DATA PROTECTION POLICY
eMetals respects your privacy, and is deeply committed to protecting your personal data and empowering you to control how it is used. This Data Protection Policy (hereafter “Policy”) applies to residents of EU states and certain other customers in states whose governments adopt Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data “General Data Protection Regulation” (“GDPR”). This Policy is intended to ensure that Customer Personal Data (defined as “any information relating to an identified or identifiable natural person”) is collected, maintained and used in accordance with the GPDR and associated data protection and privacy laws.
This Policy describes what kinds of Personal Data eMetals will collect from our European Customers, and how eMetals maintains and uses our Customers’ Personal Data in connection with the services we provide to them.
This Policy is hereby expressly incorporated into our User Agreements governing the provision of Services by eMetals to our Customers residing in states subject to the GDPR (our “European Customers”). This Policy supplements our Contract, and is effective as of 25 May 2018.
Who is responsible for the processing of Customers’ Personal Data?
eMetals is the data controller in the sense of the applicable data protection regulations:
BPG Kovine d.o.o. (TA eMetals)
Pod lipami 2a
SI – 1370 Logatec
Personal Data we may collect from our Customers
eMetals collects Personal Data as described in the Contract, in particular from application forms, contact forms, and/or other interactions with Customer.
Customer should be aware that application fields are mandatory fields, because eMetals needs this information to comply with statutory, legal or contractual requirements, internal procedures or to respond to Customer requests.
Fields: eMetals may request include but are not limited to: Email, Mobile Phone number, Name, Home address, Date of birth and other.
Personal Data that Customers provide to eMetals should not include any of the following data types, and Customers hereby expressly warrant that they will not provide any of the following:
- racial or ethnic origin;
- political opinions;
- religious or philosophical beliefs;
- trade union membership;
- genetic data;
- biometric data;
- private health data concerning a Customer;
- data concerning a natural person’s sex life or sexual orientation.
How do we use Customer Personal Data?
Customer Personal Data is collected and handled by eMetals for the following purposes:
- to deliver eMetals Limited services (including to respond to Customer requests or questions, to investigate or respond to potential incidents and complaints);
- to comply with applicable statutory, legal and regulatory obligations (including but not limited to the fight against money laundering and terrorist financing).
Lawfulness of our Personal Data processing.
eMetals’s use of Customer Personal Data as described herein is permitted by applicable data protection law, in particular Article 6(1) of GDPR, on the basis that it is:
- necessary for the performance of a contract to which the Customer is a party;
- subject to Customer’s consent, which eMetals shall obtain from time to time (for instance, when a Customer opts in (ticking the box) to receive marketing communications via email);
- in certain cases as necessary to meet eMetals statutory, legal or regulatory obligations;
- in certain cases as necessary to safeguard eMetals legitimate interests in pursuing the purposes set out above, limited in scope such that such interests in each case do not obviate Customer privacy interests.
Sharing Personal Data with third parties.
To facilitate eMetals performance of services and the efficient use of Customer Personal Data, eMetals may disclose Customer Personal Data to identified third parties. However, such disclosure will only occur in the following circumstances:
- to eMetals subcontractors, suppliers, advisors, agents: from time to time eMetals may cooperate, engage or employ other companies and individuals to perform duties on behalf of eMetals.
eMetals subcontractors, suppliers, advisors, agents, are based in the following locations: EU/EEA/USA. Such recipients will only have access to Customer Personal Data on a need-to-know basis and as required by them to perform their duties; they are not permitted to use Customer Personal Data for any other purposes. These recipients will be subject to adequate contractual obligations as regards data protection and confidentiality;
- to other entities belonging to the eMetals (i.e. any companies directly or indirectly controlled by eMetals. A list of eMetals companies which may be involved in the performance of services is available including their subcontractors, suppliers, advisors and agents. eMetals has entered into a group wide arrangement to ensure Customer Personal Data be subject to an adequate level of protection;
- to eMetals auditors, government or law enforcement authorities if eMetals determines in its sole discretion that eMetals is under a legal obligation to do so.
Do we transfer European Customer Personal Data outside the European Union?
European Customer Personal Data can be transferred and processed in one or more other countries than the United Kingdom of Great Britain and Northern Ireland, within or outside the European Union (EU). eMetals shall only transfer Customer Personal Data outside the EU to those countries which the European Commission believes offers an adequate level of protection, or where eMetals has put in place appropriate safeguards to preserve Customer privacy.
eMetals will retain Customer Personal Data for as long as (i) necessary for the respective purpose, (ii) necessary to deliver services and carry out GateHub Limited business relationship with Customer in accordance with the Contract, (iii) Customer has consented to, and/or (iv) required by applicable retention laws.
IP addresses and cookies.
Although eMetals will do its best to protect Customer Personal Data, every Customer should be aware and is hereby informed that the transmission of information via the internet is not inherently secure. CRIMINAL HACKERS AND OTHER BAD ACTORS WILL ATTEMPT TO STEAL YOUR DATA AND DIGITAL ASSETS! eMetals cannot guarantee the security of Customer Personal Data transmitted to eMetals or any third party; for this reason, ANY TRANSMISSION IS AT CUSTOMER’S OWN RISK.
eMetals will use industry standard (or better) technical and organizational security measures safeguard against unauthorized access, change, transmission or deletion of Customer Personal Data.
Customer rights: How can a Customer access, object, rectify, and delete its Personal Data?
Under applicable data protection laws, Customer has the following rights:
- Right to access and obtain a copy of Customer Personal Data: Customer is entitled to request confirmation if and when eMetals processes your Customer Personal Data. Customer may have access to Personal Data and learn details upon request about how it is maintained and used. In some cases, Customer can ask eMetals to provide Customer with an electronic copy of Personal Data.
- Right to object to marketing: if Customer expressly objects to eMetals use of Customer Data for marketing purposes, eMetals will put Customer personal contact information (name, address, telephone number, fax number, e-mail address) on a specific list to ensure that Customer no longer receives this material. The Customer Data will be maintained and used for non-marketing purposes unless and until Customer expressly withdraws the objection to marketing in writing.
- Right to rectify Personal Data: If evidence can be provided that Personal Data eMetals holds about Customer is inaccurate, or needs to be updated, Customer can update this data via the Gatehub wallet interface.
- Right to be forgotten/Personal data erasure: In certain circumstances Customers have the right to have their personal data deleted. Customer may make such a request at any time in writing and eMetals will evaluate if Customer’s request should be granted.
However, this right is subject to overriding legal rights or obligations; eMetals may be legally required to retain European Customer data, including in cases of suspicious transactions as to which eMetals is legally obligated to retain all relevant records, or to conduct internal investigations, or to use European Customer data (while safeguarding a specific identity) for purposes of general data security. For situations where, in accordance with the law, eMetals determines that a Customer’s data deletion request must be granted, eMetals will do so without undue delay. To exercise this deletion right, Customer must submit a request to eMetals via eMetals’s support service, and thereafter respond to any legitimate inquiries regarding the deletion request
- To the extent eMetals’s retention or use of European Customer Personal Data is based on Customer consent, the Customer also has the right to withdraw consent at any time. Withdrawal of Customer consent pursuant to this Policy will not affect the lawfulness of any processing based on Customer consent before the receipt of such withdrawal.
Changes to this Policy.
The terms of this Policy may be amended from time to time in accordance with eMetals’s internal rules and/or change in law or regulation. eMetals shall publish any material changes to this Policy either on its Website or contacting Customer using other communication channels.
Questions, comments and requests regarding this Policy are welcomed and should be addressed to eMetals at the following e-mail address: firstname.lastname@example.org