Privacy Policy

Approved By: Dmitrijs Maceraliks, Privacy Officer
Senior Officer Approval for Program: Ilja Uspenskis-Gelvers, Director 

Hereby is described the privacy practices of collecting and processing of personal data provided by persons engaging in business relations regulated by Terms and Conditions and other relevant documents (hereinafter Client or you, your) with ULTRAMARINE EXCHANGE LTD, registration number M20687920, 400-319 W Hastings St, Vancouver, BC V6B 1H6, Canada, under the brand Ultramarinex (hereinafter Ultramarinex or we, us, and our), via an internet website www.ultramarinex.com (hereinafter the Site).

The provisions of this Privacy Policy are subject to the Personal Information Protection and Electronic Documents Act and the regulations thereunder (hereinafter “PIPEDA”) as well as applicable provincial privacy legislation and regulations and, in some cases (for example, in case of citizens of the EU or EEA), international instruments, such as Regulation (EU) 2016/679 (General Data Protection Regulation) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the Regulation).
Introduction

We understand the importance of protection of your privacy and personal data and commit a lot of efforts to develop and maintain high standards of our inner security measures and technologies to provide you with secure processing and storage of the data we collect from you; and keep your data safe against unauthorized or unlawful processing and against accidental loss, destruction or damage.


· PERSONAL DATA AND PURPOSE

“Personal Data” is any data that identifies you as an individual. This information may include, but is not limited to, your name, date of birth, nationality, gender, utility bills, photographs, address, telephone number, e-mail address, government issued identity documents, financial information (for example, bank account information, credit card information or tax identification numbers), transaction information (for example, information about transactions you make on our services), employment information (for example, office location, job title or description of role) and institutional information (for example, tax ID, proof of legal formation, personal identification information for all material beneficial owners). Personal Data, however, does not include certain business contact information used for the purpose of communicating or facilitating communication with you, as an individual, in relation to your employment, business or profession.

We do not collect any Personal Data without your consent. You provide your consent at the time when you register the Account with us, which signifies that you accept this Privacy Policy. We are accountable for the processing of your Personal Data, that is why we designated the person accountable for the organization’s compliance – the Privacy Officer who may be contacted at [email protected].

When registering the Account at Ultramarinex, we may collect and further process the following categories of minimally required data:
 · Information requested during the registration and/or setting up your Account that identifies you, for example, your name, date of birth, citizenship, etc.
 · Financial information, including your income, source of income/funds, taxation residence information, etc.
 · Information, which we may collect through automated means. Through your use of Ultramarinex and its functions, we also monitor and collect tracking information related to usage such as access date & time, device identification, operating system, browser type and IP address. This information may be directly obtained by Ultramarinex or through third-party services.
 · Your identity and residency verification documents, for example passport and/or ID card, utility bill, etc.
 · Contact information, i.e. your phone number, e-mail address, etc. When you go through the registration process, you shall provide an e-mail address and create a password. If an option to log in via supported third-party service is available and you choose such option, privacy practices of such third-party shall apply to your Personal Data.

We do not intend to solicit or collect Personal Data from anyone under the age of 16 or under the legal age if it is higher. If you are under 16 or are not of a legal age of your country, do not enter any Personal Data on our Site.

The term we keep the Personal Data depends on the type of data, the purpose of its use, nature of sensitiveness, etc. To the general rule, we will retain your Personal Data for the length of time reasonably needed to fulfill the purposes outlined in this Privacy Policy, including for as long as needed to provide you with products and services, unless a longer retention period is required or permitted by law. We will also retain and use your information for as long as necessary to resolve disputes and/or enforce our rights and agreements.

We collect and process the abovementioned data to fulfil our contractual obligations and legitimate interest before you, namely to:
 · provide services, including execution of requested transactions and related maintenance of the services you registered for and manage the account you hold,
 · provide you with the information about your activities on the account,
 · inform on any changes and updates to the services you are provided with,
 · assess and mitigate risks related to anti-money laundering and terrorism financing regulations, fraud, as well as transaction related risks,
 · comply with applicable legislation,
 · enforce our rights and/or maintain actions in relation to legal claims,
 · provide additional or supportive services, as well as perform Client surveys, statistical analysis,
 · ensure marketing activities (send you news, updates, promotions, product information, event announcements, and other),
 · improve the performance and functionality of our services.
The above list may be extended depending on the development of the services.


· PROCESSING OF YOUR PERSONAL DATA

By applying for an Account with Ultramarinex, you consent to the collection, processing and receipt of your Personal Data, as described in this Privacy Policy.

Your Personal Data may be received and processed:
 · by Ultramarinex within our inner systems of processing, which complies to technical and organizational measures in a manner that meets applicable requirements of the PIPEDA, the Regulation and security standards;
 · and/or by outsource service providers and processors who access and use the data only to the extent required to perform the obligations subcontracted to them by Ultramarinex (hereinafter – Subprocessors).

Those Subprocessors perform tasks on our behalf and are contractually obligated not to disclose or use collected information for any purposes other than storage, help in facilitation of technical aspects of our services, performance of functions related to the administration of services (collection and analysis), or other indicated under contractual clauses
.
You give your explicit consent that Ultramarinex may on its own discretion engage Subprocessors, who comply with technical and organizational measures in a manner that meet applicable requirements of the applicable legislation and security standards implied under this Privacy Policy and only for purposes of fulfilling the contractual obligations before you.

If such Subprocessors are outside of Canada, the processing of Personal Data is done or will be done in accordance with applicable laws but in any case, with comparable level of protection to that required under the PIPEDA or the Regulation.

Subprocessors shall remain fully liable for all obligations subcontracted to them and for the compliance with the applicable laws, including, but not limited to data privacy laws. Ultramarinex is not responsible in the event that information is disclosed as a result of a breach or security lapse at any such Subprocessors, or for such Subprocessors' non-compliance with the foregoing requirements.

We will keep the Personal Data that we collect stored safely in our secure data storage systems using cryptographic algorithms for protection.

We employ the necessary security safeguards to protect your Personal Data against loss, theft, unauthorized access, copying, modification, etc. Only our employees and Subprocessors are granted access to your Personal Data and only to the extent necessary to perform their duties or obligations. We take due care to prevent unauthorized access when destroying or disposing of Personal Data.


· CLIENT’S SECURITY COMMITMENTS

Client agrees that, without prejudice to our security measures and data incidents, it is Client’s responsibility to make appropriate use of our services to ensure a level of security appropriate to the risk in respect of your Personal Data and securing your authorization credentials, system, and devices which you use to access our services.

We are not obliged to protect your Personal Data that you choose to store or transfer outside of the Ultramarinex and our Subprocessors’ systems.


· CLIENT’S RIGHTS IN RESPECT TO ITS PERSONAL DATA

You may request us to inform you of the existence, use, and disclosure of your Personal Data as well as to provide you with access to that data (Access Request).

We shall respond to your Access Request within 30 days after receiving it. If more than 30 days is required, we will send you a notice within 30 days, advising of the new time limit and the reasons for the extension.
We may refuse your Access Request if complying with it would likely reveal personal information about a third party. In case we refuse for any reason, we shall inform you of those reasons and that you have the right to complain to the Office of the Privacy Commissioner (OPC).

You may also challenge the accuracy of your Personal Data stored and processed by us, if you can successfully demonstrate its inaccuracy or incompleteness. To satisfy your claim we may correct, delete, or add the necessary information about you.

You may withdraw your consent to the processing of your Personal Data at any time by contacting us directly at [email protected]. However, please note that we will not be able to provide you the services and you will not be able to use the Site if you withdraw all your consents. Consent to the processing for ancillary purposes, such as marketing, provision of additional or supporting services, and improvement of the performance and functionality of our services (i.e., anything beyond what is necessary to fulfill our service), can be withdrawn at any time without any consequences for the Client.

If you are dissatisfied with our response to your Access Request or believe we have breached our data privacy obligations regarding your or others' Personal Data, you may submit a complaint to our Privacy Officer at [email protected].

You shall receive a response to your e-mail within 30 days from the moment we received the complaint. We shall take all actions we deem necessary to resolve your complaint, including, but not limited to revision of the challenged Personal Data, revision of policies and procedures, disciplinary action, etc.


· DATA INCIDENT NOTIFICATIONS

If Ultramarinex becomes aware of breach of our security leading to the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of, or access to (excluding unsuccessful attempts or activities) Personal Data of Clients on systems managed or otherwise controlled by us (Data Incidents), and if such Data Incident creates a real risk of significant harm, we will notify you promptly, without undue delay and in compliance with the procedure prescribed under respective law or regulation. We will also report such Data Incidents to the Office of the Privacy Commissioner.

The notification will be sent to your e-mail address at the discretion of Ultramarinex or by other direct communication channel available to Ultramarinex and allowed by the Client (for example, by phone or e-mail). It is sole responsibility of the Client to provide us with the e-mail address and ensure that this e-mail address is valid and current.

None of the Data Incident notifications from Ultramarinex may be or will be construed as an acknowledgment of any fault or liability with respect to the Data Incident by us.

We must also notify other organizations or government institution if we believe they may be able to reduce the risk of harm to the impacted Clients (i.e., law enforcement agencies). If this is the case, your consent is not required for such disclosures.


· COOKIE & SIMILAR TECHNOLOGIES

Cookie is a small text file placed on your computer by the Site. Cookie helps you better interact with the Site and helps the Site better interact with you. Cookie does not contain your Personal Data.

We also collect Cookies and similar technologies for collecting technical information, which contains unique identifiers from you. In brief, we automatically receive the web address of the site that you came from and the IP address of the computer or device that you are using to access. This information helps to understand your preferences, navigate Site efficiently, and allows to develop and improve our services, and to manage the load on our servers.

They are widely used in order to make Site work more efficiently, as well as to provide information about functionality and behavior of the users on the Site.
This Cookie Policy is part of our Privacy Policy, which also includes additional details about our collection and use of information.

We use cookies, tags (together - Cookie) to:
 · understand how you use the Site and to provide you with safe, effective and user-friendly the Site,
 · remember your settings, such as preferred language, type of the device, news already shown to you, your preference about Cookie allowance,
 · keep opened sessions and conversation during your last visit to the the Site,
 · identify the popularity of different section of the Site and improve respectively,
 · prevent and exclude unauthorized use of the Site,
 · keep track of transaction initiating process,
 · prepare reports, this allows us to measure and analyze the performance of our services.

We normally do not associate your Account with your Cookie, however, in exceptional cases, we may use this option to prevent or avoid unauthorized use of the Site and violation of applicable agreements between you and us. In this case we will treat this information as personal and process as described in the Privacy Policy.

We use third-party web analytic services that assist us in better understanding of how the Site is used. Those services are compliant with the prescribed adequacy of security measures. For example, we use Google Analytics service powered by Google LLC (US).
This service helps us to improve the effectiveness of our advertising efforts and understand your preferences and interests. It collects information and reports usage statistics of the Site without personally identifying you – we use it for better delivery of our adverts. Please check the details about Google Analytics services here. However, in some cases, Google can match information collected through Cookie with your Google account and use it under Google Privacy Policy.


If you do not want to share your Cookie you may restrict it or block it out. If you prefer not to allow Cookies, please use your browser settings, most browsers give you an ability to manage your cookies or provide you with “incognito mode” or similar options. For more information about how to disable cookies at all or how to amend your cookie settings click here.

We also use similar technology and collect unique identifiers of our visitors of the Site, the information we collect by this means includes:
 · unique identification numbers, e.g. Internet protocol (IP) address and device ID,
 · your login information,
 · as applicable to your type of device, browser type and version, and browser plug-in types and versions,  · application release and version, device model, manufacturer (brand), operating system, operating system version, OS library version, time of last seen, enable Wi-Fi, radio (EDGE, HSDPA, LTE, WCDMA, none), device screen (width, high, dpi), NFC, telecom operator, Bluetooth enable, Bluetooth version,
 · time zone setting, city, region, country, and language,
 · operating system and platform,
 · and information about your visit, including the full Uniform Resource Locators (URL) click stream to, through and from the Site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
We use this information for the same purposes as Cookie.

We use Cookie for the following purposes, namely:
 · authentication,
 · security,
 · storing preferences and supporting additional features and functionalities,
 · performance, analytics and personalization,
 · marketing.

The time a Cookie will stay on your computer or mobile device depends on type of Cookie whether it is "persistent" or "session":
 · session cookies will only stay on your device until you stop browsing,
 · persistent cookies stay on your computer or mobile device until they expire or are deleted.

We use Google Analytics on our Site. If you want to know more about Google Analytics and its “do not track” policy, please visit this link.


· CHANGES TO THIS PRIVACY POLICY

Please note that we may amend this Privacy Policy from time to time at our sole discretion. Therefore, please check this Privacy Policy for updates.
In case of any significant changes to the data processing terms, we will notify you about them within a reasonable time via e-mail provided by you.


· CONTACT DETAILS

If you require any additional information or have any further questions concerning this Privacy Policy, please contact us at [email protected].


· OFFICIAL COMPLAINTS

If you are not satisfied with our response to your concerns, you may contact:

Office of the Privacy Commissioner of Canada
30, Victoria Street
Gatineau, Quebec
K1A 1H3
Canada
Toll-free: 1-800-282-1376
Phone: (819) 994-5444
TTY: (819) 994-6591

If you are a resident of any other country, you may contact your relevant national data protection authority.