Last Revised: February 11th, 2022

1. Who are we?

SimplexCC Ltd. (Israel), SimplexCC, Inc. (USA) and Simplex Payment Services, UAB (Lithuania) (collectively “Simplex”, “Company”, “we” or “us”) respects the privacy of the users of our payment processing platform (the “Platform”), as well as users of our websites available at: simplexcc.com or simplex.com (collectively the “Site”), and are committed to protect the Personal Data that users share with us in connection with the use of our Platform and/or Site (collectively – the “Service”). 

In this Privacy Policy (the “Privacy Policy”), you or Data Subject mean any person whose Personal Data is processed by Simplex and the term “Personal Data” means any information or set of information by which we may directly or indirectly identify you, such as your name, email address, telephone number, etc. We process Personal Data in accordance with the provisions of the General Data Protection Regulation No. 2016/679 (EU) (the “GDPR”), the requirements of the applicable legal acts, as well as the instructions of the authorities.

This Privacy Policy is intended to describe our practices regarding the information we collect from you when you visit our Site (“Site Visitors“), when you use our Service or any part thereof (“User“), including through a cryptocurrency  exchange’s website or trading platform carrying the Service (“Exchange“), or when you register as a customer (“Customer“), when you visit our social media account on Facebook, Twitter, LinkedIn and Medium (the “Social Accounts”), as well as the manners in which we use your Personal Data, and the options and rights available to you. 

If you register or use our Services in the US, the controller of your Personal Data (or its equivalent, as defined under applicable data protection laws) will be SimplexCC (US), Inc. If you register or use our Services elsewhere, the controllers of your Personal Data will be Simplex CC Ltd. and Simplex Payments Services, UAB and your Personal Data would not be shared with the US entity – SimplexCC (US). Simplex CC Ltd. and Simplex Payments Services, UAB, while processing your Personal Data, as a rule, act as a joint controllers, or sometimes the above entities have controller-processor relationship. SimplexCC (US) shares data of US citizens with Simplex CC Ltd. and Simplex Payments Services, UAB only in controller-processor relationship (SimplexCC (US) acts as the controller, whereas Simplex CC Ltd. and Simplex Payments Services, UAB – as the processors). Moreover, Simplex is a subsidiary of Nuvei group (Canada).

The Platform, Site and Social Accounts may contain links to external websites, such as our partner websites, websites promoting our Service, etc. When you follow links to any of these websites, please note that these sites and the services accessed through them have their own separate privacy policies and that we assume no responsibility or liability for these policies or for the collection of Personal Data on these sites. Before submitting Personal Data to there or using related services, it is important to review their privacy policies.

If you use the Services, Site, Platform or Social Accounts, subscribe to our newsletters, or contact or address us on any other issues, we assume that you have read and agreed to the terms of this Privacy Policy and the purposes, methods, and procedures for the use of your Personal Data specified therein. If you do not agree with the Privacy Policy, you may not use our Services or otherwise interact with us. This Privacy Policy is subject to change, so please visit the Site from time to time and read the latest version of the Privacy Policy available herein. We assure you, that Simplex does not sell, rent, or trade any Personal Data with third parties for their marketing or commercial purposes.

This Privacy Policy is incorporated by this reference into, and made part of, the Terms of Use available at www.simplex.com/terms-of-use (the “TOU”), the General Terms and Conditions for the Provision of E-Money and Payment Services, and any other agreement or notice that references this Privacy Policy.

2. From whom do we collect Personal Data?

This Privacy Policy applies to the Company’s collection, use, and disclosure of the Personal Data of the following categories of individuals:

  • Site Visitors: Individuals who visit our Site and who may volunteer certain contact data (such as their email address) to receive communications from the Company or otherwise pre-register to receive our Service. For clarity, Site does not include any sites owned or operated by our Customers.
  • Users: Individuals whose information we process to:
    • Provide the Service to our Customers pursuant to our agreements with them; or
    • Provide the Service directly to our Users via an e-money account or service account; this includes Users registering on behalf of an organization; or
    • Fulfill regulatory objectives, prevent illegal activities and to comply with applicable laws.
  • Customers: Those who register on their own or on behalf of an entity or organization to use the Company’s Service, including merchants and operators of the Exchanges. For the avoidance of doubt, Customers do not include Users.
  • Other persons, including the ones who subscribe to direct marketing materials, apply to various job positions offered by us, acts as a representative of our partners, etc.

3. How do we use your Personal Data and what principles do we keep?

We collect and process only such Personal Data as it is necessary to achieve the Personal Data processing purposes we have specified. When processing your Personal Data:

  1. We comply with the requirements of current and applicable legislation, including the GDPR;
  2. We process your Personal Data in a lawful, fair, and transparent manner;
  3. We collect your Personal Data for specified, clearly defined and legitimate purposes and do not process them in a way incompatible with those purposes, except to the extent permitted by law;
  4. We take all reasonable steps to ensure that Personal Data being inaccurate or incomplete, in accordance with the purposes for which they are processed, would be rectified, supplemented, suspended, or destroyed without delay;
  5. We hold Personal Data in such a form that your identity can be established for no longer than is necessary for the purposes for which the Personal Data are processed;
  6. We do not provide Personal Data to third parties or disclose them, other than as set forth in the Privacy Policy or applicable law;
  7. We ensure that your Personal Data is processed securely, that we ensure technical and organizational security measures, as well as that we provide access to Personal Data only to those of our employees who need such access due to their work functions.


4. How do we collect Personal Data?

We use the following methods of collection:

  1. Through your use of the Service and/or the transactions carried out in connection with the Service. In other words, when you are using the Service, including when you browse the Exchange(s), we collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below.
  2. From our business partners – the Exchanges, our turnkey partners, cryptocurrency wallets and brokers. For example, when you return to the Exchange, such Exchange may provide us with your contact information (such as name, address, and date of birth), as well as usage information regarding your previous visits to its website(s) (for example, the User’s balance, previous logins, and previous transactions).
  3. Through publicly available sources. For example, we collect certain information about you through your publicly available SN Account(s) information, publicly available credit card blacklists and official limited bank account lists, and other online public information.
  4. From third-party services. For example, we may collect some data when we use third-party services to provide our Service and prevent fraud.
  5. Information which you provide us. For example, we collect Personal Data required to use the Service that you provide to us by completing the registration form, the onboarding process (if you register as the Customer) and/or contacting us directly.
  6. When your Personal Data, with your consent, is provided to us by other persons, including companies using our Services. For example, when such companies indicate your contacts, refer to you as an authorized person, etc.

    The person providing Personal Data to us is responsible for the correctness, completeness, and relevance of such Personal Data, as well as for the consent of the person whose data is provided to submit his/her Personal Data to us. We may ask you to confirm that the person has the right to provide us with Personal Data (for example, by filling in service order or registration forms). If necessary (e. g. a person inquires us about receiving his/her Personal Data), we will indicate the provider of such Personal Data.

5. What Personal Data are we processing?

We process your Personal Data for the following purposes and under the following conditions:

Purpose of the processing of Personal Data Personal Data being processed Personal Data processing period
Legal basis for the processing of Personal Data
Registration, use of account, user identification, provision of Service. Name, surname, username, e-mail, password, phone number, social media accounts, personal identity code, date of birth, country of birth, address, nationality, citizenship, gender, passport/ID card copy and its details (e. g. type, number, issuance place and date, expiry date, MRZ code, signature), biometric data (photo (with your explicit consent)), details of user’s bank accounts and payments, Service and account usage history, monetary operations, information on sources of income, tax data, Wallet ID, information about the Services ordered and used and changes therein, data on PEP’s, other information required by law. During the period of use of the account and Service and 5 years after the last login to the account, and in case of revocation of the consent – until the expiry of the consent (when data are processed based on consent).

Data processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR)

Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR)

Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR)

Service quality management and Service-related communication.

Name, surname, username, e-mail, password, phone number, address, information needed to address quality of Service issues, content of the request and response to the request, Service, and account usage history.

During the administration of the question and 5 years after the end of the administration of the question or the last contact.

Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR)

Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR)

Compliance with the obligations of AML/CTF laws, ensuring proper KYC process. Name, surname, username, e-mail, password, phone number, social media accounts, personal identity code, date of birth, country of birth, address, nationality, citizenship, gender, passport/ID card copy and its details (e. g. type, number, issuance place and date, expiry date, MRZ code, signature), biometric data (photo (with your explicit consent)), details of user’s bank accounts and payments, Service and account usage history, monetary operations, information on sources of income, tax data, data on PEP’s, other information required by law. Personal data collected for the implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention shall be stored in accordance with the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania up to 8 (eight) years. The retention period may be extended for a period not exceeding 2 (two) years, provided there is a reasoned request from a competent authority.

Data processing is necessary for to fulfil a legal obligation imposed on the data controller (Article 6(1)(c) GDPR)

Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR)

Ensuring proper functioning of the Site, Platform and services, fraud prevention, ensuring the safe use of the Service.

Name, surname, username, e-mail, password, details of user’s bank accounts and payments, Service and account usage history, monetary operations, Wallet ID, information about the Services ordered and used and changes therein.

During the period of use of the account and Service and 5 years after the last login to the account.

Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR)
Conclusion and execution of contracts necessary for the Company’s activities, other internal management. Name, surname, phone number, e-mail, position, workplace information, address, relationship with the legal entity, self-employment certificate data, other data required for cooperation.

During the period of provision of services/cooperation and 5 years after the end of provision of services/cooperation unless a longer storage period is mandatory in accordance with the Index of General Document Storage Periods Approved by order No. V-100 of the Chief Archivist of the Republic of Lithuania of 9 March 2011.

Data processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR)

Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR)

Execution of financial operations, accounting, debt management.

Name, surname, e-mail, phone number, position, place of work, address, relationship with the represented legal entity, account number, credit institution, payment information, debt information, data transferred by the company collecting the contributions and confirmations of payments.

According to the regulatory legal acts, as well as in accordance with the Index of General Document Storage Periods Approved by order No. V-100 of the Chief Archivist of the Republic of Lithuania of 9 March 2011.

When the data does not fall within the above-mentioned storage area – the period of validity of the contract/cooperation between the parties and 10 years after the end of the contract/relationship (last contact).

Data processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR)

Data processing is necessary for to fulfil a legal obligation imposed on the data controller (Article 6(1)(c) GDPR)

Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR)

Evaluation and selection of candidates for the offered job.

Name, surname, e-mail, phone number, address, education and activity data, content of the CV, other information required for the selection/evaluation of the candidate or provided by the candidate.

The selection period and 3 months after the selection if the candidate’s consent to the retention of data after the selection has been obtained. 

When data is received not for a specific selection, it shall be stored for 3 months after the date of its receipt.

 

Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR)

Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR)

Management of electronic information channels (Platform, Site, Social Accounts), conducting analysis of Platform to provide more relevant content, ensure functionality and security and improve quality of the Service.

 

IP address, data collected with the help of cookies and settings, browser used, date and time of login, mobile device model and manufacturer, mobile device operating system (iOS, Android), password, account, and Service usage information.

 

Data collected through the integration of Social Accounts.

 

Site, Platform data are stored as described in this Privacy Policy.

Site and Platform data that is not included in the cookie information is stored for a maximum of 1 year from the date of collection, unless the person revokes his/her consent (when the data are processed based on consent).

Information in Social Accounts is stored according to the conditions set by the owner of this network

 

Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR)

Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR)

 

Sending news, conducting surveys, direct marketing, advertising.

Name, e-mail address, phone number, the data requested in the survey announcement/questionnaire.

Data is processed for 1 year from the receipt of consent, unless you revoke your consent earlier .

Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR)

Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR)

Settlement of disputes and claims.

Name, surname, workplace address, workplace position, contact with the represented legal entity, phone number, e-mail, the content of the claim or other similar document, information/documents related to the dispute/claim.

The entire period of the dispute/claim and 3 years after the end of the out-of-court dispute/claim resolution and 10 years after the end of judicial proceedings.

Data processing is necessary for to fulfil a legal obligation imposed on the data controller (Article 6(1)(c) GDPR)

Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR)

 


In Social Accounts we can share information about ourselves, our content, events, news, surveys, as well as information about the employees we are looking for. Social accounts users are also subject to the privacy policies of the social networks owners. When you contact us on Social Accounts, depending on the privacy settings you choose, we may see certain user account information such as profile first name, surname, image, sex, e-mail address, location, etc. (the list is not exhaustive). If a user posts information by communicating with us on our Social Accounts (e. g. posts a comment in the comments section of our Social Account or posts a message on our Social Account profile), depending on the privacy settings chosen, the posted information may be made public (for example, visible on our Social Account to other users).

In some cases, we may send messages related to the ordering or provision of our Service through the contact data provided by you, for example, to inform you about the confirmation of the order for Services, the expiration date of the ordered Service, temporary or permanent changes to the Service, including, but not limited to, planned outages, new features offered, version updates, point releases, major releases, abuse warnings, and changes to our TOU, Privacy Policy and other documents and agreements. Such communications are necessary for the proper provision of our contractual obligations and Service and are not considered to be direct marketing communications.

When providing our Services, we may, in certain cases, apply automated data decision-making, for example to prevent fraud, to ensure compliance with AML/CTF policies, etc. Automated decision-making refers to the processing of Personal Data using, for example, a software code or algorithm that does not require human intervention. We regularly review the criteria and models used in automated decision-making to ensure their integrity, efficiency, and impartiality. You may always ask for a revision of such automated decisions as it is indicated in the section 11 of this Privacy Policy. 

We may, in certain cases, process Personal Data longer than indicated in this Privacy Policy, e. g. when we are required to do so by law, when we are engaged in litigation, arbitration, pre-trial investigation, etc. Simplex assures that in such cases your Personal Data will be deleted immediately as soon as it becomes unnecessary for such purposes.

6. Do we share your Personal Data?

Also, we might share your personal data with parent comapny (Nuvei group). However, we undertake to do so only according to this Privacy Policy. Such transfers may only take place if we will sign EU standard contractual clauses approved by the European Commission, have other legal basis for such transfer or anonymize your personal data.

Our business partners, suppliers, sub-contractors, or agents who perform services for it, or consultants such as auditors, lawyers, tax advisors, analytics and search engine providers that assist us in the improvement and optimization of the Platform, etc., as well as the Personal Data Processors we use, such as ancillary service providers, IT companies, advertising and marketing companies, accounting companies, etc. We require data processors to store, process and treat Personal Data as responsibly as we do and only in accordance with our instructions. We have such partners and data processors:

Marketing, Advertising Partners – TrustPilot (Denmark) 

Payment partners – PAYBIS (UK), PAYBIS US (ZEROHASH), ELASTUM (LT, EE), H FINANCE (LT) (data is securely transmitted when the service provider signs EU standard contractual clauses approved by the European Commission for the transfer of data outside the European Economic Area)

Accounting, financial services – Hashavim, PWC Israel, Billbeez, Altshuler Shaham Benefits, Altshuler Shaham benefits, Howden, Priority, Jonathan Lubik consultants \ Econpartners, IBI trustee, Financial immunities, Michpal, Made Finance, Liram, OvdimNet
Ayalon, Kna’an, Hi Bob (USA), RMR Consultants, Sima Kedem Ltd, Yoram Zilberman insurance agency, Baker Tilly Baltics (LT), UAB Scandinavian Accounting and Consulting (LT), SIA Ernst & Young Baltic (LV), MK TAX, Cogency Global, Mazars (data is securely transmitted when the service provider signs EU standard contractual clauses approved by the European Commission for the transfer of data outside the European Economic Area)

IT solutions, IT security maintenance and technical services – 7CI (Israel), Ingenie (UK) Kyte Consultants Ltd (Malta).  (data is securely transmitted when the service provider signs EU standard contractual clauses approved by the European Commission for the transfer of data outside the European Economic Area).

Cloud and hosting providers – Amazon Web Services, Inc. (USA)  Google, Inc. (USA) (data is securely transmitted when the service provider signs EU standard contractual clauses approved by the European Commission for the transfer of data outside the European Economic Area).

To publish your content to Social Accounts, we provide data to these social media platform operators:

LinkedIn Ireland Unlimited Company (Ireland);

LinkedIn Corporation (Ireland) (data is securely transmitted when the service provider signs EU Standard Contractual Clauses Approved by the European Commission for the transfer of data outside the European Economic Area (the “EEA”));

Facebook Ireland Ltd. (Ireland);

Facebook, Inc. (USA) (data is securely transmitted when the service provider signs EU Standard Contractual Clauses Approved by the European Commission for the transfer of data outside the EEA);

YouTube, Inc. (USA) (data is securely transmitted when the service provider signs EU Standard Contractual Clauses Approved by the European Commission for the transfer of data outside the EEA);

Twitter, Inc. (USA) (data is securely transmitted when the service provider signs EU Standard Contractual Clauses Approved by the European Commission for the transfer of data outside the EEA);

Twitter International Company (Ireland);

A Medium Corporation (USA) (data is securely transmitted when the service provider signs EU Standard Contractual Clauses Approved by the European Commission for the transfer of data outside the EEA).

State or local government institutions and authorities, law enforcement and pre-trial investigation institutions, courts and other dispute resolution institutions, other persons performing functions assigned by law, in accordance with the procedure provided for by legislation of the Republic of Lithuania. We provide these entities with mandatory information required by law or specified by the entities themselves.

Other third parties, such as payment institutions, etc.
1.1.1. If necessary, to companies that intend to buy or would buy the Company’s business or would conduct joint activities with us or would cooperate in another form.
1.1.2. To affiliates with whom, we are under common corporate control. In case such affiliate is established outside the EEA we will conduct such Personal Data transfer only following conditions set out in the subsections 1.4.1. – 1.4.5. of the Privacy Policy (e. g. will sign EU Standard Contractual Clauses Approved by the European Commission for the transfer of data outside the EEA with such Affiliate).
1.2. We normally process Personal Data within the EEA, but in some cases your Personal Data may be transferred outside the EEA. The Company will always take steps to ensure any transfer of such information to entities based outside the EEA is carefully managed to protect your rights and interests by implementing Appropriate safeguards to protect Personal Data.
1.3. Your Personal Data will only be transferred outside the EEA under the following conditions:
1.3.1. Data are transferred only to our reliable partners who ensure the provision of our services to you;
1.3.2. EU Standard Contractual Clauses Approved by the European Commission, which ensure the security of transfers of your Personal Data, have been signed with such partners.
1.3.3. The Commission of the European Union has decided on the eligibility of the country in which our partner is established, i.e., an adequate level of security is ensured;
1.3.4. You have given your consent to the transfer of your Personal Data outside the EEA; or
1.3.5. A special permit of the State Data Protection Inspectorate of the Republic of Lithuania was obtained to carry out such transfer.

Please note that for the purposes of identity verification and required regulatory screenings, Simplex utilizes certain third-party identity verification and authentication services, provided by Onfido. Onfido’s collection and use of the information, which includes a copy of a government-issued ID and a photo selfie for biometric comparison, is described in Onfido’s privacy policy https://onfido.com/privacy/ . Simplex does not store or otherwise process any Users’ facial scans. We may only access the verification results generated by Onfido including relevant identification data disclosed by you.

7. Minors

To use the Service, you must be over the age of eighteen (18). Simplex does not knowingly process Personal Data from children under the age of eighteen (18) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of eighteen (18) are not using the Service. If it comes to our knowledge that a person under the age of eighteen (18) is using the Service, we will prohibit and block such User from accessing the Service and will take appropriate measures to prevent that User from making use of our Service.

8. Tracking technologies

When you access or use the Service, Site or Platform, we may use (and authorize third parties to use) industry-wide technologies such as cookies or similar technologies, including web beacons, pixel tags, scripts, tags and other technologies that store certain information on your computer (“Local Storage”) and which will allow us to enable automatic activation of certain features, and make your Service experience much more convenient and effortless (collectively “Tracking Technologies”). These Tracking Technologies allow us and third parties to automatically collect information about you (such as your IP address, device unique identifiers and your online behavior), to enhance your navigation on our Site, improve our Site’s performance and customize your experience on our Site, as well as for advertising and fraud prevention purposes. We also use this information to collect statistics about the usage of our Site, perform analytics, deliver content which is tailored to your interests.

To learn more please visit our Cookie Policy, available here.

9. Direct marketing

With your consent (only), we may use your Personal Data for direct marketing purposes to provide you with newsletters, offers and information about our Service, as well as to inquire about the quality of our performance. 

The above content can be sent by e-mail, messages to the phone number specified by you, as well as messages in your account in the Platform or Site. Your contacts may be transferred to our partners who provide us with news sending or quality assessment services.

After sending such content, we can collect information about the people who received it, for example, which message people opened, what links they clicked on, etc. Such information is collected to offer you relevant and more tailored news and content.

Even if you have given your consent to the processing of Personal Data for direct marketing purposes, you can easily withdraw this consent for all or part of the Personal Data processing activities at any time. To do this, you can:

  • notify us of your withdrawal in the manner specified in the provided message (e. g. by clicking on the “unsubscribe” link in the newsletter, etc.); or
  • send us a notification in a manner specified in this Privacy Policy. If you so request withdrawal of consent, we may ask you to verify your identity.

If you withdraw your consent, we will try to stop sending such content to you immediately. 

Withdrawal of consent does not automatically oblige us to destroy your Personal Data or provide you with information about the Personal Data processed by us, therefore, for these actions you should submit a separate request.

10. Your rights

As a data subject, you have the following rights regarding your Personal Data:

  1. To know (to be informed) about the processing of your Personal Data (right to know);
  2. To access your Personal Data and the way they are processed (right of access);
  3. To request the correction or, depending on the purposes of the processing of Personal Data, supplementation of incomplete Personal Data (right to rectification)
  4. To request the erasure of your Personal Data or the suspension of your Personal Data processing activities (excluding storage) (right to erase and right to “be forgotten”);
  5. To request us to restrict the processing of Personal Data for one of the legitimate reasons (right to restrict);
  6. The right to transfer data (right to transfer). This right may be exercised only if there are grounds for its exercise and appropriate technical measures to ensure that the transfer of the requested Personal Data does not pose a risk of security breach to the data of other Data Subjects;
  7. The right to object the processing of your Personal Data when we process Personal Data based on a legitimate interest of the Company or a third party, including profiling. If you object, we will only be able to further process your Personal Data for compelling legitimate reasons that take precedence over your interests, rights, and freedoms, or to make, enforce or defend legal claims;
  8. Revoke your consent to the processing of your Personal Data when this data is processed or intended to be processed for direct marketing purposes, including profiling as far as such direct marketing is concerned (based on the Personal Data you provide, profiling may be carried out for direct marketing purposes to offer you individually tailored solutions and proposals. You can revoke your consent to the processing of Personal Data by automated processing, including profiling, or object to it at any time).

We may refuse to exercise your rights listed above, except for refusal to process your Personal Data for direct marketing purposes, competitions or in other cases when Personal Data is processed with your consent, when your request is allowed to us not to comply with the provision of the GDPR, or when, in cases provided for by law, it is necessary to ensure the prevention, investigation and detection of crimes, violations of official or professional ethics, as well as the protection of the rights and freedoms of the Data Subject, us and other persons.

You can exercise part of your rights as a Data Subject by changing the user account settings in the Platform or Site and the information contained therein. You may submit any request or instruction related to the processing of Personal Data to us in writing via Simplex internal system for handling Data Subject’s request. 

Please go to the Simplex Privacy Center and choose Data subject’s request options here.

When submitting such a request, we may ask you to fill in the necessary forms, as well as provide an identification document or other information that will help us to verify your identity, to better understand the content of your request. You may also submit Data Subject’s request via email address indicated below in this Privacy Policy, however, we encourage you to submit you requests as indicated above since that channel is dedicated specifically to handle Data Subject’s requests.

Upon receipt of your request or instruction regarding the processing of Personal Data, no later than within 1 month from the date of the request, we will provide a response and perform the actions specified in the request or inform you why we refuse to perform them. If necessary, the specified period may be extended by a further 2 months, considering the complexity and number of requests. In such a case, within 1 month from the date of receipt of the request, we will inform you of such extension.

If Personal Data is deleted upon your request, we will only store copies of information that are necessary to protect our legitimate interests and those of others, to comply with the obligations of law, to resolve disputes, to recognize interference or to comply with any agreements you have entered with us. Please note that these rights are not absolute, and requests are subject to any applicable legal requirements, including legal and ethical reporting or document retention obligations (such as AML/CTF regulations).


11. How do we secure your Personal Data?

We take great care in implementing and maintaining the security of the Service and safeguarding any Personal Data we process. Personal Data, trusted to us, is hosted on Amazon Web Services and Google Cloud Services, which provides advanced security features. Simplex employs industry standard procedures and policies to ensure the safety of the Personal Data processed and to prevent unauthorized use of any such information. In addition, to safeguard the privacy expectation of the data subjects, Simplex is Payment Card Industry Data Security Standards (“PCI DSS”) certified. Please note that while we take reasonable measures to safeguard your Personal Data, we cannot fully guarantee its absolute security. 

12. California residents

If you are a consumer located in the state of California, we process your Personal Data in accordance with the California Consumer Privacy Act of 2018 (Cal. Civ. §§ 1789.100 – 1798.199) and the California Consumer Privacy Act Regulations by the Attorney General (“CCPA“). The following paragraphs provide additional information about the processing of Personal Data and the data protection rights of consumers in California: 

  1. Right to know: you may request access to the Personal Data we collect, use or disclose. 
  2. Right to delete: you may request the deletion of your Personal Data collected by us. 
  3. Right to opt-out of the sale of Personal Data: you may request to opt out from the sale of your Personal Data. Simplex does not sell your Personal Data to any third parties and/or businesses. 
  4. Right for non-discrimination: you have a right not to receive discriminatory treatment for the exercise of your privacy rights, unless permitted by the CCPA or other applicable laws. 

For more information about Data Subject’s rights please see the section 11 of this Privacy Policy.

In the 12 preceding months, we have disclosed the categories of Personal Data as described in the table below:

Category of Personal Data Personal Data Collected   Categories of third parties to whom Personal Data was disclosed
1. Identifiers and Personal Data per the Cal. Civ. Code § 1798.80(e)). Full name, physical address, email address, IP address, phone number, copy of government issued-ID or passport number and related details, country of residence, nationality, gender, wallet ID (if applicable), photo or video selfie, payment card details (*), tax information (such as TIN), bank information (such as IBAN), business activity of the User and his/her income (including source of funds), bank account details, details whether the individual is a Politically Exposed Person, details whether the individual is acting on behalf on an organization and related organizational information.
  • Third party identity verification services;
  • Liquidity providers;
  • Financial institutions;
  • Payment processors;
  • Merchants;
  • Service providers (e.g. cloud storage);
  • Professional advisors
 
2. Internet or Other Electronic Network Activity Information. IP address, device, browser type, publicly-available social network information including profile picture URL address, date of birth, gender, occupation or work information, education and other information which the User made public, cookies and log files, keystrokes, captioning and recording of user behavior, mouse movements.  
3. Commercial information. Details regarding the business activity of the User and his/her income (including source of funds), transaction history and use of the Service.   
4. Geolocation data. Geographic location  
5. Biometric information.    
6. Inferences drawn from any of the information identified. User risk assessment for fraud prevention and compliance.  

You can designate an authorized agent to make a request under the CCPA on your behalf if: (a) the authorized agent is a natural person, or a business entity registered with the Secretary of State of California; and (b) you can sign a written declaration that you authorize the authorized agent to act on your behalf. If you use an authorized agent to submit a request to exercise your right to know or your right to request deletion, please mail a certified copy of your written declaration authorizing the authorized agent to act on your behalf using the contact information in section 10. If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.

13. Changes to this Privacy Policy

Simplex reserves the right to change this Privacy Policy at any time, so please re-visit this page frequently. We will provide notice of substantial changes to this Privacy Policy on the Service and/or we will send you an email regarding such changes to the e-mail address that you volunteered. Such substantial changes will take effect seven (7) days after such notice was provided on any of the above-mentioned methods. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date, and your continued use of the Service after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.

14. Our contacts:

If you have any questions (or comments) concerning this Privacy Policy, you are welcome to contact us through the following contact details:

If you reside in the US:

[email protected]
SimplexCC (US), Inc.
340 S Lemon Ave #4889,
Walnut,
CA 91789
US

Otherwise,

please contact our Data Protection Officer at:

[email protected]
SimplexCC Ltd.
4 Ariel Sharon St.
Givatayim 5320047
Israel

You can also reach us through our EU representative:

Simplex Payment Services, UAB
Antakalnio g. 17,
LT-10312 Vilnius
Lithuania
Attn: Data Protection Officer

Simplex Privacy Center, Data subject requests, choose option OTHER
Or simply contact the [email protected] 

We will try to reply within a reasonable timeframe. Please feel free to reach out to us at any time. If you are unsatisfied with our response, you can reach out to the applicable data protection authority:
The State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija in Lithuanian, website available at https://vdai.lrv.lt/)

Address: A. Juozapavičiaus str. 6
LT-09310 Vilnius Lithuania
T +370 5 279 1445
F +370 5 261 9494
[email protected]