we collect from account holders or individual users or visitors to our Website or Platform, or that is uploaded to our Website or Platform, will be processed by us (established and licensed to provide Customers with a Digital Wallet across various Fiat Currencies and Cryptocurrency tokens and networks registered at Https://www.VaultWallet.com) various Fiat Currencies and Cryptocurrency tokens and networks registered at Https://www.VaultWallet.com accessible through our platform
You, the account holder;
What is Personal Data?
Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.
Information we may collect
We may collect and process the following data which may contain Personal Data:
o information that you provide by filling in forms on Vault Wallet website and/or Vault Wallet iOS and Android mobile application (“our Platform”), including information provided at the time of registering to use our Platform, subscribing to any services provided by us, posting material, reporting a problem with our Platform, or requesting further services;
o information, data, documents or images that you upload onto our Platform;
o details of transactions you carry out through our Platform;
o details of your visits to our Platform, resources that you access and actions you are working on through the Platform;
o if you contact us, a record of that correspondence.
What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the GDPR and the PA:
o For the fulfilment of contractual obligations
The purposes of the data processing are primarily based on the service we provide.
o Within the framework of our legitimate interests
Where necessary, we process your data beyond the actual performance of the contract in order to safeguard legitimate interests of us or third parties. Examples:
o Ensuring IT security and IT operations,
o Measures for business management and further development of services and platform,
o Defense against third-party claims and enforcement of own claims.
Based on your consent
o Insofar as you have given us your consent to process personal data for certain purposes, passing on data to third parties, sending newsletters, advertising etc., this processing is lawful on the basis of your consent.
o Consent given can be revoked at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.
Who receives my data?
Within Vault Wallet, those that need your data to fulfil our contractual and legal obligations will receive access to it.
Processors used by us may also receive data for these purposes. These are companies in the categories of vetting and compliance providers, IT services, telecommunications, and sales and marketing. Where we use processors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal provisions.
Data is only passed on to third parties within the framework of legal requirements. We only pass on users' data to third parties if this is necessary, for example, for contractual purposes or on the basis of legitimate interests in the economic and effective operation of our business or you have consented to the transfer of data.
As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations, which result from the minimum statutory retention periods. The retention and documentation periods specified there are 2 to 10 years.
We will cease to retain your Personal Data or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected and is no longer necessary for legal or business purposes.
Automated decision-making in individual cases
As a matter of principle, we do not use fully automated decision-making pursuant to Article 22 of the GDPR for the establishment and implementation of the business relationship. Should we use such procedures in individual cases, we will inform you of this separately, insofar as this is required by law.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Platform; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
Uses made of the information
We use information held, including Personal Data, in the following manner:
Every data subject has
· the right to information according to Art. 15 GDPR,
· the right to rectification according to Art. 16 GDPR,
· the right to deletion according to Art. 17 GDPR,
· the right to restriction of processing pursuant to Art. 18 GDPR, and
· the right to data portability under Art. 20 GDPR.
Further, you can revoke consent, in principle with effect for the future.
Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).
Finally, you also have a right to object according to Art. 21 GDPR. This applies, on grounds relating to data processing on the basis of our legitimate interest and also to profiling.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Access and Correction
The PA and the GDPR give you the right to access your Personal Data. Your right of access can be exercised in accordance with the PA and the GDPR. Any access request may be subject to a fee of an administrative fee at our rates then in force to meet our costs in providing you with details of the information we hold about you.
In the event that you wish to correct and/or update your Personal Data in our records, you may inform us in writing of the same by sending us an email at [email protected].
We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so except where we are not required to do so under the PA and the GDPR.
We endeavor to ensure that all decisions involving your Personal Data are based upon accurate and timely information. However, we rely on you to disclose all relevant information to us and to inform us of any changes in your Personal Data. As such, please disclose all relevant information necessary for us to provide services to you and ensure all information submitted to us is up-to-date, complete, and accurate. Kindly inform us promptly if there are any changes in your Personal Data.
Where any Personal Data relates to a third party, you represent and warrant that the Personal Data is up-to-date, complete, and accurate and that you have obtained the third party’s prior consent for our collection, use and disclosure of their Personal Data for the Purposes. You agree that you shall promptly provide us with written evidence of such consent upon demand by us.
You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all of the Purposes by submitting your request to us in writing to [email protected]. Should you withdraw your consent to the collection, use or disclosure of your Personal Data, it may impact our ability to proceed with your transactions, agreements, or interactions with us. Prior to you exercising your choice to withdraw your consent, we will inform you of the consequences of the withdrawal of your consent. Please note that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies) or undertaking any steps as we may be entitled to at law.
Is there an obligation for me to provide data?
Within the scope of our business relationship, you are only required to provide personal data that is necessary for the establishment, implementation, and termination of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and may have to terminate it.
When contacting us, your details will be processed for the purpose of handling the contact enquiry. Your details will be stored in our customer relationship management system ("CRM system").
We collect data on each access to the server on which our website is located (so-called server log files) on the basis of our legitimate interests. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the operating system you are using, referrer URL (previously visited page), IP address and the requesting provider. This is used to defend against third-party claims and to enforce our own claims.
Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.
Cookies are pieces of information that are transmitted from our web server or third-party web servers to the user's web browser and stored there for later retrieval. Cookies may be small files or other types of information storage. We use performance and Analytic cookies to collect statistics and information in relation to traffic derived through our site to help improve the development of our services. Cookies may be used in order to improve the development of our functionality for our websites and services including but not limited to checking if you have visited the Vault Wallet website previously, handled sessions and security. Cookies and technology including but not limited to scripts, beacons and more are used to monitor the activity of our services which is used to analyze data in order to improve the development of our services. In definition, a Cookie is a piece of data which is obtained from visiting a website which stores within a browser that can later retrieve this information. Cookies can tell the website if the user has returned to the particular website and more. Vault Wallet may use two different types of cookies which including Third-party cookies and First-party cookies. First Party cookies belong to us which are set, controlled and used by us whereas, third-party cookies are issued by third-party providers on our website in order to allow them to recognize your device and deliver services which they're offering. Cookies also form in two types which one is formed of temporary cookies that remain until the browser is closed and the other which is stored permanently within your device's drive until it is deleted or expired.
Restricting of Cookies
There is an option within most browsers to restrict cookies within the settings of your selected browser. If you decide to restrict cookies it may cause you to be unable to access certain parts of our website which, you will find out more information relating to the disabling of cookies within the support section outlined with the browser you intend to use.
The services available on our website are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. The parent or guardian will be provided with (i) information about the specific type of personal data being collected from the minor, (ii) the purpose for which it will be used, and (iii) the opportunity to object to any further collection, use or storage of such information. We comply with youth protection laws.
Vault Wallet, reserves the full rights at any time, to sell, merge or acquire of any other company in which you will be notified thirty (30) days prior to any of the above arrangements. In the event of a sale or merger, we reserve the full rights to transfer all the personal data and information which is stored with us to the new entity or company which we have formed with. In the event of an acquisition, we reserve the full rights to share any personal data and information with the company which has been acquired including but not limited to employees, partners, affiliates, third party contracts, suppliers and more.
We may also collect and process information about your Mobile Device, Device ID, computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our business partners. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
We process various data within the framework of the provision of my services and for the initiation and processing of the existing contractual relationship between you and us. If you have commissioned us to provide a service, we process your data and all other information that is necessary in the context of fulfilling the services, exclusively for the purpose of processing and handling the contractual relationship. Accordingly, the data is processed on the basis of a contract as well as to fulfil our legal obligations such as taxation and archiving.
In order to provide our services, Vault Wallet collects certain types of data. Data entered or transferred to Vault Wallet by Users such as texts, questions, contacts, media files, etc., remain the property of the User and may not be shared with a third party by Vault Wallet without express consent from the User.
Vault Wallet will process your account data you provide when you open Vault Wallet account, perform transactions on the Vault Wallet website, or use other Vault Wallet Services. This information may include:
· Contact information, such as name, home address, email address, date of birth.
· Account information, such as username and password.
· Identity verification information, such as an image of your government issued ID, passport, national ID card or driving license, and under special conditions also a social security number.
· Residence verification information, such as utility bill details, phone bill or similar document.
· The source of the account data is a user who opens an account. The account opening data will be used and processed for the purposes of performing a detailed Know Your Customer (KYC) procedure according to necessary Anti-Money Laundering Regulations.
We may need to process sensitive information about you. This is information that can reveal a person's:
· racial or ethnic origin
· political opinions
· religious or philosophical beliefs
· trade union membership
· genetic or biometric data (if used for identification purposes)
· information concerning a person's health, sex life or sexual orientation
According to the PA and the GDPR we need a second lawful basis to use special category data. This is typically your explicit consent, or exercising legal rights establishing, defending, or exercising legal claims or reasons of substantial public interest.
Vault Wallet will process the information we collect or generate when you use our services
· details about payments to and from your account;
· details about services from us and our partners that you show interest in; and
· details about how you use our services;
When you sign up for an account, we may search your record at:
· credit reference agencies to verify your identity);and
· fraud prevention agencies, KYC (Know Your Customer) and AML (Anti Money Laundering) service providers to fulfil our legal duties.
The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation. The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability. Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process. You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
We may transfer your personal data within Vault Wallet for internal administrative purposes (e.g., accounts receivable management, controlling, risk management, indirect purchasing, compliance with legal obligations such as tax returns, money laundering). Employees of Vault Wallet are trained on the data protection regulations of Vault Wallet within the scope of an online training and are obliged to maintain the confidentiality of personal data or security measures in accordance with internal guidelines if they participate in the processing. At Vault Wallet, personal data is processed automatically by means of computer technology and manually in the form of a paper file or a file by individual authorised employees who need this data for their work (need-to-know principle).Within the framework of the processing of personal data, technical and organizational measures have been taken to ensure the protection of personal data.
When you use our App, you may be able to provide certain personal and non-personal information including your Phone Number and E-Mail Address. To protect your privacy, we send you an OTP for registration and identification in the system.
Downloading the APP
The APP can be downloaded from the "Google Playstore" a service offered by Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, US, if you are resident outside the EU and Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland if you are a resident within the EU, or the Apple App service "App Store" a service of Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, US, if you are resident outside the EU and Apple Distribution International Ltd, Hollyhill Industrial Estate, Hollyhill Ln, Knocknaheeney, Cork, Ireland, if you are a resident within the EU, to install our APP.
Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.
Installing the APP
As far as we are aware, Google collects and processes the following data: License check, network access, network connection, WLAN connections, and location information. However, it cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which PII Google processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Google as the operator of the Google Play Store.
As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, location information, it cannot be excluded that Apple also transmits the information to a server in a third country. This could in particular be Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. We cannot influence which PII Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store.
We or rather Google and Apple on our behalf collects information from and about the device(s) you use to access the APP, including hardware and software information such as IP address, device ID and type, device-specific and APP settings and properties, APP crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass and Payment Data and Billing confirmations.
Authorizations and Access
We may request permission to access the following:
· Camera, Gallery/Files, Hardware.Camera.Autofocus during the Verification process, uploading a QR code, Scanning of a QR Code, “Share” your account details
· Device Biometric Features (If you wish to enable biometrics which can be used to unlock your device if you choose to select “Remember me” and enable permissions of biometrics),
· Internet (We will require internet permissions in order for you to be able to access our Customer Support/FAQs ETC),
· Vibrate (If you have opted to receive Notifications from us and your device is set to vibrate, your device will vibrate when receiving a notification from us),
· Full Screen Intent (This permission is granted in order for us to display the application in a full screen intent)
· Flashlight (If you have enabled the optional permissions for us to access your camera whilst completing a “Scan” of a QR Code,)
· Read External Storage (In order for our application to run and function we require to read external storage)
· Write External Storage (In order for our application to run and function we require to read external storage)
· Device ID (UQI for Android and UDID for IOS) we take this in order for us to be able to implement Security Measurements and features
The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can deny access on your device via the Settings/Notifications/ options of your device; however, this means that our APP may not function as intended.
We may disclose your Personal Data to any member of our group, which means any corporation deemed to be related to us.
We may disclose your Personal Data to third parties:
· for the purposes of providing our services that you request from us, fulfilling our obligations arising from any contracts entered into between you and us, processing payments in connection therewith or otherwise in connection with your use of our Platform;
· in the event that we sell or buy any business or assets, in which case we may disclose your Personal Data to the prospective seller or buyer of such business or assets; or
· if we or substantially all of our shares or assets are acquired by a third party, in which case Personal Data held by us about our customers will be one of the transferred assets.
We will reveal user’s personal data without his/her prior permission only when we have reason to believe that the disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to Vault Wallet or to others who could be harmed by the user’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property. We are permitted to disclose personal data when we have good reason to believe that this is legally required and when the competent authorities have required to present them with such Personal Data.
Where we process your Personal Data as a data intermediary on behalf of a third party, we will process your Personal Data in accordance with the instructions of the third party and shall use it only for the purposes agreed between you and the third party.
We do not sell data to third parties. However, we might, making available, transfer, communicate electronically, consumer’s personally identifiable information by the business to a business affiliated inclusive with a third party but not for monetary but for other valuable consideration.