Effective: June 5, 2024
CONTENTS:
INTRODUCTION
- PERSONAL INFORMATION WE COLLECT
- HOW WE USE PERSONAL INFORMATION
- HOW WE SHARE PERSONAL INFORMATION
- RETENTION OF PERSONAL INFORMATION
- PROTECTION OF PERSONAL INFORMATION
- INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
- PERSONAL INFORMATION RIGHTS
- AUTOMATED PROCESSES
- YOUR CHOICES
- COOKIES, WEB TRACKING, AND ADVERTISING
- OTHER DISCLOSURES
- CONTACT US
- UPDATES TO THIS PRIVACY POLICY
This policy (“Privacy Policy”) describes how Paxos Issuance MENA Ltd. and each of its affiliates and subsidiaries (collectively, “Paxos,” “we,” “us,” “our”) collect, use, and share information about you, as well as your rights and choices regarding such information. This includes information we collect through, or in association with, our offered products and services, including our websites with home pages (the “Site”), functionality we provide via partner products, applications, and websites that utilize our services, and our social media pages (collectively, the “Services”).
The Paxos Group Company that is a Controller of your data may differ depending on the Paxos Services you use. For the Services provided through this Site, your data controller is Paxos Issuance Mena, Ltd. and is generally the Controller of your data. Other Paxos Group Companies may also act as Controllers of your data depending on the purpose of the processing. If you have questions in relation to this Privacy Policy, including about the Controller of your data, please contact us at privacy@paxos.com.
What this Privacy Policy does not cover:
To the extent that we are providing the Services via our Partners’ (as defined below) or third party products, applications or websites including via embedded links or videos on our Site, this Privacy Policy only covers our privacy practices. You should refer to the applicable partner’s privacy policy for more information about their privacy practices.
Information that is not identifiable to you such as anonymised data, is not considered personal information.
1. Personal Information We Collect
We obtain various types of Personal Information in several ways, as described under the categories of Personal Information set out below.
- Directly from you. For example, when you register for an account with us or use our Services through one of our partners, we collect a variety of information from you, including (as applicable and in accordance with applicable laws):
- Basic Customer and Contact Information: such as your name, nationality, gender, phone number, email address, and physical address.
- Residence and Supplemental Verification Information: such as your utility bill details or other similar information to prove residence, such as visa or employment information.
- Identity Verification Information: such as your date of birth, marital status, tax identification number, images of your government-issued identification card (passport and/or driver’s license), public employment profile, criminal and credit histories, and biometric information based on photos that identity verification services may generate. US residents may be asked to provide their social security numbers.
- Financial Information: such as your banking account information, brokerage account information, and other information not specified below that we collect related to our provision of financial products and services.
- Account Information: such as your username, password, and information that is generated by your account activity, including, but not limited to, purchases and redemptions, deposits, withdrawals and account balances.
- Transactional Information: to the extent identifiable to you, such as information about the transactions made on our Services, including the name of the sender, the name of the recipient, the amount, currency preferences, payment method, date, and timestamp.
- Institutional Information: from Partners including documentation pertaining to the legal incorporation, business licenses, and identification information of beneficial owners, principals and executive management.
- Additional Information you submit to us: such as preferences and other settings, survey responses, feedback, questions, comments, and any other information submitted to our customer support team or other representatives including applications for employment with Paxos.
- Automatically or indirectly from you. We also may collect certain information from you automatically when you access and interact with the our Services, such as:
- App, Browser, Network, and Device Information: such as the type of device and operating system you are using and your IP address.
- Information from Cookies and Similar Technologies: including preferences and personalization (please see our Cookie Policy for more information).
- Services Usage Information: including what you view, use, and click on along with diagnostic information such as performance, crash, and timestamp data.
- Location Information: including country of access.
- From our Affiliates, Partners, Service Providers, and Public Sources. We receive information from, obtain, or have parties collect on our behalf, including:
- Paxos Entities (“Affiliates”): which provide information, such as Account Information and Transactional Information, to one another to conduct everyday business, including the provision of our Services.
- Partners: including crypto brokerage partners, financial firms, institutions, and service providers, and other partners, which provide us with information needed to provide our Services and for compliance and fraud prevention purposes, such as Transactional Information to fulfill orders and transfers, and Identity Verification Information and other information to comply with so-called “Know Your Customer” and “Travel Rules” applicable to financial institutions and for other compliance and fraud verification purposes.
- Service Providers and Other Vendors: such as vendors that assist us and our Partners with providing and marketing our Services or with customer identity verification, anti-fraud, anti-money laundering, counter-financing-of-terrorism, and know-your-customer obligations.
- Public and Commercially Available Sources: such as public databases like the United Nations Sanctions List or other public sources of personal information, as well as commercially available sources, such as KYC/AML vendors and other types of due diligence vendors.
- Blockchains: from which we collect Transactional Information and other information such as IDs, timestamps, and amounts, digital signatures, wallet addresses, and beneficiaries in connection with our Services.
- At Your Direction: we may receive your information when you direct other individuals or third parties to share data with us.
When you are asked to provide information, you may decline to do so, but if you do not provide information that is necessary to provide some of our Services, you may not be able to use all or part of those Services.
Certain personal information that we collect and use may be considered “sensitive” under applicable laws (sometimes called “special categories of personal data”), in which case, we will use such sensitive personal information in accordance with applicable law, adhering to any additional restrictions or requirements.
2. How We Use Personal Information
We use Personal Information for the purposes identified in the table set out below.
Processing Purpose | Personal Information Categories | Legal Basis (Where Applicable) |
To provide and administer our products and services, verify your identity, and communicate with you in connection with the products and services you have requested (such as to provide you with updates on relevant changes), as well as maintain and service accounts, provide customer service, fulfill transactions, and process payment |
| Performance of a contract (in particular, our General Terms and Conditions). Compliance with legal obligations (for example, when we are required to take steps to verify your identity or adhere to rules applicable to transaction and payment processing). |
To improve our products and services, evaluate and develop new |
| Legitimate Interests (to improve and develop our business) |
products and services, and improve our service quality (including through statistical analysis of transactions and Site usage) |
| |
To create financial and management reports, evaluate changes to our business, and for audit and record-keeping purposes |
| Compliance with legal obligations (for example, where applicable law requires us to create reports, keep records, or conduct audits) Legitimate interests (to manage our business), to the extent certain reporting measures are not strictly required by applicable local law |
To inform our advertising and marketing strategy and tailor our messaging to you |
| Legitimate interests (to promote our business) Consent (to the extent required by applicable law – for example, for the use of cookies or trackers in certain jurisdictions) |
To send you marketing communications and advertising in accordance with applicable law |
| Consent (to the extent required by applicable law) Otherwise, our legitimate interests (to promote our business) |
To comply with applicable laws, regulations, and rules, such as, by way of example, anti-money laundering (“AML”) and know-your-customer (“KYC”) laws, as well as to respond to requests of relevant law enforcement and/or other governmental authorities |
| Compliance with legal obligations (in particular, KYC/AML laws, “Travel Rules,” or related requirements) Legitimate interests (to comply with our legal and similar obligations), to the extent certain due diligence measures are not strictly required by applicable local law |
To carry out compliance and risk management purposes, including, by way of example, to maintain, improve, and manage our credit and risk models |
| Compliance with legal obligations (for example, laws that impose specific requirements for compliance and risk management) Legitimate interests (to comply with our legal and similar obligations), to the extent certain compliance measures are not strictly required by applicable local law |
To detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity |
| Compliance with legal obligations (for example, where applicable law requires us to detect or prevent security incidents or other types of illegal activities, and provide information to prosecute such activities) Legitimate interests (to protect our business), to the extent certain measures are not strictly required by applicable local law |
To enforce our Terms and Conditions and other usage policies, including to prevent, investigate and address any complaints, claims, disputes, or suspected violations of our Terms and Conditions or other policies |
| Performance of a contract (in particular, our General Terms and Conditions). Legitimate interests (to enforce our Terms and Conditions and to manage claims), if performance of a contract does not apply |
| ||
To protect the rights, property, and safety of our users, us, and other third parties, including where necessary to prevent physical harm or financial loss |
| Compliance with legal obligations (for example, where applicable law requires us to protect rights, property, safety, or other interests) Legitimate interests (to protect our users and third parties), to the extent certain measures are not strictly required by applicable local law |
To reorganize or make changes to our business in the event that we are subject to negotiations for the sale of our business or part thereof to a third party, including in the event of a merger, acquisition, sale, restructuring, or other corporate transaction |
| Legitimate interests Compliance with legal obligations (for example, where applicable law requires us to disclose certain types of information in relation to a corporate transaction or proposed sale) Legitimate interests (to reorganize our business), to the extent certain disclosures are not strictly required by applicable local law |
To enable you to apply for employment at Paxos and evaluate your application, including without limitation, arranging for and conducting phone screening interviews, and other applicable assessment. | Education, skills, certifications obtained, trainings attended, languages spoken, work history, job references, etc.; Citizenship and/or permanent legal residence, as well as eligibility to work, including documentation of immigration status (if applicable); and Any other information that you may choose to provide as part of your application and interview process. | Performance of a contract (steps taken prior to entering a contract) Legitimate Interests (to manage recruitment) to the extent performance of a contract does not apply. In some cases, consent (to the extent required by applicable law). Where we process sensitive personal information, we will likely rely on the basis that processing is required under employment law. |
Where we rely on consent as the legal basis to the processing of your personal information, you may have the right to withdraw your consent at any time. Please note that the withdrawal of this consent will not affect the lawfulness of our processing that relied on this consent prior to such withdrawal.
Where we rely on legitimate interests, our legitimate interests are stated in the “Processing Purpose” column in the table above.
Where we process sensitive personal information for the Processing purposes set out above, we will usually use one of the following lawful bases (where relevant under applicable data protection law): performance of a contract; substantial public interest (to prevent or detect crime or fraud); information made public by you; legal claims; or in certain cases, explicit consent.
3. How We Share Personal Information
In the regular course of business, we may share your personal information for the abovementioned business and commercial purposes with the following parties:
- our Affiliates;
- other financial institutions with whom we partner to process payments and transactions you have authorized;
- when you engage in blockchain based Services, some information is recorded publicly on a distributed ledger that is accessible to others, such as IDs, timestamps and wallet addresses;
- third-party service providers we use to help deliver our products and services to you and run our business (including, for example, marketing agencies, website hosts, advertising-related service providers, and others);
- with other financial institutions in connection with the aforementioned Travel Rules;
- our business partners and advisors;
- third parties approved by you, e.g. social media sites you choose to link your account to or third-party payment providers;
- credit reference agencies;
- third parties that may assist us in enforcing our Terms and Conditions;
- our insurers and brokers;
- our bank[s];
- external auditors;
- law enforcement agencies, tax authorities, fraud prevention agencies, debt collection agencies, self-regulatory organizations (such as those that operate virtual currency derivative exchanges), and other regulatory bodies to comply with our legal and regulatory obligations (including to respond to a subpoena, information request, court order, or similar legal procedure); and
- other parties at your direction or with your consent, as applicable.
We may also need to share personal information with potential buyers (and their advisors) of some or all of our business in the context of a corporate transaction or during a restructuring, including for due diligence or related analysis of a proposed sale or reorganization. In the future, we may also sell or otherwise transfer some or all of our business, operations, or assets to a third party, whether by merger, acquisition or otherwise. In the event of such an acquisition, merger, or other corporate transaction, personal information we obtain from or about you may be disclosed to acquirers and may be among those assets transferred.
4. Retention of Personal Information
We retain personal information for as long as necessary to achieve the processing purpose(s) for which it was collected and any other compatible purpose(s), and to the extent we deem necessary to comply with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, or to protect our and our partners’ rights, property, or safety, and the rights, property, and safety of our users and other
third parties, including in the context of legal proceedings and to establish, exercise or defend legal claims. Given the nature of our work in financial services, much of the personal information we obtain about you is retained for the duration of a period that is set by relevant anti-money laundering and other legal requirements.
5. Protection of Personal Information
We use commercially reasonable physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal information in accordance with applicable data protection requirements.
However, no method of safeguarding information is completely secure. While we use measures designed to protect personal information, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure.
6. International Transfers of Personal Information
Your personal information may be transferred to, stored, and processed in countries/territories outside of the country/territory where you reside. Certain countries/territories have been approved by the ADGM Commissioner of Data Protection as providing essentially equivalent personal information protections as those in the ADGM – a list of these countries/territories can be found at https://www.adgm.com/operating-in-adgm/office-of-data-protection/jurisdictions.
Where a country/territory is not in the above list, the data protection laws of that country/territory may not be as protective as the data protection laws of ADGM. In these cases, we will transfer personal information cross-border pursuant to the standard contractual clauses approved by the ADGM Commissioner of Data Protection, which impose equivalent data protection obligations directly on the recipient (unless we are permitted under applicable data protection law to make such transfers without such formalities). You can request a copy of these clauses by contacting us at privacy@paxos.com.
7. Personal Information Rights
Where recognized by applicable laws, and depending on where you reside, you may have certain rights in relation to your Personal Information. You or an agent authorized to act on your behalf may exercise your rights where they apply. Your rights will vary depending on applicable laws (including any applicable exceptions or exemptions), but generally may include the right:
- to be informed about the Personal Information we collect and/or process about you, including to know the purposes for which we process your Personal Information, with whom we share it, and any other disclosures required by law;
- to access your Personal Information;
- to rectify your Personal information;
- to delete your Personal Information;
- to object to the processing of your Personal Information;
- to restrict or limit the use of your Personal Information;
- to data portability (for example, by requesting that we send your Personal Information in a machine-readable format to you or to a third party);
- to not be subject to a decision based on solely automated Processing which produces a legal or substantially similar affect
- to withdraw your consent, where consent is the legal basis for processing of personal information; and
- to lodge a complaint with a supervisory authority, namely the ADGM Commissioner of Data Protection (https://www.adgm.com/operating-in-adgm/office-of-data-protection/overview)
You or an authorized agent acting on your behalf can submit a rights request by emailing us at privacy@paxos.com. We may request further information from you to verify your identity (or the identity and authorization of any agent acting on your behalf), as well as to clarify the nature and scope of your request and to check your entitlement (including whether any exceptions apply).
[Please note that your ability to exercise your rights to rectify your Personal Information and to delete your Personal Information may be restricted/not possible to the extent that this Personal Information resides on the blockchain. This is because the blockchain does not generally allow for data to be amended or deleted, due to its immutable nature. In these circumstances, we will only be able to consider your rights in respect of Personal Information that is held by us as Controller off the blockchain.
8. Automated Processes
Certain steps in the application and account processes involve automated credit and fraud-prevention screening and KYC/AML, economic sanctions, and counter-terrorism financing screening activities. This is generally required by applicable law. For example, such screening will check a customer’s information against lists published by governmental authorities. In some cases, this may cause a transaction to be flagged or terminated, and/or suspension from the use of our platform. In certain cases, you may: express your views; ask us to manually review the decision, to express; or contest the decision by contacting us at privacy@paxos.com.
9. Your Choices
You may have choices about certain information we collect about you, how we communicate with you, and how we process certain personal data. When you are asked to provide information, you may decline to do so; but if you choose not to provide information that is necessary to provide some of our Services, you may not be able to use those Services. In addition, it is possible to change your browser settings to block the automatic collection of certain information.
Location Information. If you want to limit or prevent our ability to receive location information from you, you can deny or remove the permission for certain Services to access location information or deactivate location services on your device. Please refer to your device manufacturer or operating system instructions for instructions on how to do this.
10. Cookies, Web Tracking, and Advertising
We use cookies and pixel tags to personalize and enhance your experience in regard to our Services, to collect data about your visit to our Services, to help diagnose problems with our servers, to administer the Services, to evaluate the effectiveness of our marketing and advertising campaigns, to permit analytics providers to gather information about your use of the Services, to gather broad demographic information about our users, and to remember choices you have made or information you have provided (please see our Cookie Policy for more information and our cookie manager to manage your consents).
Please note that when you interact with other parties, including when you leave our Service or click embedded videos or links on our Site, those parties may independently collect information about you and solicit information from you, including through the use of advertising technologies such as cookies. The information collected and stored by those parties remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.
DO NOT TRACK
We use analytics systems and providers that process personal information about your online activities over time and across third-party websites or online services, and these systems and providers may provide some of this information to us. We do not process or comply with any web browser’s “do not track” signal or similar mechanisms.
11. Other Disclosures
CHILDREN
Children under 18 years of age are not permitted to use the Services, and we do not knowingly collect information from children under the age of 18. By using the Services, you represent that you are 18 years of age or older.
LINKS TO THIRD-PARTY WEBSITES AND SERVICES
As a convenience, we may reference or provide links to third-party websites and services, including those of unaffiliated third parties, our affiliates, service providers, and third parties with which we do business. When you access these third-party services, you leave our Services, and we are not responsible for, and do not control, the content, security, or privacy practices employed by any third-party websites and services. You access these third-party services at your own risk. Unless otherwise indicated, this Privacy Policy does not apply to such third-party services; please refer to the privacy notices or policies for such third-party services for information about how they collect, use, and process personal information.
12. Contact Us
If you have any questions or concerns about this Privacy Policy and/or how we process personal information, please contact us and our Data Protection Officer at privacy@paxos.com. We are located at Floor No, 15, Ste 203, Al Sarab Tower, ADGM Square, Al Maryah Island, Abu Dhabi, UAE.
13. Updates to this Privacy Policy
We reserve the right, at any time, to modify, alter, and/or update this Privacy Policy, and any such modifications, alterations, or updates will be effective upon our posting of the revised Privacy Policy, which will take effect as of the “effective date” listed at the top of this Privacy Policy. We will use reasonable efforts to notify you in the event material changes are made to this Privacy Policy, such as by posting a notice on the Services or sending you an email. Your continued use of the Services following our posting of any revised Privacy Policy will constitute your acknowledgement of the amended Privacy Policy.
