It is important that you read this privacy notice together with any other privacy notice or fair processing notice Signkeys may provide on specific occasions when Signkeys is collecting or processing personal data so that you as a data subject are fully aware of how and why Signkeys are processing personal data.
Signkeys takes privacy and processing of personal data seriously, and as a commitment of securing personal data and the users privacy rights, Signkeys will comply to the EC General Data Protection Regulation (GDPR) for all its users, regardless if the user is an individual located in the European Union, the European Economic Area or elsewhere.
Signkeys as Controller
Signkeys is the controller and responsible for the processing of personal data in the applications, services and on any webpage provided by Signkeys.
Full name of legal entity and contact information for Signkeys are as follows:
Company name: SignKeys Pte. Ltd.
Company Registration Number: 201628079Z (Singapore)
Registered Office Address: 10 ANSON ROAD, 10 - 11 INTERNATIONAL PLAZA, 079903 SINGAPORE
Name and title of DPO: Bjorn Arne Berge, Chief Data Protection Officer (DPO)
Email address for the DPO: firstname.lastname@example.org
It is important that the personal data Signkeys hold about the data subjects is accurate and current. Please keep Signkeys informed if your personal data changes during your relationship with us.
Personal data processed
Personal data, or personal information, means any information about a physical individual person which may directly or indirectly be related to that person. It does not include data where the identity has been removed (anonymous data).
Signkeys may collect, use, store and transfer different kinds of personal data in the following categories:
Contact information, which includes name, identification (such as copy of identification papers if required), email and/or physical address, phone no. etc. Contact information includes access information, such as username and password. This is information given by you when sign up for services from Signkeys and is necessary for Signkeys to provide our services. For using the Application and the services, it is required that a set of personal data that personally identifies the user and the storing of cryptocurrency(-ies).
Financial Information is information includes: Monthly income, credit card number, expiration date, and billing address. This is information given by you when you purchase services from Signkeys and is necessary for Signkeys to provide Signkeys services.
Social Media Information includes information provided from Facebook, Twitter, Instagram and Linkedin. Social Media Information is collected as channel/referral data, all other personal data would be provided by the user.
Technical data are data provided or collected when using the applications and services, including internet protocol (IP) address, login data, browser type and version, geographical information, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the applications and services.
User data includes information generated when using the applications and services, such as transactions, purchases, referral source, the visit period on the applications, page views and link clicks. In addition, any contact with Signkeys by use of email, phone by using the call center service, or otherwise complete online forms, or surveys, will be collected and handled as personal data.
You may choose not to provide us with certain personal data. In such an event, you can still access and use the applications and services, provided that enough information to enable the applications or services are provided. In addition, you can choose not to provide certain optional information, but then you might not be able to take full advantage of many of the features on the applications and the services.
Retention and deletion of personal data
Signkeys will only retain your personal data for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
In some circumstances Signkeys may anonymise personal data (so that it can no longer be associated with the data subjects) for research or statistical purposes in which case Signkeys may use this information indefinitely without further notice to you.
Basis and purposes for Processing personal data
When the Signkeys applications or any of Signkeys services are being used, or Signkeys are contacted, personal data may be collected for the following purposes:
Recognize, verify and identify the user
improve performance and security of applications and services
communication with the user and potential users
mitigate the risk of fraud.
Signkeys may collect personal and financial data as mentioned above while the application and/or services are used. Most of the personal data is provided to Signkeys by the users. Signkeys may also collect data from user’s social media accounts provided by the social media throughout the data subjects.
Signkeys may require additional information necessary for the use of the applications and the services as well as obtain information about users from third parties. Signkeys will not disclose personal and financial data to any other party without the user’s prior approval.
Signkeys will only process personal data if:
The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (GDPR article 6 no. 1 item b).
The processing is necessary for compliance with a legal obligation to which Signkeys is subject (GDPR article 6 no. 1 item c).
Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (GDPR article 6 no. 1 item f).
Performance of contract means processing your data where it is necessary for the performance of a contract to which the data subject is a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing the data subject’s personal data where it is necessary for compliance with a legal or regulatory obligation that Signkeys are subject to.
By legitimate interest is understood the interest of Signkeys business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. Signkeys will make sure to consider and balance any potential impact on the data subjects (both positive and negative) and the rights of the data subject before Signkeys process the data subject’s personal data for Signkeys legitimate interests. Signkeys does not use personal data for activities where Signkeys interests are overridden by the rights of the data subject unless we have your consent or are otherwise required or permitted to by law.
When the above is not enough to process personal data, we will collect the consent from the data subject prior to the processing. But generally, Signkeys will not rely on consent as a legal basis for processing personal data.
Signkeys will only use personal data for the purposes for which the personal data was collected, unless Signkeys reasonably considers the need to use the personal data for another reason and that reason is compatible with the original purpose. Signkeys will provide explanation as to how the processing for the new purpose is compatible with the original purpose if requested.
Please note that Signkeys may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Processing of personal data for marketing purposes
Signkeys may use personal data to offer products or services, including special offers, promotions, contests or entitlements that may be of interest to the data subjects or for which the data subject may be eligible.
Marketing messages may be sent to the data subjects in various modes including but not limited to electronic mail, direct mailers, short message service, telephone calls, and other mobile messaging services. The providing of marketing will only be made in compliance with relevant regulation, and with the consent of the receiver if required. If we have an ongoing relationship with the receiver and the receiver has not indicated to us that it does not wish to receive marketing, a consent is not required in some jurisdictions.
The receiver of marketing may at any time request that Signkeys stop the marketing via selected or all modes. To find out more on how you can change the way we use your personal data for marketing purposes, please contact us.
Sharing and transfer of personal data
Signkeys may have to share personal data with our data processors or third parties, if Signkeys wishes to sell, transfer, or merge parts of the business or assets. If a change happens to Signkeys business, any acquirer may use your personal data in the same way as set out in this privacy notice.
Signkeys require all third parties to respect the security of your personal data and to treat it in accordance with the law. Signkeys does not allow our third-party service providers to use personal data for their own purposes and only permit them to process personal data for specified purposes and in accordance with our instructions.
Signkeys share personal data within the Signkeys group of companies. This will involve transferring your data also outside the European Economic Area (EEA). Personal data is protected by requiring all group companies to follow the same rules when processing your personal data. Whenever personal data is transferred outside the EEA, Signkeys ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Transfer of personal data will only be done to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
Where certain service providers are used, Signkeys will use the EC Model Clauses approved by the European Commission which give personal data the same protection it has in Europe.
Where providers based in the US are used, Signkeys may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
Rights related to personal data
When Signkeys are processing your personal data, you have the right to:
Request access to your personal data. Upon your request, Signkeys will confirm whether we are processing your personal data and provide you with information on how we process the personal data. If requested, we provide you with a copy of that personal data. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. In the app, under the credentials section, the user will have access to user name, email address and phone number that was used as part of opening the account. The user can change the email and phone number, however, would have to re-verify the changes with OTP codes.
Request correction of the personal data that we hold about you. By having the access to personal data, you may be able to ensure the accuracy of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request deletion of your personal data. This enables you to ask us to delete or remove personal data which we have no purpose for continuing to process. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data unless we demonstrate compelling legitimate grounds for the processing. This enables you to ask us to suspend the processing of your personal data if you want us to establish the data’s accuracy; where our use of the data is unlawful but you do not want us to erase it; where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or if you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request to object to have automated decision‐making and profiling as you have the right to not be subject to decisions based solely on automated processing of your personal data, including profiling, that affect you, unless such processing is necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent to such processing.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format, provided that the information requested to be transferred is provided by you, is processed on the basis of fulfilling an agreement or based on consent, and provided that the processing of personal data is carried out by automated means.
Withdraw consent at any time where we are relying on consent to process your personal data if we rely on your consent to process your personal data. You have the right to withdraw that consent at any time but provided always that this shall not affect the lawfulness of processing based on your prior consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
The right to complain to a supervisory authority in your country of residence if data is misused. If you believe that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. If you are a resident of an EU or EEA member state, you may do so in the state of your residence. You may exercise any of your rights in relation to your personal data by contacting Signkeys at the above contact information, and we would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority so please contact us in the first instance.
To get response within one month of the request. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
If you wish to exercise any of the rights set out above, you must contact Signkeys on the contact information provided above.
Security of data
Signkeys will use its reasonable efforts to ensure that recorded data, including personal data, credit card data, password and any confidential information, will not be disclosed, transferred, given to, or illegally used by unauthorized persons. In connection with this, Signkeys will regularly audit its system in order to prevent possible vulnerabilities and attacks. However, since the internet is not a 100% secure environment, Signkeys cannot, from time to time, ensure or warrant the security of information transmitted to Signkeys Application. While information sent via the Application is encrypted, Signkeys advises you to be prudent with any confidential information communicated through this means.