At VerifyVASP Pte. Ltd. (referred to as "VV", "we", "us", and "our"), we are committed to protecting the privacy and personal data (as defined in clause 2 below) of our registered users or clients (collectively referred to as "you" or "yours") who access or use VV's cryptoscams.org website or platform ("Service"). We believe in being transparent about the data or information we collect, the reasons or basis for collecting it, and how we use such data or information. In line with these principles, our Privacy Policy explains our data handling practices, including how we collect, use, process, and disclose personal data or other types of information when you access or use our Service.
Unless otherwise stated herein, the defined terms used in this Privacy Policy shall have the meanings ascribed to them in clause 2 of the definition section of this Privacy Policy and as defined in the Terms of Service.
Privacy and data protection are fundamental commitments at VV, which are integral to our core services and essential to our operating environment. We protect the data and privacy of our users and operate our Service in strict compliance with privacy and data protection standards, as well as in compliance with applicable law.
We take our commitment to privacy seriously and seek to deliver a high degree of privacy by ensuring that all data is protected by design, operating on principles of data minimization, and ensuring full compliance with all applicable privacy and data protection laws. VV operates secure lifecycle data management by establishing privacy and data protection throughout the entire lifecycle of the data involved, ensuring that the data is securely retained and securely destroyed at the end of the process.
Please take a moment to read this Privacy Policy carefully. If you have any questions about this Privacy Policy, please contact our Customer Support.
(a)
Acceptance of this Privacy Policy
By accessing and using our Service, you explicitly agree to this Privacy Policy. Where we require your additional consent to use, process, or disclose your personal data for reasons other than those specified in this Privacy Policy, we will request your permission in advance.
For the purpose of registering as a user to this Service, all prospective users are required to submit their name and email address and such other relevant details as VV may from time to time require.
(b)
Changes to this Policy
VV reserves the right to modify this Privacy Policy at any time. We will notify you of any material changes made to this Privacy Policy by posting on our website or via such other means to notify you of the revision within 14 days before it becomes effective. If you have any questions, requests, or complaints relating to your personal data or this Privacy Policy, please contact our Customer Support.
(c)
Data Controller
To the extent that VV acts as a Controller (as specified below), the Controller is: VerifyVASP Pte. Ltd. 1 HarbourFront Ave, #13-03 Keppel Bay Tower, Singapore 098632 Tel: +65 6432 8365 Email: corporate@verifyvasp.com
(d)
Customer Support
Any questions, requests, or complaints about VV's responsibilities regarding the protection of personal data can be directed to the following email address: corporate@verifyvasp.com.
(e)
Data Protection Officer (DPO)
The DPO is responsible for ensuring compliance with the PDPA and protecting your personal data. The DPO oversees data protection activities, addresses inquiries, and helps resolve any complaints regarding data privacy practices.
VV's Data Protection Officer can be contacted at the following email address: Attn: Data Protection Officer corporate@verifyvasp.com
(f)
VV's Policies, Principles & Practices
VV's policies and practices are designed to ensure privacy and protect all data in our possession, whether considered personal data or not. We operate according to the following stated principles and objectives:
·
Appropriateness: We regularly review our Terms of Service and Privacy Policy, published on our website, to ensure we can clearly explain how we handle data and information.
·
Transparency: Contact details for VV's Customer Support, Data Protection Officer, and the availability of our data policies are stated in this Privacy Policy, which is publicly posted on our website.
·
Privacy by Design: Respect for privacy and protecting data is paramount at every stage of the design, development, and delivery of our Service.
·
Data Minimization: We collect the minimum amount of data needed to fulfill our Service obligations and achieve our commercial objectives.
·
Data Retention Limitation: We will cease the retention of any data or remove the means by which personal data can be associated with any particular individuals as soon as it is reasonable to assume that the retention of data is no longer necessary for any legal, business, or record-keeping purposes.
·
Awareness: We provide training to all our employees and any authorized persons who have access to data, ensuring they understand the importance of data privacy and how to protect data.
Our use and protection of data is strictly controlled according to policies and processes, which may be subject to audit review. Our Data Protection Officer regularly reviews these controls and makes appropriate modifications within the related policies, including those concerning personal data protection, data retrieval, and privacy statements.
2.
PROCESSING OF PERSONAL DATA
(a)
Definitions
Other than the following words defined below in this Clause 2(a), all other capitalized words and expressions used in this Privacy Policy shall carry the same meaning as stated in the Terms of Service.
·
"Data Controller" means the natural or legal person, association, agency, or other body that, alone or jointly with others, determines the purpose and means of processing the personal data.
·
"Data Processor" or "Data Intermediary" means a natural or legal person, public authority, agency, or other body, which processes personal data on behalf of the Controller.
·
"Data Subject" refers to any individual person(s) who can be identified, directly or indirectly, from an identifier such as name, date and place of birth, address, and account number, as applicable.
·
"Personal Data" refers to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Personal Data may originate from data provided by registered users for the subscription to the Travel Rule Solution or pursuant to this Service. VV acts as a Controller with regard to corporate information, including personal data.
[Note: The definition of personal data under the PDPA does not extend to anonymized data, as anonymized data cannot be used to identify individuals. Additionally, data of non-natural persons or body corporates is not considered personal data.]
·
"Processing" refers to any operation or set of operations that are performed on personal data, whether by automated means or not, including, for example, collection, use, transfer, and disclosure of personal data.
(b)
VV as Data Controller
We collect and process personal data to fulfill our contractual obligations, improve our Service, and comply with legal requirements.
As a Data Controller, we process the following categories of data:
·
Identity Data: including name and such other identifying details as VV may require from time to time.
·
Contact Data: including email address and, as may be necessary from time to time, the contact or mobile phone number of the contact person and authorized representatives (as applicable).
·
Performance Data: including information related to the performance and technical usage of the Service and VV’s platform. Performance Data may also include response times, load averages, usage statistics, activity logs, IP addresses in server logs, usage logs, but will not include any personal data.
We will process this data for the following purposes and on the following legal basis:
i.
Contractual Obligation: We process Identity and Contact Data to enter into a contract with our users and to address any instances of legal recourse, commercial objectives, and manage contractual obligations. We process your personal data on the basis of our legitimate interest in improving our services and ensuring security.
However, if you object to such processing, we will carefully assess your rights and interests, and may cease processing if your rights outweigh our legitimate interests.
ii.
Marketing Communications: We process Identity and Contact Data to deliver targeted marketing communications, newsletters, and materials related to VV, its Service, and any third-party service providers, which may be of interest to our users. The legal basis for this is the consent of each user, and users may unsubscribe from any marketing communications by following the instructions in each marketing email.
iii.
Service Access and Performance: We use Identity, Contact, and Performance Data to enable users to access and use the Service and VV’s platform. The legal basis for this is contractual necessity and performance.
iv.
Service Protection: We use Performance Data to administer and protect the Service and VV’s platform or website, ensure the safety and security of the Service, and troubleshoot any potential issues. VV reserves the right to share Performance Data with third parties for business and commercial purposes. The legal basis for the use and sharing of Performance Data is for commercial objectives, business improvement purposes, and our legitimate interest in protecting and improving the infrastructure, Service, and Travel Rule Solutions.
v.
Legal Compliance: We may use all categories of data to respond to governmental, regulatory, or law enforcement requests to which we are legally obligated to comply. The legal basis is our compliance with legal obligations.
vi.
Fraud Prevention: We may disclose Identity and Contact Data with other users or regulatory authorities to facilitate information sharing, comply with legal and regulatory requirements, and prevent scams or frauds.
In instances where VV has no direct relationship with Data Subjects and cannot access their personal data, VV cannot assist Data Subjects in responding to their data protection requests. In such a case, VV can only refer the Data Subject to the relevant user to enforce their rights.
(c)
Confidentiality, Integrity, and Security
We require users to ensure the confidentiality and protection of any personal data and/or corporate information obtained when using and accessing the Service. We will apply appropriate technical, physical, and organizational security measures to protect personal data and/or corporate information against accidental or unauthorized disclosure or access.
(d)
Personal Data Breach Notification
In the event of a breach relating to personal data under VV's control and/or possession, leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to that personal data, we will notify the breach to Singapore's Personal Data Protection Commission (PDPC) and/or any other relevant regulator, as required. If required under applicable law, VV will notify the relevant users and, if necessary, data subjects of any security incidents that result in the accidental or unlawful loss, alteration, unauthorized disclosure of, or access to any personal data, without undue delay after becoming aware of the breach. VV will also notify the relevant data protection authority, including the PDPC, without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach. We will also inform you if your rights or freedoms are at risk due to the breach.
(e)
Data Retention
We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Once data is no longer required, we ensure secure deletion or anonymization.
(f)
Law Enforcement Requests
VV may, in accordance with applicable law, disclose or respond to inquiries or requests from governmental or regulatory authorities regarding users' Personal Data. Unless otherwise prohibited by applicable law, we will inform users of our compliance with such enforceable requests. For Personal Data that is not in VV's possession or control, inquiries or requests from regulatory authorities will be referred to the relevant users.
(g)
Security Measures
We have controls in place designed to ensure adequate security, considering encryption protocols, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the relative rights of the individuals concerned. VV reviews its security measures regularly.
We implement robust security measures, such as encryption, firewalls, and access controls, to protect your Personal Data from unauthorized access or loss. Regular security audits are conducted to verify the effectiveness of our security protocols.
(h)
VV Employees & Third Party Processing
We ensure that our employees are bound by confidentiality obligations concerning the processing of any user information or Personal Data. Our employees are properly instructed and required to comply with VV's obligations as outlined in this Privacy Policy.
In providing the Service, we may engage with third-party data processors or affiliates to process the data, including Personal Data, to assist VV in delivering the Service. We impose the same data protection terms on any sub processors and third party contractors we appoint, ensuring they apply the same standards as stated in this Privacy Policy. We remain responsible and liable for any breaches caused by any act, error, or omission of sub processors and subcontractors. Upon reasonable request, we may provide a current list of sub processors and subcontractors that are processing Personal Data as part of the users' data.
(i)
Data Subject Rights
As Data Subject, you have the right to withdraw your consent to process your Personal Data at any time. The revocation does not affect the lawfulness of processing based on consent prior to its revocation. Additionally withdrawal of your consent to process your Personal Data could also mean the termination of the Service since there are no legal basis to process your Personal Data. To do so, please email us at corporate@verifyvasp.com.
If you have concerns about how your data is handled, you may lodge a complaint us or with Singapore's Personal Data Protection Commission (PDPC), directly.
(j)
International Transfer of Personal Data
Data Subjects located outside Singapore should be aware that data we process in relation to them will be transferred to and stored in Singapore and/or Korea, unless otherwise stated. Data Subjects residing in the EEA should also be aware that Singapore, or any other relevant jurisdiction, may not have data protection laws equivalent to those in the EEA. It may also be processed by staff located outside the EEA who work for us or for one of our suppliers.
When transferring Personal Data outside Singapore, we ensure that appropriate safeguards, are in place to ensure your data remains protected. If you have concerns about international data transfers, please contact us for more details.