Login

Privacy Policy

Introduction

At MetaX, we recognize that our customers form the bedrock of our business. Consequently, we place a premium on transparently managing and safeguarding personal data and privacy. This Privacy Policy delineates our practices and policies in this regard and is applicable to individuals who are current, past, or prospective customers of MetaX.

MetaX, a business entity operating as MetaX Payments Ltd, holds Incorporation Number BC1406436 and is duly registered in British Columbia, Canada, situated at 28 19628, 55A Avenue, Langley, British Columbia, V3A 3X2 Canada.

Registered with FINTRAC in Canada under MSB registration number M23579425, MetaX provides specified services encompassing money transferring services, dealing in virtual currencies, and payment service provider services.

Functioning as the "data controller" for any personal data submitted to us via email, telephone, social media, post, or through our Services, Website, or any other communication channels, we bear the responsibility for determining how personal data about you is collected, used, and managed.

MetaX is dedicated to safeguarding the security and confidentiality of information under its purview, upholding responsible use and protection of personal data, demonstrating transparency, and respecting individual rights in compliance with applicable data protection laws.

It is imperative that you carefully read and comprehend the information below regarding our handling of your personal data. For any inquiries, please reach out to us via email at support@metaxpayments.com.

Types of Personal Data We Collect and Handle

Personal Data:

At MetaX, we systematically collect and manage various forms of personal data provided by you or your representatives when utilizing our products and services. Additionally, we may acquire and process personal data obtained legally from other members of our organization, public authorities, client introducers, or publicly accessible sources, including but not limited to online databases (e.g., Registrars of Companies, Screening databases - sanctions/AML), websites, security searches, and social media.

We gather information when you:

  • Complete any forms available on our website
  • Communicate with us via telephone, email, social media, or post
  • Register for an account or utilize any of our services
  • Perform transactions
  • Reach out to us for any other reason

When applying to become a MetaX customer, whether an individual, legal entity, partnership, trust, or charity, we will request specific personal information to verify your identity and manage your account. The information required may vary based on the product you are applying for and includes, but is not limited to:

  • Personal details such as your name, address, and birth information to confirm your identity
  • Contact information, including your telephone number and email address
  • Your photograph or video (when necessary for our Know Your Customer (KYC) verification process)
  • Employment and occupation details, including your curriculum vitae, professional affiliations, job title, responsibilities, and professional certifications.
  • Information regarding any prominent public positions you currently hold or have held, known as politically exposed persons (PEPs)

If you represent or own a legal entity, partnership, trust, charity, or any other organizational structure that is our customer, we may also collect and process additional data about your business or legal entity to confirm it’s existence, ownership structures and other applicable documents.

If you provide us with personal information belonging to others (such as your representative, secretary, or employee) or request that we share their personal information with third parties, you confirm that you have previously informed them of this policy.

Other Data:

We may also gather non-identifying information about you. This non-personal information may include:

  • Browser and device data such as IP address, operating system, and browser type, used for statistical analysis of website usage and not identifying individual users.
  • Cookie data, such as time spent on the website, pages viewed, language preferences, and other anonymous traffic data (please refer to the Cookies Policy available on our website).
  • Information about your company, such as its name, products and services offered, and jurisdiction.

Please note that some links on the MetaX website (www.metaxpayments.com) may lead to other non-MetaX websites or areas with their own data protection policies that may differ from our Privacy Policy. Before accessing other websites or areas, it's crucial to ensure that you agree with the policies of those entities. MetaX is not responsible for any issues arising from third-party websites.

If you are not the intended recipient of this Privacy Policy, please review the privacy practices of the entity responsible for controlling your personal data. MetaX may also be involved in the handling of your information in certain cases as outlined in this policy.

Legal Basis for Processing Your Personal Data

We process your data with the fundamental principle of data minimization, ensuring that only the necessary amount and types of data are processed for lawful purposes. MetaX employs the data for various purposes, including:

Fulfillment of Our Contract: We utilize the collected data to establish your customer record and effectively manage your account. Personal information is employed to verify your identity, and in certain instances, we may share some or all of your data with third parties. These may include fraud prevention agencies, anti-money laundering organizations, credit reference agencies, law enforcement, regulatory bodies, government departments, and providers of our sales or servicing platforms.

Protection of Legitimate Interests: Processing of personal information is conducted to safeguard our legitimate interests, provided such interests do not unduly compromise your rights and freedoms. These interests encompass the improvement of our services, protection of both our and your data through our IT and security systems, and the initiation or preparation for litigation procedures.

Compliance with Legal Obligations: The data enables us to fulfill our legal and regulatory obligations, encompassing compliance with the Electronic Money Regulation, Money Laundering Law, Tax laws, and other applicable statutes. As a regulated entity under FINTRAC in Canada, we adhere to its requirements, utilizing your personal information to prevent fraud and money laundering.

Communication: Your personal data is utilized for communication regarding your account, providing service-related updates, and delivering necessary notifications. While we aim to leverage our e-banking platform for communication, certain situations may necessitate contacting you in a specific manner as dictated by regulations.

Troubleshooting, Analysis, Testing, Research, and Statistical/Survey Purposes: We employ your data for a range of purposes, including troubleshooting, conducting data analysis, testing, research, and gathering statistical and survey data.

Marketing: With your explicit permission, we may utilize your information for marketing purposes. This involves identifying products and services that may align with your interests, ensuring a tailored and relevant approach to our marketing efforts.

Your privacy and data protection are paramount to us, and we operate in accordance with applicable laws and regulations to safeguard your information.

Retention Period

The retention of personal data at MetaX is contingent upon various purposes and is subject to rigorous standards and regulations. In essence, personal data is retained for the duration necessary to provide the requested services, fulfill relevant legal, accounting, or reporting requirements, investigate potential fraud, comply with anti-money laundering and counter-terrorism financing laws, and ensure you have a reasonable opportunity to access your personal data.

In the context of marketing, personal information provided for such purposes will be retained until you opt-out or until we identify inaccuracies in the data.

Disclosure of Your Personal Data

MetaX diligently collects your personal information to execute requests, deliver services, and meet contractual and legal obligations.

Your personal data remains confidential and is not shared with external parties unless deemed essential for our business operations, to fulfill requests, provide services, or mandated by law. Instances where disclosure may be necessary include:

  • Service Providers: Collaborating with service providers assisting in delivering requested services, such as IT and system management, cloud computing, cloud storage providers, fraud detection, customer support, remote ID verification, and e-signature providers.
  • Financial Transactions: Collaboration with entities facilitating payment transactions, including financial institutions, payment service providers, and international payment organizations such as SWIFT, SEPA, Visa, Mastercard, etc.
  • Business Partners: Engagement with partners relevant to our operations, such as banking partners, intermediaries, international payment service providers, card manufacturing and personalization companies, as well as fraud and risk mitigation providers.
  • Professional Advisers: Involvement with necessary professional advisers, including attorneys, auditors, and insurers.
  • Government Agencies: Compliance with regulatory requirements involves sharing information with government agencies, regulatory bodies, or other entities, in adherence to rules, orders, subpoenas, official requests, or similar legal processes.
  • Business Transfers: In situations involving the transfer of business, sharing personal data may be necessary, for instance, in the event of selling a business aspect, assets, or merging with another company.
  • Third-party Service Providers: Engagement with third-party service providers to assist in client insight analytics, such as Google Analytics.
  • Advertising Networks: Collaboration with advertising networks for organizing competitions, promotions, and displaying advertisements on our website, apps, and various social media platforms.

Rest assured, MetaX prioritizes the security and confidentiality of your personal data and only engages in disclosures when essential for the smooth operation of our services or mandated by legal and regulatory obligations.

Countries Where Your Data May Be Transferred

MetaX, being a globally-reaching company, may process your personal data in the local country of our operations or in other countries where we or our partners operate worldwide, in accordance with legal permissions. Your personal data might be transferred from the European Union/European Economic Area (EU/EEA) or from another country imposing restrictions on personal information transfers to third countries or international organizations. Such transfers may occur under the following circumstances:

  • Recognition of Adequate Data Protection Standards: We may transfer data to jurisdictions acknowledged by the European Commission as possessing adequate data protection standards.
  • Agreements Based on Standard Contractual Clauses: The recipient of the data may have signed an agreement based on the Standard Contractual Clauses. In cases where the recipient is a group company, binding corporate rules are in effect, supplemented by any necessary additional safeguarding measures.
  • Necessity for Contract Performance: Data transfer may be necessary for the performance of a contract between the data subject and MetaX.
  • Establishment, Exercise, or Defense of Legal Claims: The transfer may be necessary for the establishment, exercise, or defense of legal claims.
  • Legally Recognized Grounds at EU Level: Any other legally recognized grounds at the EU level for transferring data to third countries.

Automated Decision-Making & Profiling

At MetaX, we do not make decisions solely through automated processing. However, specific aspects of your personal data may undergo automated processing in the following situations:

  • Data Evaluations for Fraud Prevention: Conducting data evaluations, such as payment transactions, for the purpose of preventing fraud, money laundering, and terrorist financing.
  • Promotion of Services and Products: Promoting our services and products, if you have given your consent.

Cookies

Our website utilizes cookies to enhance your browsing experience. For detailed information on how we use cookies, please refer to our Cookie Policy, available on our website.

Your Rights Regarding Your Personal Information

You hold the following rights concerning the personal information we have about you. It's crucial to note that some of these rights apply only under specific conditions, and their applicability may be limited if we have a compelling interest, legal requirement, or data exemption due to confidentiality reasons.

1. Right to Access:

You have the right to request a copy of the personal data retained and confirmation from us about whether personal data is being processed.

2. Right to Correction:

You can request the correction of inaccurate or incomplete personal data related to you. This includes correcting any incorrect personal data about you and completing any incomplete personal data in line with the processing purpose.

3. Right to Erasure:

You may request the erasure of your personal data under the following circumstances:

  • The data is no longer needed for its original collection or processing purposes.
  • You withdraw your consent, and there's no other legal ground for the processing.
  • You object to the data processing.
  • The data has been processed illegally.
  • Personal data must be erased to comply with a legal obligation.

However, the right to erasure does not apply if the processing is necessary for freedom of expression and information, compliance with a legal obligation, reasons of public interest, or for initiating, pursuing, or defending legal claims.

4. Right to Restriction of Processing:

You have the right to request the temporary suspension of processing certain personal data related to you under the following circumstances:

  • You contest the accuracy of your personal data.
  • The processing of your data is deemed unlawful.
  • We no longer need the processing or retention of certain data, but you require it to establish, assert, or defend a legal claim.
  • You raised an objection to data processing, and confirmation is pending on whether our legitimate interest outweighs your rights.

5. Right to Object:

When we process your personal data based on legitimate interests, you have the right to contest it. However, we may still have the right to continue processing your information. Additionally, you can object to the processing of your personal data for direct marketing purposes.

6. Right to Withdraw Consent:

If we process your personal data based on your consent, you have the right to withdraw it at any time. If there's another lawful basis for processing your data, we may continue to do so. Withdrawal resulting in the inability to provide services will be communicated.

However, we may continue to retain your data if there's another valid reason for doing so, such as legal obligations or public interest.

7. Right to File a Complaint:

If you have complaints about data use or the exercise of your rights, please contact our Data Protection Officer at the provided contact details. We will promptly investigate and respond to your complaint.

1. Introduction and Overview

At MetaX Payments Ltd, we understand that trust is fundamental to our relationship with our customers. This Privacy and Data Protection Policy reflects our commitment to protecting your privacy while providing high-quality financial services. We believe in complete transparency about how we collect, use, and protect your information.

A. Company Information and Status

MetaX Payments Ltd operates as a registered Money Services Business (MSB) in British Columbia, Canada. We are authorized to provide various financial services including money transfers, currency exchange, and payment services. Our operations are subject to oversight by multiple regulatory bodies, including the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) and provincial regulators.

As a financial institution operating both domestically and internationally, we maintain strict standards of data protection and privacy that meet or exceed regulatory requirements across all jurisdictions where we operate.

B. Purpose of Policy

This policy serves multiple purposes:

  • To clearly explain how we handle your personal and business information
  • To outline your rights regarding your information
  • To describe our security measures and data protection practices
  • To inform you about how we comply with various legal and regulatory requirements
  • To maintain transparency about our information handling practices

C. Scope of Application

This policy applies to all information we collect through:

  • Our website and mobile applications
  • Telephone and email communications
  • Business relationships and transactions
  • Third-party service providers acting on our behalf

The policy covers both our Canadian operations and our international services, ensuring consistent protection of your information regardless of where you interact with us.

D. Definitions and Key Terms

To help you better understand this policy, we use these key terms:

  • "Personal information" means any information about an identifiable individual
  • "Business information" refers to information about commercial entities
  • "Processing" includes collecting, using, sharing, storing, or disposing of information
  • "Service providers" are third parties who help us deliver our services
  • "Regulatory authorities" include government agencies and financial regulators who oversee our operations

2. Legal and Regulatory Framework

A. Federal Laws (PIPEDA)

The Personal Information Protection and Electronic Documents Act (PIPEDA) forms the foundation of our privacy practices. Under PIPEDA, we adhere to these key principles:

  • Accountability: We are responsible for all personal information under our control, including information transferred to third parties for processing. We have appointed a Privacy Officer to ensure compliance with privacy obligations.
  • Identifying Purposes: We clearly identify why we collect personal information at or before the time of collection. We document all purposes for which information is collected, used, or disclosed.
  • Consent: We obtain meaningful consent for the collection, use, and disclosure of personal information. We explain the implications of consent, and we respect your right to withdraw consent, subject to legal or contractual restrictions.
  • Limiting Collection: We collect only the information necessary for the purposes we have identified. We collect information by fair and lawful means.

B. Provincial Laws (PIPA)

As a British Columbia-based organization, we comply with the Personal Information Protection Act (PIPA), which provides additional privacy protections. PIPA requires:

  • Specific consent requirements for collecting, using, and disclosing personal information
  • Enhanced protection for employee personal information
  • Strict rules about marketing and promotional communications
  • Specific requirements for information disclosure and retention

C. International Standards

Our global operations require compliance with international data protection standards, including:

  • International data transfer requirements
  • Cross-border privacy rules
  • Global security standards
  • International banking protocols

D. Industry-Specific Regulations

As an MSB, we adhere to specialized regulations including:

  • Anti-Money Laundering (AML) requirements
  • Counter-Terrorist Financing (CTF) regulations
  • Know Your Customer (KYC) standards
  • International sanctions compliance

3. Personal Information Collection

A. Individual Customers

We collect personal information necessary to provide our services and meet regulatory requirements. Our collection practices are designed to gather essential information while respecting your privacy.

Identity Information

Basic identification information includes:

  • Full legal name
  • Date of birth
  • Contact information
  • Residential address
  • Government-issued identification

Financial Information

To process transactions and maintain your account, we collect:

  • Banking information
  • Transaction history
  • Source of funds information
  • Financial profile information

Transaction Data

For each transaction, we record:

  • Transaction amounts and currencies
  • Purpose of transaction
  • Payment details
  • Transaction patterns

Digital/Technical Data

When you use our online services, we collect:

  • Device information
  • IP addresses
  • Login information
  • Usage patterns

B. Corporate Customers

For business clients, we collect information necessary to establish and maintain business relationships while meeting regulatory requirements.

Entity Documentation

Standard business documentation includes:

  • Registration information
  • Corporate structure documents
  • Business licenses
  • Industry certifications

Ownership Structure

To understand business ownership, we collect:

  • Ownership information
  • Control structure details
  • Relationship information
  • Group structure documentation

Management Information

For key individuals in the business, we require:

  • Basic identification information
  • Role and responsibility details
  • Authorization documentation
  • Contact information

Business Activity Data

To understand your business operations, we collect:

  • Business type and activity information
  • Industry classification
  • Transaction patterns
  • Business relationships

All information collection is conducted in accordance with applicable laws and regulations, with appropriate security measures in place to protect your data. We regularly review our collection practices to ensure they remain necessary and proportionate to our services and regulatory obligations.

4. Purpose and Legal Basis for Processing

A. Primary Purposes

Your trust is essential to our business, and we want you to understand exactly how and why we process your information. Our primary purposes for processing personal and business information are directly connected to providing our financial services and meeting our regulatory obligations.

Service Provision

We process your information to:

  • Facilitate your financial transactions securely and efficiently
  • Maintain accurate records of your account and transaction history
  • Provide you with account statements and transaction confirmations
  • Respond to your inquiries and service requests
  • Verify your identity for each transaction as required by law
  • Process currency exchanges and international transfers
  • Manage your account preferences and settings

For example, when you initiate an international money transfer, we process your identification information to verify your identity, your financial information to execute the transfer, and your recipient's information to ensure accurate delivery of funds.

Regulatory Compliance

As a regulated financial institution, we are legally required to:

  • Verify the identity of our customers (KYC requirements)
  • Monitor transactions for suspicious activity
  • Report certain types of transactions to regulatory authorities
  • Maintain records for prescribed periods
  • Conduct regular compliance assessments
  • Respond to regulatory inquiries and audits

Risk Management

To protect both you and our institution, we process information to:

  • Detect and prevent fraudulent activities
  • Assess and manage financial risks
  • Verify the authenticity of provided documents
  • Monitor for unauthorized account access
  • Evaluate transaction patterns for unusual activity
  • Maintain the security of our systems and services

B. Secondary Purposes

Beyond our primary purposes, we may process your information for additional purposes that support and improve our services.

Service Improvement

We analyze service usage patterns to:

  • Enhance our service offerings
  • Improve user experience
  • Streamline transaction processes
  • Develop new features and services
  • Resolve technical issues
  • Optimize our platforms and systems

Marketing and Communications

With your explicit consent, we may use your information to:

  • Inform you about new services and features
  • Share relevant product updates
  • Provide educational content about financial services
  • Invite you to participate in customer surveys
  • Send service-related notifications
  • Keep you informed about important changes

You can opt out of marketing communications at any time while continuing to receive essential service-related communications.

Analytics and Research

We conduct analysis and research to:

  • Understand customer needs and preferences
  • Improve our service efficiency
  • Develop market insights
  • Enhance security measures
  • Identify emerging trends
  • Plan future service offerings

5. Data Sharing and Disclosure

A. Internal Usage

Within our organization, we maintain strict controls on internal access to your information:

  • Access is granted only to employees who need it to perform their jobs
  • Different levels of access are assigned based on job responsibilities
  • All internal access is logged and monitored
  • Regular access reviews are conducted
  • Employees receive ongoing privacy and security training

B. Third-Party Service Providers

We carefully select and monitor third-party service providers who help us deliver our services. These may include:

Essential Service Providers

  • Payment processing services
  • Identity verification services
  • Technology infrastructure providers
  • Security monitoring services
  • Customer support systems

Professional Services

  • Legal advisors
  • Auditors
  • Compliance consultants
  • Technology consultants

All service providers are bound by:

  • Strict confidentiality agreements
  • Data protection requirements
  • Security standards
  • Regular performance monitoring
  • Audit requirements

C. Regulatory Reporting

As a regulated financial institution, we are required to share certain information with regulatory authorities:

Mandatory Reporting

We report to various regulatory bodies including:

  • Financial intelligence units
  • Banking regulators
  • Tax authorities
  • Law enforcement agencies (when legally required)

Regulatory Compliance

Our reporting obligations include:

  • Regular compliance reports
  • Suspicious activity reports
  • Large transaction reports
  • Regulatory audits and examinations

D. International Transfers

When processing international transactions, information sharing across borders is necessary:

Cross-Border Services

We share information with:

  • International banking partners
  • Global payment networks
  • Foreign financial institutions
  • International service providers

Transfer Safeguards

All international transfers include:

  • Data protection agreements
  • Security protocols
  • Privacy safeguards
  • Monitoring systems

E. Banking Partners and Payment Networks

To provide our services, we work with various financial partners:

Financial Networks

We participate in:

  • International banking networks
  • Payment processing systems
  • Currency exchange networks
  • Settlement systems

Partner Requirements

All partners must maintain:

  • Strong security measures
  • Privacy protections
  • Compliance programs
  • Regular auditing

6. Data Protection Measures

A. Technical Security

We implement comprehensive technical measures to protect your information:

Infrastructure Security

Our systems include:

  • Advanced encryption for data in transit and at rest
  • Multi-layer firewall protection
  • Intrusion detection and prevention systems
  • Regular security updates and patches
  • Continuous monitoring systems

Access Controls

We maintain strict access controls through:

  • Multi-factor authentication
  • Role-based access management
  • Regular access reviews
  • Activity logging and monitoring
  • Secure access protocols

B. Organizational Security

Our organizational security measures include:

Policy Framework

We maintain:

  • Comprehensive security policies
  • Documented procedures
  • Regular policy reviews
  • Compliance monitoring
  • Risk assessments

Physical Security

Our facilities are protected by:

  • Access control systems
  • Surveillance systems
  • Secure storage areas
  • Visitor management procedures
  • Clean desk policies

C. Staff Training and Policies

We ensure our staff understand and follow security requirements:

Training Programs

All staff complete:

  • Initial privacy training
  • Regular security updates
  • Compliance training
  • Incident response training
  • Social engineering awareness

Policy Enforcement

We maintain:

  • Clear security procedures
  • Regular compliance checks
  • Disciplinary procedures
  • Reporting mechanisms
  • Continuous improvement processes

D. Incident Response

We maintain comprehensive incident response procedures:

Response Framework

Our response includes:

  • Incident detection systems
  • Response protocols
  • Investigation procedures
  • Notification processes
  • Recovery plans

Management Procedures

We follow structured:

  • Escalation procedures
  • Communication protocols
  • Documentation requirements
  • Review processes
  • Improvement mechanisms

E. Breach Management

In the unlikely event of a data breach:

Response Protocols

We will:

  • Contain the breach
  • Assess the impact
  • Notify affected parties
  • Implement corrective measures
  • Report to authorities as required

Recovery Procedures

Our recovery includes:

  • System restoration
  • Data recovery
  • Security enhancement
  • Process improvement
  • Preventive measures

7. Cross-Border Data Transfers

A. Legal Basis for Transfers

As a financial institution operating globally, we regularly transfer data across borders to provide our services. We ensure all international transfers have a proper legal foundation and appropriate safeguards.

Legal Framework

Our cross-border transfers are conducted under:

  • International data protection agreements
  • Standard contractual clauses
  • Adequacy decisions by relevant authorities
  • Binding corporate rules for internal transfers
  • Specific consent where required

For example, when you initiate an international money transfer, your transaction information must flow through various jurisdictions to reach its destination. We ensure this process follows all applicable laws and regulations in both originating and receiving countries.

Compliance Mechanisms

For each transfer, we ensure:

  • Proper documentation of transfer grounds
  • Verification of recipient safeguards
  • Assessment of destination country protections
  • Implementation of necessary additional measures
  • Regular review of transfer mechanisms

B. International Partners

We carefully select and monitor our international partners to maintain data protection standards across borders. All international partners must:

  • Maintain adequate data protection standards
  • Implement required security measures
  • Follow agreed privacy practices
  • Provide compliance documentation

C. Security Measures

Specific security measures protect data during international transfers:

Technical Protection

We implement:

  • End-to-end encryption
  • Secure transfer protocols
  • Access controls
  • Transfer monitoring
  • Audit logging

Organizational Controls

We maintain:

  • Transfer policies
  • Staff training
  • Documentation requirements
  • Review procedures
  • Incident response plans

D. Jurisdictional Considerations

We address varying privacy requirements across jurisdictions:

Compliance Framework

We maintain:

  • Country-specific requirements mapping
  • Regional compliance programs
  • Local law adherence
  • Regulatory reporting systems
  • Updates for legal changes

8. Individual Rights

A. Access Rights

You have the right to understand and access your personal information in our systems.

Information Access

You can request:

  • Confirmation of what information we hold
  • Copies of your personal information
  • Details of how your information is used
  • Lists of who has access to your information
  • Information about automated processing

Access Process

To exercise your access rights:

  1. Submit a request through our secure channels
  2. Verify your identity
  3. Specify the information you want to access
  4. Receive response within mandated timeframes
  5. Request clarification if needed

B. Correction Rights

You have the right to ensure your information is accurate and complete.

Correction Requests

You can request:

  • Updates to outdated information
  • Correction of inaccurate details
  • Addition of missing information
  • Removal of irrelevant data
  • Updates to preferences

Correction Process

We will:

  1. Review your correction request
  2. Verify the requested changes
  3. Update relevant systems
  4. Notify relevant parties of changes
  5. Confirm completion

C. Deletion Rights

You have certain rights to request deletion of your information, subject to legal requirements.

Deletion Scope

You can request deletion of:

  • Outdated information
  • Information no longer needed
  • Information where consent is withdrawn
  • Information not required by law

Retention Requirements

We must retain certain information:

  • As required by law
  • For regulatory compliance
  • To protect legal rights
  • To prevent fraud
  • For business continuity

D. Complaint Procedures

We provide clear procedures for addressing privacy concerns.

Complaint Process

Our process includes:

  1. Initial complaint submission
  2. Acknowledgment and review
  3. Investigation of concerns
  4. Response and resolution
  5. Appeal options if needed

Resolution Framework

We ensure:

  • Timely responses
  • Fair investigation
  • Clear communication
  • Appropriate remediation
  • Process improvement

E. Exercise of Rights Process

We make it easy to exercise your privacy rights while maintaining security.

Request Procedures

To exercise your rights:

  1. Contact our Privacy Office
  2. Verify your identity
  3. Specify your request
  4. Provide necessary information
  5. Receive confirmation

Response Timeline

We will:

  • Acknowledge requests promptly
  • Respond within legal timeframes
  • Keep you informed of progress
  • Explain any delays
  • Document all actions

9. Data Retention

A. Retention Periods

We maintain clear retention schedules for all information we hold.

Standard Retention

We typically retain:

  • Account information for the duration of the relationship plus required period
  • Transaction records as required by law
  • Communication records for service purposes
  • Security logs for system protection

Legal Requirements

We must retain certain records:

  • Financial records (typically 7 years)
  • Identity verification records (5 years after last transaction)
  • Regulatory reports (as required by law)
  • Legal documents (as needed for claims)

B. Retention Justification

All retention periods are based on specific requirements or legitimate needs.

Retention Grounds

We retain information based on:

  • Legal obligations
  • Regulatory requirements
  • Business needs
  • Customer service
  • Risk management

Regular Review

We conduct:

  • Periodic retention reviews
  • Necessity assessments
  • Compliance checks
  • Update procedures
  • Documentation updates

C. Deletion Procedures

We follow structured procedures for secure data deletion.

Deletion Methods

We use:

  • Secure deletion protocols
  • Certified destruction methods
  • Verified wiping procedures
  • Physical destruction when needed
  • Documented processes

Verification Process

We ensure:

  • Complete deletion
  • Proper documentation
  • Audit trails
  • Compliance verification
  • Regular testing

D. Archiving Standards

We maintain secure archives for required retention periods.

Archive Security

Our archives have:

  • Access controls
  • Encryption
  • Regular backups
  • Integrity checks
  • Recovery procedures

Archive Management

We maintain:

  • Classification systems
  • Retrieval procedures
  • Access logs
  • Regular reviews
  • Destruction schedules