1. General Provisions
1.1. This Privacy Policy (hereinafter referred to as the “Policy”) regulates the procedure for collecting, processing and protecting information about Users obtained when using the changedept.com exchange service (hereinafter referred to as the “Service”).
1.2. By using the Service, the User confirms his consent to the terms of this Policy and agrees to the processing of his data in accordance with its provisions.
1.3. The purpose of this Policy is to ensure an adequate level of protection of the Users’ data, including the prevention of unauthorized access, loss, modification or disclosure of information.
1.4. Data processing is carried out in accordance with applicable laws and international standards in the field of combating fraud and illegal activities (AML/KYC/SoF).
2. Terms and Definitions
2.1. User is an individual or legal entity using the functionality of the Service.
2.2. Personal data is any information that allows you to directly or indirectly identify the User.
2.3. Data processing – any actions with data, including collection, recording, systematization, storage, use, transfer, blocking and destruction.
2.4. Automated processing means data processing using software and hardware.
2.5. Third parties are partners, contractors, government agencies and other persons to whom the data may be transferred on legal grounds.
3. Categories of data processed
The Service may process the following categories of information:
• contact details (e.g. email address, instant messengers);
• information about orders and transactions performed;
• payment and financial details necessary for the execution of transactions;
• data provided as part of verification procedures (KYC);
• correspondence with technical support;
• technical information (IP address, cookies, device characteristics, log files);
• data obtained from open sources or from third parties on legal grounds.
3.2. The volume and composition of data is determined by the nature of the User’s interaction with the Service, legal requirements and the level of risk of transactions.
4. Purposes of data processing
4.1. Data processing is carried out for the following purposes:
• providing access to the functionality of the Service;
• execution of transactions for the exchange of cryptocurrencies and electronic funds;
• identification and verification of Users;
• ensuring the security of the Service;
• Prevention of fraud and illegal activities;
• Risk analysis and transaction monitoring;
• Compliance with AML/KYC/SoF and other applicable regulations;
• processing of User requests;
• Compliance with legal requirements of state authorities and partners.
5. Legal basis for processing
5.1. Data processing is carried out on the following grounds:
• User’s consent;
• the need to fulfill obligations to provide services;
• compliance with legal requirements;
• protection of the legitimate interests of the Service, including fraud prevention.
6. Transfer of data to third parties
6.1. The Service has the right to transfer User data to third parties in the following cases:
• at the lawful request of state and supervisory authorities;
• payment, technical and infrastructure partners for the execution of transactions;
• suppliers of compliance and analytical solutions;
• to protect the rights and legitimate interests of the Service or Users.
6.2. In cases provided for by law or the need to ensure security, the transfer of data may be carried out without prior notice to the User.
6.3. In some cases, cross-border transfer of data outside the jurisdiction of the User is possible.
7. Operations Analysis and Risk Management
7.1. The Service uses automated and manual methods for analyzing operations, including:
• verification of the sources of origin of funds;
• Analysis of transactional relationships;
• Risk assessment of operations.
7.2. Based on the results of the analysis, the Service has the right to:
• suspend the operation;
• refuse to provide services;
• request additional information or documents.
8. Data Retention and Protection
8.1. The Service takes the necessary organizational and technical measures to protect data from unauthorized access, modification, disclosure or destruction.
8.2. The data storage period is determined by the purposes of their processing, legal requirements, as well as the need to ensure security and prevent abuse.
9. Rights of Users
9.1. The User has the right to:
• send requests related to the processing of their data;
• to request clarification, restriction of processing or deletion of data, if this does not contradict the law and the purposes of processing.
9.2. The Service has the right to limit the provision of information or refuse to satisfy the request if it is necessary to:
• Fraud prevention;
• protection of internal control processes;
• compliance with legal requirements.
10. Final provisions
10.1. This Policy is not a public offer.
10.2. The Service has the right to amend this Policy at any time.
10.3. The current version of the Policy is posted on the website: https://pay.changedept.com/
10.4. Continued use of the Service after the changes are made means the User’s consent to the updated version of the Policy.