Privacy Policy

Version: 29/10/19

We are thoughtful about the personal data that our users provide us with or the personal data that we collect when users use our Services and visit our Website. This Privacy Policy clarifies the standards for use and protection of personal data of Sapian Group registration number 196344, having its legal address at PO BOX 123004 Dubaï, UAE, (“Sapian Group ”, “we” or “us”).

This Privacy Policy applies when you use our Website, our mobile applications and access our Services. This document is the integral part of the Terms and Conditions of Sapian Group (“Terms”). All capitalized terms used in the Terms shall apply to this Privacy Policy with the same meanings as in the Terms.

Please read this Privacy Policy carefully.

1. What is Personal Data?

This Privacy Policy is governed by and construed in accordance with the Estonian Personal Data Protection Act as well as the EU General Data Protection Regulations. The Estonian Personal Data Protection Act defines “personal data” as any data concerning an identitied or identifiable natural person, regardless of the form or format in which such data exists.

2. Personal Data That We Collect

Sapian Group collects personal data if we have reasons to do so. For example, we collect personal data, when you:

  • As a visit and browse our Website;
  • use our Services;
  • fill in registration and other forms;
  • provide information during KYC/AML verification;
  • send us an email with personal data;
  • contact us with any enquiries;
  • chat with our customer support on the Website or via email; conduct any transaction on the Website;
  • submit any content, including User Content;
  • open a dispute or become a party to a dispute with other User; provide any information to Sapian Group using other methods; subscribe or unsubscribe to our newsletters.

Result, Sapian Group collects the following personal data:

  • information provided by the user during account registration, including, user name, name and surname, phone number, postal address and email address;
  • your ID/passport and other documents necessary for AML/KYC verification;
  • financial information, including, without limitation, payment method, bank account details, transaction details, etc;
  • information that you provide to Sapian Group and/or our employees; any other personal data which you directly provide to Sapian Group;
  • any other personal data requested or required by the Website.

We also collect some information automatically:

  • the type of browser and operating system you have used;
  • the IP (Internet Protocol) address of the device which has accessed it (example PC, tablet);
  • the date and time of your visit to the Website;
  • the pages accessed and documents downloaded;
  • your top-level domain name (for example .com, .io, .eu, etc.);
  • the address of your server;
  • the previous website visited;
  • the average duration of page view;
  • the navigation behaviour and preferences of the user;
  • other information from cookies and similar technologies.
3. How and Why We Use Personal Data

Personal data will be collected, held, used and disclosed for the following purposes jointly and/or severally:

  • to provide you with Services;
  • to identify you;
  • to further develop and improve our Services;
  • to monitor and analyse trends and better understand how users interact with our Services;
  • to communicate with you and keep you updated about our Services;
  • to monitor and prevent any risks with our Services;
  • to process any requests;
  • to resolve disputes;
  • to the extent permissible or necessary by law, for any other purpose as may be deemed reasonably necessary by Sapian Group in the circumstances.
4. What Are the Legal Grounds for Collecting and Using Personal Data?

Sapian Group collects and uses personal data under Estonian and EU data protection laws.

The legal grounds for use and collection of personal data are based on the following:

  • when you have given consent (e.g. for newsletter subscription);
  • the use is necessary for protection of your or other users’ vital interests;
  • the use is necessary under a legal obligation;
  • when we use our personal data in order to fulfil our commitments to you;
  • when we have legitimate interests in using your information (e.g. to provide you with the Services, improve our Services, communicate with you, monitor and prevent any problems).

Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object.

5. Minors

Sapian Group does not knowingly provide Services and collect personal information from anyone under 18 years of age. Our Services are available only to the users over 18 years old. If we learn that we have collected the personal information of a child under 13, or equivalent minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible.

6. Sharing your Personal Data

We do not sell our users’ personal data or share your personal data with any third parties except for the purpose of provision of the Services. When we provide you with the Services, we may share your personal data as described below.

Sapian Group may share your information with:

  • our employees and independent contractors who reasonably need to access your personal data to deliver some Services;
  • legal and regulatory authorities, as required by applicable laws and regulations;
  • our auditors, lawyers, accountants, consultants and other professional advisors, where it is reasonably necessary for obtaining advice, professional services, or managing legal disputes;
  • business transfers in connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company.

If any of these events happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only in compliance with this Privacy Policy.

This Privacy Policy does not apply to the practices of service providers and other third parties that we do not own or control, or individuals that we do not employ or manage.

7. Sensitive Data

We do not collect or request your sensitive data (including, but not limited to, information about your religious or political beliefs, opinions). Where you have provided it to us voluntarily, you shall be solely responsible for security of any sensitive data, and we do not intend to use this data for any purpose, nor share this data with any third parties. Please do not post or add sensitive and other personal data that you would not want to be publicly available.

8. Users’ Rights in relation to its Personal Data

You may access your personal data held by us to correct, update and remove inaccurate or incorrect data. You have the following rights:

  • delete some or all personal data that we held about you;
  • change or correct your personal data that we held about you;
  • object to, or limit or restrict, use of your personal data;
  • right to access and/or take your personal data: you can ask us for a copy of your personal information in machine readable form;
  • ask not to use your personal data for marketing purposes;
  • access information we hold about you.
9. Security of Personal Data

We use certain technologies to ensure the confidentiality of your personal data. Sapian Group uses several security measures, including, without limitation, SSL method, two-faction authentication, PCI scanning and internal data access restrictions to protect your personal data.

However, no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security of your personal data.

10. Data Retention

We process information both inside and outside of the European Union and European Economic Area and rely on legally-provided mechanisms to lawfully transfer information across borders. Countries where we process information may have laws which are different, and potentially not as protective, as the laws of your own country.

We retain your personal data for as long as your account is in existence or necessary to fulfil the purposes for which we collect it or as needed to provide you with the services, except if required otherwise by law. However, when your account is terminated for any reason, we will delete your personal information entirely.

In some cases we may determine the period of data retention based on the period we need to access the data for the provision of services, receiving payment, resolving your customer support issues or for any other auditing or legal purposes. Retention periods may be changed from time to time based on regulatory requirements.

11. Communications

The email notifications sent by Sapian Group are of two types:

  • system notification sent by the Website via email (examples of such emails may include registration confirmation, verification emails, or any other emails that are required to operate your account);
  • product and service notifications that you directly subscribed to.

It should be noted that you may not unsubscribe from system notification emails as these emails contain important user information and are sent for your legitimate interests. You may unsubscribe from product and service notifications any time by visiting an opt-out page. Such notifications contain information about our Website updates, new services and products added as well as other notifications for information use only.

12. Changes to the Privacy Policy

We may change this Privacy Policy from time to time. As soon as the Privacy Policy is updated, Sapian Group will post an updated version of the Privacy Policy on the Website. The new Privacy Policy becomes effective from the moment it is posted or updated on our Website. We will send you an email notification to alert you about such changes.

13. Data Controller Person

To communicate with our Data Protection Officer, please contact us at [email protected].

Please put “DPO” in the subject of your email.