DigiFinex Limited & DigiFinex Canada Limited
Last revised: 31 August 2022
DigiFinex Limited and its affiliates (hereinafter, “we”, “us” or “our”) recognise that privacy is important to our customers and others, including visitors of our website(s) (hereinafter “you”, “your”, “users”). We are committed to promoting confidence in the manner in which your personal information is handled by us.
Platform means the online website platform and mobile application platform, each known as DigiFinex Exchange Platform operated by us for the purpose of providing a digital currency exchange service; and
Website means the website www.digifinex.com, also known as DigiFinex Website operated by us for the purpose of the provision of the digital currency exchange service.
i. We will inform you of which personal information we will collect for a certain feature, how we will collect the information, and what purposes we will use such information for.
ii.When you use certain functions, we will collect your sensitive personal information after obtaining your consent. If you use the bank card deposit function, we will collect your basic identity information. When you try to improve the withdrawal limit function, we will collect your address proof. Unless it must be collected according to relevant laws and regulations, refusing to provide such information will only make you unable to use relevant specific functions, but will not affect your normal use of other functions of DigiFinex.
iii. Currently, DigiFinex will not share or transfer your personal information to a third party outside DigiFinex on its initiative. If it is necessary for DigiFinex to share or transfer your personal information to a third party outside DigiFinex or you request us to do the same, we will seek your express consent or verify that the third party has obtained your express consent before sharing or transferring the information. We will also evaluate the risks of sharing or transferring such information to a third party.
iv. Currently, DigiFinex will not request your personal information from a third party outside DigiFinex. If in the future, it is necessary for us to indirectly obtain your information from a third party for business development, we will inform you of the source from which we will collect such information, which information we will collect, and to what extent we will use such information before collecting the information. If we need to use your personal information collected from a third party beyond the extent to which you authorize the third party to use your information, we will seek your express consent before processing such information. We will strictly abide by the applicable laws and regulations, and require the third party to ensure the legality of the information it provides to us.
v. You can access, modify, or delete your personal information by following the procedures stated herein, or withdraw your consent, delete your account, report against another user, and set Personalized Ads and other privacy features.
vi. In order to collect your information under this Policy, provide and optimize our services, and protect your account security, we will seek your authorization to access some information or features. The access to sensitive information or features such as Contacts, exact location information, camera, microphone, and the album is disabled by default, and will only be enabled upon your express authorization. It is important to note that obtaining your authorization to access sensitive information or features is a necessary but not sufficient condition for us to collect certain information. Our acquisition of your authorization to access a sensitive feature shall not be considered as if we will definitely collect your relevant information. We will only collect your relevant information when necessary and in accordance with this Policy.
If the personal information we request is not provided, we may not be able to supply the relevant product or service to you.
What personal information do we collect and hold?
When we refer to “personal data” or personal information, we mean:
personal identification information about you as an identified or identifiable person;
business identification information about you as an institution of all types of business structures.
Examples of personal identification information we collect and hold include:
date of birth;
cryptocurrency wallet ID;
information (such as your bank account details); and
relevant bank and payment card information.
Examples of business identification information we collect and hold include:
business legal name;
business type (company, trust, partnership etc);
address of registered office of business;
address of principal place of business;
business contact details including phone number and email address;
personal identification information of all directors, account signatories and Beneficial Owners of the business;
proof of legal existence of the business (e.g. state certified articles of incorporation or certificate of formation, unexpired government-issued business licence, trust instrument, or other comparable legal documents as applicable);
business cryptocurrency wallet ID; and
relevant bank and payment card information.
The list above is not exhaustive and we may collect other personal information from time to time which we consider reasonably necessary for one or more of our functions and activities which we are authorised or required by law to collect.
Beneficial Owner means:
Institution/business owns no less than 15% of the controlling power of the business; and/or
an individual owns no less than 15% shares/controlling power of the business and/or the institutional beneficial owner.
We may collect personal information about you whenever you interact with our Website. This information may include technical information about your means of connection to our Website, such as details of your browser, computer operating system, smartphone, the Internet service providers utilized, IP Address, MAC address, mobile network information, standard web information and other similar information.
Unless is it impracticable for us to do so, you will have the option of dealing with us anonymously or by using a pseudonym. However, in order to comply with the Know Your Customer requirement in the Terms and Conditions, you need to use your real names/legal names when dealing with us.
Sensitive information includes, amongst other things, information about your health, genetics, religious beliefs, sexual orientation, biometric templates and criminal record. We may only collect sensitive information about you if you consent to us doing so and the information is reasonably necessary for one or more of our functions or activities.
If you provide us with personal information that we did not request, we will, within a reasonable period, after receiving the information, determine whether or not we could have collected the information under the Data Protection Act had requested the information. If we determine that we could not have collected the personal information with the DPA, we will (but only if you accidentally provide your information to us without us requesting to do so) we will assess the nature of the information. If the information helps us to provide you with better service or to comply with our legal obligations, we may retain the personal information in our database. If not, we will contact you to collect the information. If we do not receive your response within 7 business days, we will destroy or de-identify the information.
How we collect personal information
Generally, we will collect your personal information from you directly (including when you interact with us in writing, electronically or via telephone), when you visit our Platform (including when you place a trade order, submit a form and any other actions in connection with our Platform and Services) directly from you in a variety of ways such as by telephone, standard form, letter, email or you visiting our site.
Personal information collected in every form you submit or every communication you make to use will be recorded in our database. Personal information disclosed in calls to and from our customer support centre may be recorded.
We may also collect your personal information from a related entity or from a third party or a publicly available source where you consent for us to do so, it is unreasonable or impractical to collect the information directly from you or we are required or authorised by law or court order.
Storage of Information
Where the information is stored
Users' personal information collected from Seychelles's Mainland will be stored in a location within Seychelles's Mainland in accordance with applicable laws and regulations. If it is necessary to change the location where your personal information is stored from Seychelles's Mainland to another location outside Seychelles's Mainland, the information transfer will be conducted in strict accordance with the applicable laws.
Information storage duration
In general, we will keep your personal information for a period that is necessary to fulfil a certain purpose, for example:
Mobile number: We'll keep your mobile numbers (including the number used for registering your DigiFinex account and that linked to the account) during your use of DigiFinex services to ensure your normal use of the services, regardless of whether you registered your DigiFinex account Identity authentication information: when you upload your identity authentication information, we need to save your information to ensure that you can use the transaction function normally. When you apply to delete your identity information, we will delete the corresponding information.
Information in Moments: We will store any information you post in Moments to ensure your normal use of the Moments feature. The storage period ends upon your deletion of such information.
In the event that we discontinue providing our products or services, we will notify you of such change by sending a notification, posting an announcement, or other means, and delete or anonymize your personal information within a reasonable period ("Anonymization" refers to the irreversible erasure or removal of sensitive personal information that leads to the information owner being identified. Any anonymized information shall not be considered as personal information.).
We are committed to protecting users' information against theft, improper use, unauthorized access, or leakage.
We will use efforts not less than a reasonable degree of care to protect the security of user information. For example, we will use encryption technologies (such as SSL), data anonymization, and other methods to protect your personal information.
We will enhance the security of the software installed on your device using ever-improving technical means to prevent your personal information from leakage. For example, we will: perform partial information encryption on your device for secure data transmission; collect the information about the apps installed or the processes running on your device, or the data stored in the device memory to defend against viruses, Trojans, or other malicious programs or websites; analyze and use the data such as unique device identifiers, login IP addresses, operation logs, and location information to take measures or issue alerts to prevent illegal acts including Internet scam, account theft, and impersonation, and to carry out security inspection.
We have the relevant management policies, processes, and teams in place to ensure information security. For example, we strictly restrict personnel who can access the information, require them to comply with confidentiality obligations, and conduct personnel audits.
In the event of information leakage or any other incident related to information security, we will make an immediate response to such incident to avoid the worsening of the incident and prevent it from further affecting more users, and will notify you of the incident by sending you a notification or posting an announcement.
At present, Wexin has passed the grading, filing and annual evaluation of the national network security level protection (level 3). In terms of information security, it has met the requirements of international authoritative certification standards such as ISO27001 and the international information security management system, and has obtained corresponding certifications.
We will take all possible technical measures to protect your information but makes no guarantee or warranty that our technical measures will eliminate all security risks.
How we use your personal information
We collect and hold personal information from you in order to provide a service to you. We use your personal information for a variety of purposes to effectively conduct our business, including:
verify your identity;
conduct Know Your Customer (KYC) procedures and fulfil any reporting obligations in accordance with the Anti-Money Laundering Act (the AML Act) ;
comply with other legal obligations;
enable you to open and operate an account under your name and make transactions through our Platform and Services;
perform our administrative operations including accounting, risk management and record keeping;
fulfil your product or service orders;
inform you of any updates to the terms and conditions of our Service;
contact you when necessary regarding your account and transactions;
conduct market surveys and research;
alert you of new products or services, features, or enhancements;
handle/route your customer service or technical support questions or issues;
provide you with news, information and material in relation to our services or direct marketing and promotional content of us, our partners and affiliates;
notify you of promotions and offers;
monitor who is accessing our Website or using our services;
improve customer service;
process payments; and
to fulfil compliance requirements.
We may occasionally hire other companies to provide services on our behalf, including but not limited to handling customer support enquiries and processing transactions. Those companies will be permitted to obtain only the personal information they need to deliver the service. We take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information.
From time to time, we may use your personal information, to send you information on products, services, upcoming events, offers, special deals and promotions which we think may be of interest to you. Periodic emails will also be sent updates pertaining to their order. To do this, we may contact you by telephone, email or SMS.
Unless you choose to opt-out of receiving marketing material from us, we will consider that you consent to this type of communication. In order to opt-out, you are welcome to contact us at any time or follow the opt-out instructions in the relevant marketing communication. For example, each email newsletter will include instructions on how you can unsubscribe from that particular mailing.
You may choose to disable cookies via your web browser settings. However, if you do so, various functions of the Website may be unavailable to you or may not work the way you want them to.
Sharing your personal information
Your privacy is respected, and we do not sell, trade, or rent your personal information to others. We may share generic aggregated demographic information not linked to any personal identification information that relates to you with our business partners, trusted affiliates and advertisers for the purposes outlined above.
From time to time we may disclose your personal information to, or share it with, third parties including:
financial institutions, payment processors, and identity service providers with which we operate. Service providers may be contracted to help with parts of our business operations such as fraud prevention, compliance, marketing, and technology services. Our contracts will dictate for these service providers to only use your personal information to the extent of performing the services under the contract and not for their own benefit.
law enforcement, government officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure; or we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our Terms and Conditions; and
other third parties with your consent or direction to do so.
We will take reasonable steps to ensure that third parties that have access to our personal information are bound by appropriate privacy and confidentiality obligations in relation to that personal information.
Sharing information overseas
When we share data, it may be transferred to and processed in, countries other than the country you live in. Rest assured, where we disclose personal data to a third party in another country, we put safeguards in place requiring the third party to ensure your personal data remains protected. Generally, these include putting in place suitable contractual obligations on the recipient that ensure they comply with all applicable laws in relation to their handling of such personal information.
From time to time, at our discretion, we may include website links to the products and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these websites and are not responsible for the practices employed by websites linked to or from our website. In addition, these websites or services, including their content and links, may be constantly changing. These websites and services may have their own privacy policies and customer service policies.
Browsing and interactions on any other website, including websites that have a link to our Website, are subject to that website’s own terms and policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites.
General Data Protection Regulation (GDPR) for the European Union (EU)
We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use. We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
We must establish a lawful basis for processing your personal information. The legal basis for which we collect your information depends on the data that we collect and how we use it.
We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal information if you are under the age of 16 without the consent of your parents or someone who has parental authority over you. We do not knowingly collect or process the personal information of children.
Your rights under the GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. We comply with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU. Except as otherwise provided in the GDPR, you have the following rights:
to be informed how your personal information is being used;
access your personal information (we will provide you with a free copy of it);
to correct your personal information if it is inaccurate or incomplete;
to delete your personal information (also known as “the right to be forgotten”);
to restrict the processing of your personal information;
to retain and reuse your personal information for your own purposes;
to object to your personal information being used in certain country/region
to object to automated decision-making and profiling.
We may ask you to verify your identity before acting on any of your requests.
If you choose to cancel your account, you can use the "delete account" function provided by the app to completely clear all your user data on the platform.
To ensure the security of the account, please confirm that the following conditions have been met before the deletion application submitted by you takes effect:
The account is in a safe state;
The account property has been settled;
The user is not in a restricted country/region.
Accessing your personal information
We endeavour to ensure that the personal information we hold is accurate, complete and up-to-date. This includes updating your personal information when you advise us of changes. You can advise us of changes to your personal information by contacting us over the telephone, by email from your registered email address or online via the electronic trading service. We advise that it is also good practice for you to keep us informed of any changes to your personal information and we encourage you to notify us promptly.
You have the right to obtain confirmation from us as to whether or not we collect your personal information, and, if so, obtain access to the personal information we hold about you.
Personal information will not be provided if, as is permitted under the DPA, your request is frivolous or vexatious; or if giving access would be unlawful or if, in our reasonable opinion, to do so would result in serious threat to the life or health of any person or to public health and safety.
This Policy may be updated, revised, amended, or modified as appropriate from time to time. In the event of any updates, changes, country/region provisions in this Policy, we will provide you with the changed Policy by pushing a notification, showing a pop-up, or other means when you log in to Weixin or the app version is updated.
Protection of Minors
We place great value on the protection of minors' personal information. As required by applicable laws and regulations, any user under the age of 18 shall obtain the written consent of their parent or statutory guardian prior to the use of Weixin service. If you, as the parent or statutory guardian of a minor, have any questions about the personal information of minors, please contact us as stated in Section 10.
If you wish to make a complaint about our privacy practices, including a breach of the DPA, you should first contact our Privacy Officer with the details of your complaint. We undertake that your complaint will be investigated diligently and our response provided to you as soon as reasonably practicable.
If you feel that we have not handled your complaint adequately, you have the right to lodge a complaint in writing to the Financial Intelligent Unit. You may obtain information about the complaint process from the relevant regulator’s website.
You may also complain to the relevant regulator or supervisory authority. They will be able to advise you on how to submit a complaint.
Any changes in the future will be posted on our Website/Platform. If the changes are significant, we will notify you via your registered email.