Revision from 25.06.2021.
At MoneySwap OÜ (hereinafter -“Mercuryo“, “we”, “us”, or “our”), we are committed to protecting and respecting your privacy. This Privacy Notice sets out key information regarding Mercuryo and how any personal data you provide to us will be processed, collected, used and disclosed.
This notice also informs you about:
- What kind of personal data we collect and process;
- How we will handle and look after your personal data;
- Mercuryo obligations in regard to processing your personal data responsibly and securily;
- Your data protection rights as data subject;
- How the law protects your personal data.
mercuryo.io website is owned and run by MoneySwap OÜ.
Name and Address of the controller
Mercuryo is the controller and responsible for your personal data.
Name: MoneySwap OÜ
Legal address: Kopli tn 27, Põhja-Tallinna linnaosa, Tallinn, Harju maakond, 10412;
Company Registry Code: 14461101
If you would like more information about how we collect, use and store your personal data, you can contact us at any time by emailing firstname.lastname@example.org or writing to the Privacy Team at email@example.com
The website is not intended for minors and we do not collect personal data relating to minors.
If Mercuryo recognize that Mercuryo have collected Personal Data from a child, Mercuryo will delete that information as quickly as possible. If you suppose that a child under 13 may have provided us Personal data, please contact us at firstname.lastname@example.org
Data Protection Officer
Please contact our Data Protection officer with any questions relating to your private information or this Privacy Notice: email@example.com
Personal Data We Collect
We may collect information about you when you visit our website or use our services, including the following:
When you register to use our services by establishing an account, we will collect your First name, Last name, DOB, country information, email address, and telephone number – it is a first step of KYC procedures. As you continue to use our services, you should verify your account, for this purpose, we will require:
- a copy of your government-issued ID (passport etc.);
- proof of residence (g. utility bill);
- PEP database checks;
- proof of residence (g. utility bill) in some cases;
for the purpose of verifying your identity and AML/KYC due diligence.
When you reach Euro 15,000 threshold, we can ask you to participate in a video identification procedure, which involves making a recording of your physical appearance and voice.
The lawful bases for collecting and processing this personal data are the performance of our contract with you, and our legal obligation to comply with the Regulation (EU) 2015/847 and Money Laundering and Terrorist Financing Prevention Act of Estonia and Transfer of Funds (Information on the Payer) Regulations of UK.
When you use our services, access our website to make crypto currencies exchange, we collect personal data about the parties to the transaction which may include some or all of the following: bank card information (card number, CVC or CVV, card expire date, card holder Name and Surname) amounts sent and received, amounts paid for services.
Transaction Data includes also details about:
- the type of virtual financial assets involved, the order volume, price, value;
- your virtual currency exchanging records;
- transaction history on the Platform, including withdrawals and virtual and fiat currency exchanging;
- amounts credited to your account and your account balances.
The records related to the transactions retained by Mercuryo for periods of 6 month after bank card expire date.
The lawful bases for collecting and processing this personal data are the performance of our contract with you according to Regulation (EU) 2016/679 Art.6 (1) (b) and our legal obligation to comply with the Regulation (EU) 2015/847 and Money Laundering and Terrorist Financing Prevention Act of Estonia.
Logging in to our website
If you have registered for an account, we collect:
- Technical/LOG Data includes the IP address, your login data to the Platform (username and password), device type, browser type, time zone setting and location, and other technology on the devices you use to access the Site and Platform. This also includes information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address, and the page you visited before navigating to our Services.
- Device Data includes information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
We will keep records for periods of 3 year after Mercuryo Account will be closed.
The collection and processing of this information is necessary for contract performance and our compliance with legal obligations according to Regulation (EU) 2015/847 and Money Laundering and Terrorist Financing Prevention Act of Estonia and Transfer of Funds (Information on the Payer) Regulations of UK.
When You Contact Us
We collect personal data from or about you when you communicate with us by using the “Contact Us” form on our website, request technical or customer support or otherwise communicate. The categories of personal data collected may include your name and email address, as well as any other relevant information contained in the body of your communication. Also we will keep a record of your correspondence for a date three months from the mail date.
This personal data is collected and processed by us for contract performance, or in order to undertake necessary pre-contractual activities.
When You Sign Up for Updates
The processing of personal data collected as a result of your subscription to our newsletter is based on your consent, which you can withdraw at any time by clicking the “unsubscribe” link at the bottom of the email.
When You Visit Our Website
Information collected by cookies and other similar technologies – we use various technologies to collect information which may include saving cookies to users’ computers.
First party cookies – collected by Mercuryo website.
The purpose of collecting first party cookies is to remember information about you, such as your language preference or login information.
The lawful basis for collecting and processing this personal data is based on our legitimate interest to ensure network and information security according to Regulation (EU) 2016/679 Art.6 (1) (f)
Third party cookies - collected by Mercuryo website.
We are required by the Anti Money Laundering and Counter Terrorism Financing regulations of the Estonia and EU to take appropriate steps to identify and assess the risks of money laundering and terrorist financing to which our company may be subject and take an informed decision on whether we want to enter into a customer relationship with you, and, if positive, to conduct initial and ongoing screening and monitoring.
During such risk assessment, we must consider various factors relating to a customer and relevant transactions, including the customer’s location and behavior, his or her being/connection to Politically Exposed or Special Interest Persons, certain types of transactions, etc.
If a significant risk is identified, we may take such measures as freeze the Mecrcuryo Account, stop the transaction, terminate our contract with the customer, or inform the Estonian Financial Intelligence Unit and UK Financial Conduct Authority.
No automated decision-making is involved in the assessment.
How we share information with others
We do not rent or sell your Personal Data to anyone.
Your personal data will be transmitted to third parties that we use to provide our services; these parties have been rigorously assessed and offer a guarantee of compliance with the legislation on the processing of personal data. These parties have been designated as data processors and carry out their activities according to the instructions given by us and under our control.
The third parties in question belong to the following categories: banking and payment operators, internet providers, companies specialising in IT and SMS services; companies that carry out KYC/AML database checks and fraud database checks.
We may also be required to share your personal data with various financial institutions and/or enforcement or court authorities to comply with Anti-Money Laundering, Terrorist Financing and Transfer of Funds laws, prevent fraud, enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others.
Additionally, we may reveal your personal data to third-parties:
- if you request or authorize it;
- to address emergencies or acts of God;
- to address disputes, claims, or to persons demonstrating legal authority to act on your behalf.
Transfer of personal data to third countries
In order to provide you with services, we also share your personal data outside the European Union:
- Amazon - Amazon Web Services - EMEA SARL 38 Avenue John F. Kennedy, L-1855, Luxembourg. Cloud Storage Provider.
If you are located in the European Union, the transfer of your personal data from the EEA to the United States is permitted under the Article 45 of the General Data Protection Regulation (GDPR). Amazon.com, Inc. participates in the EU-US and Swiss-US Privacy Shield frameworks. Click here to learn more.
- MemberCheck - Member Check Pty Limited - Australia, ABN 64 129 012 344 of Suite 201 Building C 14 Rodborough Road Frenchs Forest NSW 2086.
We lawfully transfer personal data of EEA residents to MemberCheck on the basis of Standard Contractual Clauses adopted by the European Commission pursuant to Article 46(2)(c) of the General Data Protection Regulation. You can request a copy of the aforementioned agreement by contacting our Data Protection Officer at firstname.lastname@example.org.
The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects.
If you wish to confirm that Mercuryo is processing your personal data, or to have access to the personal data it may have about you, please contact us at email@example.com.
You may also request information about:
- the purpose of the processing;
- the categories of personal data concerned;
- who we share your personal data with;
- what the source of the data was (if you didn’t provide it directly to us);
- how long it will be stored.
- You have a right to correct (rectify) the record of your personal data maintained by Mercuryo if it is inaccurate. It is imperative that the personal data we hold about you is accurate and current all times. Otherwise this will impair our ability to provide you with the availability of our service. Please keep us informed if you personal data changes during our relationship with us.
- You may request that we erase that data or cease processing it, subject to certain exceptions.
- In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process your personal data.
- When technically feasible, we will—at your request—provide your personal data to you or transmit it directly to another controller, subject to certain exceptions.
- Object to processingof your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- if you want us to establish the data’s accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims;
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Reasonable access to your personal data will be provided at no cost upon request made to Mercuryo at firstname.lastname@example.org. If access cannot be provided within a reasonable time frame, we will provide you with a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied.
Security of Your Information
To help protect the privacy of personal data you transmit through the use of our website, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your data. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
Data Storage and Retention
In case of records relating to Customer Due Diligence measures and financial transaction records required by Anti Money Laundering and Counter Terrorism Financing regulations of the UK and EU, we keep such information for a minimum of three year from the date of the termination of your relationship with us (which would typically arise from the closure/de-registration of your account on the Platform), but no longer than five years.
For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at email@example.com.
Third Parties or Publicly Available Sources
We may also obtain information from other sources and combine that with information we collect through our Services. For example, we may collect information about you from third parties, including but not limited to social media platforms and publicly available sources.
We may also receive personal data about you from various third parties and public sources: Identity, Contact, AML / KYC Data from publicly available sources such as public court documents, the RoC and the company houses and registers of other jurisdictions, and from electronic data searches, online KYC search tools (which may be subscription or license based), anti-fraud databases and other third party databases, sanctions lists, outsourced third-party KYC providers and from general searches carried out via online search engines (e.g. Google).
Our Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices, statements or policies.
Questions, concerns or complaints
Contact Mercuryo’s Support team firstname.lastname@example.org
Send an email to Mercuryo’s Data Protection Officer, email@example.com.
Submit a complaint with our supervisory authority
Estonian Data Protection Inspectorate
39 Tatari St., 10134 Tallinn
telephone +372 627-41-35