Personal Data storage policy

Expi.trade data protection policy.

1. Summary of privacy policy.

1.1. This privacy policy offers you an overview of how your data is processing who is responsible for your data processing, protection, defining what exactly is personal Personal Data, what are your rights regarding processing your Personal Data, what types of personal data Expi.trade collects. This Privacy Policy governs the manner in which Expi.trade collects, uses, maintains and discloses information collected from users (each, a “User”) of the Expi.trade website (“Site”).

1.2. The goal of this privacy policy is to protect rights and freedoms of individuals (Expi.trade customers) regarding processing their personal data by Expi.trade.

1.3. This privacy policy is developed in accordance with European Union General Data Protection Regulation (GDPR).

1.4. This privacy policy defines the main purposes and principles of processing User’s personal data, defines storage period of processing, lawfulness of processing, defines cases, when Personal data is transferred to third parties, security measures.

1.5. This privacy policy defines instructions and contact details, pursuant to which User may exercise his rights and lodge complaints.

1.6. This privacy policy describes Expi.trade cookie policy. The cookie policy is also available on the Expi.trade homepage (https://expi.trade/).

1.7. ExPi Trade strictly follows industry best practices in the industry and adhere to the rules set forth in General Data Protection Regulation (Regulation (EU) 2016/679), OPPA, CAN-SPAM and COPPA.

1.8. This privacy policy applies to the Site and all Services offered by ExPi Trade.

2. Definitions.

2.1. Expi.trade. ExPi Trade ® is registered trademark of Bertes Invest OU. Bertes Invest OU (reg. No 12449024) is registered in Estonia with its registered office at Harju maakond, Tallinn, Kristiine linnaosa, A. H. Tammsaare tee 47, 11316, Estonia. Bertes Invest OU operates under license, issued by Estonian Financial Intelligence Unit and acts by under Estonian Money Laundering and Terrorist Financing Prevention Act, which is based on Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.

2.2. User means Expi.trade customer, private person.

2.3. GDPR means European Union General Data Protection Regulation 2016/679.

2.4. Services, means Expi.trade services, which are provided to registered Users, Expi.trade customers. Expi.trade provides you with a simple and convenient platform for an exchange of digital asset for fiat currency and vice versa as well as exchange of one type of digital asset to another at the established exchange rates. Services also includes holding and transferring Digital Assets.

2.5. Personal Data means any information relating to an identified or identifiable User (natural person).

2.6. Site means Expi.trade website (https://expi.trade/)

2.7. Policy means this privacy policy.

2.8. Cookies means text files placed on User’s computer to collect standard Internet log information and visitor behaviour information. When User visit the Site, Expi.trade may collect information from you automatically through cookies or similar technology. For more information about cookies, visit https://www.allaboutcookies.org/ .

2.9. EU means European Union (Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK).

2.10. EEA, means European Economic Area (EU countries + Iceland, Liechtenstein and Norway)

2.11. Third countries mean countries, which are not included in EU / EEA.

2.12. Personal data breach means breach of security, which leads to accidental or fraudulent personal data loss or unauthorised disclosure.

3. Principles of data processing

3.1. Expi.trade processes User’s data lawfully, fairly and in transparent manner. Expi.trade is developed this Policy, by which informs Users about lawfulness of processing, fairness and transparency.

3.2. Personal data adequate, relevant and limited is processed for clear purposes, Expi.trade doesn’t process Users personal data for the purposes with is not described in this policy.

3.3. Personal data is processed with accurate manner and kept up to date. Expi.trade and its employees do every reasonable step to make the personal data processed is accurate. If Expi.trade has doubts regarding correctness of User’s data, Expi.trade employee will contact the User regarding User’s providing personal data. Personal data that are inaccurate will be erased or rectified without delay.

3.4. User’s personal data is processed for no longer than is necessary for the purposes for which the personal data are processed. Expi.trade processed personal data for the period for business relations with User. After terminating business relationship with User Expi.trade will keep data at least 5 (five) years from the moment of business relationship termination and User account closure. Customer’s data to be kept for 5 years after termination of business relationship is envisaged in Estonian Money Laundering and Terrorist Financing Prevention Act, which is based on Directive (EU) 2015/849 of the European Parliament and of the Council.

3.5. Personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’). Expi.trade protects User’s Personal Data, using modern technologies and standards (firewalls, data encryption, and other data protection methods). Access to Users personal data granted only to relevant Expi.trade employees.

4. Categories of processed personal data

4.1. Personal data is data, which identifies User or may identify User (ExPi Trade customer). Expi.trade collects personal data from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, place an order, and in connection with other activities, services, features or resources we make available on our Site.

4.2. The categories of personal data processed by Expi.trade mainly includes:

4.2.1. Personal identification data: full name, date of birth, passport or ID number and scan (or photo), citizenship, place of birth, tax residence country, taxpayer number, your photographic identification.

4.2.2. Contact data: residence address, email address, phone number, other contact information (e.g. Skype, What’s App, etc.);

4.2.3. Information obtained through communication with Expi.trade (Information obtained from your emails, telephone conversations (with or without audio recording), contact form inquires, when User contact Expi.trade, as well as information about the devices and technologies used by User for communication).

4.2.4. User’s financial data: source of income, information about planned transaction volumes, information of User’s bank accounts, information of Users payment cards, information about User’s digital assets addresses, information about user’s income, information about source of funds, information about User’s transactions.

4.2.5. Expi.trade website visitor’s information data: browser name, the type of computer, i.p address, operating system and the Internet service providers utilized and other similar information.

4.2.6. User’s due diligence data (information obtained by Expi.trade regarding User during onboarding and / or during periodic review): User connection with Politically Exposed person, information from public sources, information about User from screening databases, information about activities for which Expi.trade services is used, transaction information.

4.3. Expi.trade customers – legal entities are asked legal entity registration data, information about legal entity business activities, financial data (this data is not considered a personal data). Although information about legal entities representatives, owners, beneficial owners contains personal data, mentioned in clauses 4.2.1, 4.2.2, 4.2.3, 4.2.5.

4.4. Some Users may not have all mentioned data, in this case Expi.trade collects data, that is relevant to concrete User.

5. Purpose for the personal data processing.

5.1. Expi.trade processes User’s personal data only in cases where a specified purpose has been determined for the processing. Expi.trade doesn’t process data which is not required for achieving legitimate purposes.

5.2. Expi.trade processes personal data for:

5.2.1. Expi.trade Services providing

5.2.1.1. User’s onboarding (account opening, user’s identification)

5.2.1.2. User’s periodic review (due diligence)

5.2.1.3. Performing duties in compliance with Estonian Money Laundering and Terrorist Financing Prevention Act, which is based on Directive (EU) 2015/849 of the European Parliament and of the Council.

5.2.2. Advertising and analytic purposes and to improve Expi.trade Site and your experience on the Site

5.2.2.1. Analyse usage and maintenance of Site and Expi.trade mobile application

5.2.2.2. To remember User’s previously selected preferences on Site.

5.2.3. To reply on your queries, if you contact Expi.trade.

5.2.3.1. To improve customer service: information provided by Users helps us respond to customer service requests and support needs more efficiently.

5.2.4. For market research, analysing Expi.trade customers’ needs and opinions on Expi.trade products and Services.

5.2.4.1. Expi.trade may use feedback provided by Users to improve our products and services

5.2.4.2. Expi.trade may use information in the aggregate to understand how our Users as a group use the Services

5.2.5. For IT security measures.

6. Legal basis of personal data processing

6.1. ExPi Trade (Bertes Invest OU) is Estonian registered company. Bertes Invest OU operates under license, issued by Estonian Financial Intelligence Unit and acts by under Estonian Money Laundering and Terrorist Financing Prevention Act, which is based on Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing. To provide our Services to User, Expi.trade obliged by the law to collect and process your personal data.

6.1.1. Expi.trade collects personal data from Users, who agreed to use Expi.trade services. If User agrees to use Expi.trade services, he agrees with Expi.trade terms of use and privacy policy and voluntarily agrees to provide his personal data. Services are based on agreement between User and Expi.trade, which is described in Expi.trade terms of use. Your personal data collection is necessary for the performance of the agreement between User and Expi.trade.

6.1.2. Users can always refuse to supply personal identification information, except that it may prevent them from engaging in ExPi Trade services.

6.2. Users may, however, visit Expi.trade homepage anonymously. In this case Site visitor’s information data will be collected together with cookies (IP address, browser name, the type of computer, operating system other similar information) for purposes, mentioned in clause 5.2.2. and 5.2.5. Data will be collected if User has given his / her consent. Cookie policy is available also on the Site.

6.2.1. User can set browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of Site features may not function as a result.

7. Personal data transfer to third parties and third countries.

7.1. In the processing of personal data Expi.trade respects User’s confidentiality and do not transfer personal data to third parties, except for:

7.1.1. During business relationship with User, transfer User’s personal data to third parties, is necessary to provide Services

7.1.1.1. With payment processing, acquiring and card issuing partners – financial institutions; Expi.trade may share and transfer your Personal Information to the third-party service providers for the purpose of rendering the order, which will be made to our Partners website via the use of your payment card. The Personal Information will be shared with the third-party service provider after you execute such payments by using the services of the third-party service provider. We do not share this information with side parties except to the extent necessary to provide the service. Personal Information shall include information that identifies you, including the information submitted by you during the registration on Expi.trade, such as your E-mail address, full name, password, country and city and/or information provided through social websites or any other identifying information provided by you while using the services of Expi.trade.

7.1.1.2. With banks or other financial institutions (e.g when disputing claims or chargebacks, investigations)

7.1.1.3. In case the transfer of User’s personal data is stipulated by laws and regulations (e.g. possible inquiries from regulatory officials);

7.1.2. Expi.trade uses cookies of third parties, such as Google, to make advertisements and optimise marketing communication. Third party advertisers use the cookies stored on the device of the homepage visitor to assess the efficiency of the advertisement and personalise the content of advertisements displayed to the website visitor. Information collected by third party advertisers may include data such as geographical location data (derived from the IP address). With cookies, Expi.trade collects data on how Users use Site to see what services are important to Users. This helps us to improve our services as well as to offer Users relevant information on social media, mobile apps and other websites. Cookie settings can be changed. You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result. Cookie policy is available also on the Site, User may choose regarding giving his / her consent before cookies or similar technologies processing.

7.2. Expi.trade is processing its Users personal data within EU / EEA. However, in certain situations personal data might be processed to third countries. Expi.trade will cooperate with partner or authority from third country, only if legal basis of processing is determined (e.g. regulatory requirement, for entering of performance of contract or in accordance with User’s consent) and only with proper security measures. Expi.trade will differentiate between secure and unsecure third countries. Secure third countries are those for which the European Commission has confirmed a suitable level of data protection based on an adequacy decision. In those countries, national laws provide a level of protection for personal data which is comparable to those of EU law. In case data recipient is from unsecure third country Expi.trade ensures in another way that the personal data will be sufficiently protected by the recipient. This will be ensured through standard contractual clauses, through the commitment to comply with codes of conduct which have been declared by the European Commission as being generally applicable, or by certification of the data processing procedure. At the request, User have the right to receive more detailed information regarding the Personal Data transfer to third countries.

7.3. Expi.trade may transfer any Information provided by User through use of the Expi.trade services to the Third Party Service Provider in order to allow the Third Party Service Provider to perform analysis of this information for the purpose of determining if User are qualified to use the services of such Third Party Service Provider (including the history of User’s transactions on the website which will be provided without any identifying information and solely for the purpose of performing the preliminary examinations).

8. Rights of Users

8.1 Users have rights to obtain information regarding their personal data processing by submitting written request to Expi.trade:

8.1.1. Sending information request in your Expi.trade user account.

8.1.2. Sending information request by email info@expi.trade . By sending information request by e-mail Expi.trade may ask User to provide additional documents for data subject identification.

8.1.3. If there is a request from User about his data processing, Expi.trade will answer on this request within 1 month from date of receipt. If Expi.trade unable to provide the answer according User’s request within one month, Expi.trade may extend the period of providing answer within two months, previously (within one month from request) informing the User about the reasons of such delay. If Expi.trade will not provide the answer to User, Expi.trade informs User within one month from the moment of request receipt of the reasons of not providing the answer, in this case User may lodge a complaint to Supervisory authority.

8.1.4. User’s request is considered free of charge. If Expi.trade notices, that User’s requests submitted repeatedly and are unreasonable or excessive, Expi.trade may charge reasonable fee, previously informing User.

8.2 User have following rights regarding processing it’s personal data:

8.2.2. To receive information about processing User’s personal data – categories of personal data concerned, purposes of processing, recipients or categories of recipient to whom the personal data have been or will be disclosed, information sources of data, which was not collected directly from the User, information about appropriate safeguards if User’s personal data are transferred to a third country or to an international organization.

8.2.3. To request from the Expi.trade rectification or erasure of personal data or restriction of processing and to object to processing as well as the right to data portability;

8.2.3.1. If User believes that his personal data in Expi.trade profile is incomplete or inaccurate, User have right to rectification, User may write an e-mail to Expi.trade support (info@expi.trade), Expi.trade support will take in consideration User’s newly provided data and compare them to User’s documents. In some cases Expi.trade support may ask for additional documents to verify User’s newly provided data.

8.2.3.2. User have right to obtain from Expi.trade the erasure of personal data if the personal data are no longer necessary in relation to the purposes for which they were collected or processed, and the mandatory data storage period is passed or if the User had withdrawn his consent on which the processing is based, unless Expi.trade has another purpose and legal basis for the processing.

8.2.3.3. User have the right to obtain from the Expi.trade restriction of his data processing if the accuracy of the personal data is contested by User after User is verified by Expi.trade, User shall make actions, specified in 8.2.3.1. User have the right to obtain from the Expi.trade restriction of his data processing if Expi.trade no longer needs the personal data for the purposes of the processing, but they are required by User for the establishment, exercise or defence of legal claims.

8.2.3.4. In case of User’s personal data rectification, erasure or restriction of processing, Expi.trade will communicate to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. Expi.trade will inform the User about those recipients if the User requests it.

8.2.3.5. User have right to obtain his personal data from Expi.trade which he or she has provided to a Expi.trade, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Expi.trade. The right can be executed regarding personal data providing directly from the User and regarding personal data processed by automated means.

8.2.3.6. User have right to object of the personal data processing, when processing is necessary for the purposes of the legitimate interests pursued by Expi.trade. User will not be able to exercise this right if User gave consent to the processing of Personal Data, or Expi.trade requires processing of User’s Personal Data for establishment and fulfilment contractual obligations with User.

8.2.4. Automated individual decision-making (including profiling) is not envisaged by Expi.trade. If Expi.trade will implement automated individual decision-making (including profiling), this data protection policy will be updated, and User will be informed about the update.

8.3 Rights of Users shall not apply to the collection and processing of information, which was obtained for fulfilment of requirements of laws (e.g. obtaining of information about User from public sources is envisaged according anti money laundering laws and regulations).

9. Notifications in case of personal data breaches.

9.1. When the personal data breach is likely to result in a high risk to the rights and freedoms of Users, the Expi.trade shall communicate the personal data breach to the User without undue delay.

9.1.1. User may not be informed about data breach if:

9.1.1.1 Expi.trade has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, those that render the personal data unintelligible to any person who is not authorised to access it, e.g. encryption.

9.1.1.2 Expi.trade has taken subsequent measures which ensure that the high risk to the rights and freedoms of Users no longer likely to materialise.

9.1.2. Users may be informed collectively.

9.2 In the case of a personal data breach, the Expi.trade shall without undue delay and where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority (Estonian Data protections Inspectorate), unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

10. Cookie policy.

10.1. Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology. For more information about cookies, visit https://www.allaboutcookies.org/ .

10.2. ExPi Trade uses cookies of third parties, such as Google, to make advertisements and optimise marketing communication. Third party advertisers use the cookies stored on the device of the homepage visitor to assess the efficiency of the advertisement and personalise the content of advertisements displayed to the website visitor. Information collected by third party advertisers may include data such as geographical location data (derived from the IP address).

10.3. You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
ExPi Trade uses cookies in a range of ways to improve your experience on our website, including:

• Keeping you signed in
• Understanding how you use our website
• [Add any uses your company has for cookies]

10.4 Type of cookies

10.4.1 There are a number of different types of cookies, however, Expi.trade website uses:

• Functionality – Our Company uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
• Advertising – Our Company uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Our Company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.
• [Add any other types of cookies your company uses]

10.5 Cookie policy is available also on the Site, User may choose regarding giving his / her consent before cookies or similar technologies processing.

11. Changes to this privacy policy

11.1. Expi.trade has the discretion to update this privacy policy at any time. When we do, we will post a notification on the main page of our Site, revise the updated date at the bottom of this page and send you an email. Expi.trade encourageы Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

12. Your acceptance of these terms.

12.1. By using this Site, you signify your acceptance of this data protection policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

13. Period of data keeping.

13.1. According the law (Estonian Money Laundering and Terrorist Financing Prevention Act) User’s data must be kept at least 5 years after termination of business relationship with User.

14. Data protection officer

14.1. Protection of your personal information is the responsibility of our Data Protection Officer (DPO), who you can contact on questions related to your personal data processing. If you want to reach our DPO, please contact gdpr@expi.trade. Data Protection Officer is responsible for consulting Expi.trade employees regarding Users personal data processing in accordance with General Data Protection Regulation.

15. Right to lodge a complaint with a supervisory authority.

15.1. If User considers that his personal data contrary to the requirements of laws and regulations, he / she has a right to lodge a complaint to Supervisory Authority – Estonian Data protections Inspectorate (39 Tatari St., 10134 Tallinn +372 627 4135, info@aki.ee ; https://www.aki.ee/en/contacts). User may lodge a complaint to supervisory authority in other EU member state. Information regarding authorities in EU you can find here: (https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm).

16. Contacting us

16.1. If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at: support@expi.trade, gdpr@expi.trade.