Last Revised: August 29th, 2021
SimplexCC Ltd. and Simplex Payment Services, UAB (collectively “Simplex”, “Company”, “we” or “us”) respects the privacy of the users of our payment processing platform (collectively, the “Platform”), as well as users of our website available at: simplexcc.com or simplex.com (the “Site”), and is committed to protect the personal information that users share with us in connection with the use of our Platform and/or Site (collectively – the “Service”).
The term “GDPR” shall mean the General Data Protection Regulation (Regulation (EU) 2016/679). The term “CCPA” shall mean the California Consumer Privacy Act of 2018 (Cal. Civ. §§ 1789.100 – 1798.199) and the California Consumer Privacy Act Regulations by the Attorney General.
- From whom we collect Personal Information?
- Which Information we collect?
- How do we collect Personal Information?
- What are the purposes of the collection of Personal Information?
- What are the conditions for processing of Personal Information?
- Sharing Information with Third Parties
- Retention of Personal Information
- Tracking Technologies
- Your Rights
- Third Party Websites
- California Residents
- Have any Questions?
- Site Visitors: Individuals who visit our Site and who may volunteer certain contact data (such as their email address) to receive communications from the Company or otherwise pre-register to receive our Service. For clarity, Site does not include any sites owned or operated by our Customers.
- Users: Individuals whose information we process in order to:
- Provide the Service to our Customers pursuant to our agreements with them, or –
- Provide the Service directly to our Users via an e-money account or service account; this includes Users registering on behalf of an organization’; or
- Fulfill regulatory objectives, prevent illegal activities and to comply with applicable laws.
- Customers: Those who register on their own or on behalf of an entity or organization to use the Company’s Service, including merchants and operators of the Exchanges. For the avoidance of doubt, Customers does not include Users.
We collect, or have collected in the preceding 12 months, certain information that identifies or may identify an individual with reasonable efforts (“Personal Information”), as explained below.
Personal Information collected about Users consists of the following:
- The User’s IP address, as well as other persistent device identifiers, which are automatically recorded from the User’s device.
- In the event that following the preliminary examinations the User is determined as qualified to use the Service (as shall be determined in our sole discretion), then after clicking the Service button the User will be requested to fill out the registration form available on the Service, and such User will be required to provide certain information such as his/her personal and contact details, including the following:
- Full name
- Physical address
- E-mail address
- Phone number
- Copy of a government-issued ID (such as a passport or driver’s license) – this is collected as means for official proof of identity, for screening and identity verification/authentication;
- Details regarding the government-issued ID, such as the number, issuing country and issuance/expiration date;
- Photo/video selfie – this is collected as means for official proof of identity, for screening and identity verification/authentication;
- Country of residence
- Date of birth
- Billing address
- Wallet ID (if applicable)
- Payment card details – however, please note that such data is transmitted directly to our trusted third party payment processors. We do not retain the full details of the credit card;
- Any additional required information in order to render the Service.
Kindly note that without providing the above information the User will not be able to complete the transaction or make use of the Service.
- In the event that the User creates or registers with an e-money account, the User will be required to provide us with all the information listed above, as well as additional information, including:
- Tax information (such as Tax Identification Number)
- Bank information (such as IBAN)
- Details regarding the business activity of the User and his/her income (including source of funds)
- The purpose for opening the account and related information (such as planned turnover, average transaction size and count)
- Details validating information collected from the User (such as proof of address, payment method ownership and income source)
- Details regarding whether or not the User, or the User’s relative is a Politically Exposed Person (“PEP“), including the relative’s full name and contact information, as well as information relating to the relative’s business/political activity (such as organization’s name, role and nature of activity); and –
- If the User is acting on behalf of an organization (such as if the User is the organization’s contact person, a shareholder, an ultimate beneficial owner, a director, executive, representative, signatory or other stakeholder in the organization), in addition to the information requested from the User (as detailed above), we request information regarding the organization (including contact details, registration number, bank information, tax information, general information about the organization and its activities, etc.), as well as additional information relating to additional stakeholders in the company (such as shareholders, ultimate beneficial owners, and others), including share percentage and voting powers in the organization.
Kindly note that without providing the above information the User may not be able to open or register with an e-money account.
- In addition, we also collect the User’s publicly-available social network information, provided that the User has an existing third-party social network account (namely, a Facebook, Twitter, LinkedIn or Google+ account) (“SN Account”) registered under the same name and/or e-mail provided by User when registering to the Service.
- In the event a User registers to the Service or otherwise grants us with certain access permissions to his/her SN Account, the third-party social network(s) operating such SN Account(s) may provide us with certain information about the User, as is stored in and/or made available by the User through his/her SN Account and in accordance with the permissions granted to us by the User. For example, such information may consist, as applicable and/or made available by the User, of the User’s name, public profile picture URL address, SN Account User ID, e-mail address, date of birth, gender, occupation or work information, education and other information which the User made public.
- We also automatically collect or generate the following information when the User makes use of the Service: transaction status and transaction history, amounts deposited/withdrawn and login history, payment identifiers (such as a payment ID), risk assessment/scoring, and other information related to the User’s use of the Service. In addition, we also collect the behavior of the User on our Services, which includes keystrokes, captioning and recording of user behavior, mouse movements and other activities in our Services.
- Any Personal Information provided voluntarily by the User via its use of the Service, such as the User’s e-mail address in order to be contacted (and any additional information related to such contacts), User responses to customer surveys about how we can improve our product(s) and service(s), transaction details provided through use of the Service, and/or other actions performed by the User in connection with the Service.
- We also collect additional data from third-party sources regarding the User. This includes the User’s sanctions data and adverse media checks, as well as certain information enabling us to verify or authenticate the User (such as the User’s location), as well as to assess the risk associated with onboarding the User.
Please note that the Personal Information we collect is required in order for us to contractually provide the Services, as well as for us to meet our regulatory requirements (such as Anti-Money Laundering and Know-Your-Customer regulations), and to safeguard our legitimate interests. In the event that you will not provide such information, we may not be able to provide our Service.
We collect the following information about our Customers:
- Customer Account Information. We collect certain information relating to your business (such as the business registration number and brand name, information relating to the nature of the services you offer, the business contact information, etc.), information relating to the investors in your business, information relating to you as the contact person of your business, including your name, title, phone, email and address, as well as information relating to the shareholders, business owner or founder, directors, including his or her name, phone, email and address, as well as a copy of government-issued ID (such as passport) and proof of address (such as utility bill).
We collect the following information about our Site Visitors:
- We collect your contact data (for example your name, email address) and if relevant your Payment ID (the long string of letters and numbers you received by email) for the purpose of providing you with customer support (such as when you submit a ticket), or when you submit web forms on our Site.
- We also collect your contact data (for example your name, and email address and organization’s name) when you sign up for and agree to receive email communications from us, when you pre-register to receive our Services (such as the Simplex Card), or when you agree to become a Simplex’ partner. We also may ask you to submit such personal information if you choose to use interactive features of the Site.
- Log Files. Just as when you visit and interact with most websites and services delivered via the Internet, when you visit our Site, we gather certain information and store it in log files. This information may include but is not limited to Internet Protocol (IP) addresses, system configuration information, URLs of referring pages, and local and language preferences.
We use the following methods of collection:
- Through your use of the Service and/or the transactions carried out in connection with the Service. In other words, when you are using the Service, including when you browse an Exchange, we collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below.
- From our business partners – the Exchanges, our turnkey partners, cryptocurrency wallets and brokers. For example, when you return to an Exchange, such Exchange may provide us with your contact information (such as name, address and date of birth), as well as usage information regarding your previous visits to its website(s) (for example, the User’s balance, previous logins and previous transactions).
- Through publicly available sources. For example, we collect certain information about you through your publicly available SN Account(s) information, publicly available credit card blacklists and official limited bank account lists, and other online public information.
- From third-party services. For example, we use third-party services to provide our Service and prevent fraud.
- Information which you provide us. For example, we collect Personal Information required to use the Service by completing the registration form, the onboarding process (if you register as a Customer) and/or contacting us directly.
We store the Personal Information either independently or through the help of our authorized third-party service providers as detailed below.
We collect Personal Information in order to:
- Provide and operate the Service, including for risk analysis, billing, and other aspects relating to carrying out the transactions performed by the Users (such as identity authentication, payment processing, and charge-backs);
- Analytics, statistical and research purposes;
- Detect, prevent, or otherwise address fraud, security or technical issues (such as identity theft or financial fraud);
- Meet our regulatory requirements, such as Know Your Customer (“KYC”) and Anti-Money Laundering (“AML”) regulatory requirements;
- To perform due diligence and other screening activities in accordance with our legal or regulatory obligations and risk management procedures which are carried out in our own legitimate interest or the public interest; this includes conducting identity verification and fraud prevention, including checks related to the source of funds or income, PEP, sanctions and adverse media checks;
- Enable us to further develop, customize and improve the Service based on Users’ common preferences and uses, including simplifying the onboarding process to the Service, and for debugging purposes;
- Create and provide our business partners and affiliates with aggregated statistical data;
- Direct marketing purposes – we may use the contact details you provided us to send you promotional offers or communications; you may withdraw your consent via sending a written notice to Simplex by email to the following address: [email protected] or on the same manner as the advertising was transmitted to you (such as via phone text message), or by following the un-subscription instructions on the promotional offer or communication.
- Respond to User’s support requests;
- Satisfy any applicable law, regulation, legal process, subpoena or governmental requests;
- Enable us to provide our Users with a better user experience, with more relevant Content, features, and functionalities, and with technical assistance and support; and
- Protect the rights, property, or personal safety of Simplex, any of its Users, or the general public;
- We may also process your information as part of our customer authentication process, that employs the 3D Secure 2.0, which is a secured authentication protocol allowing issuing banks to verify credit card owners during the transaction process, and enabling us to ensure compliance with regulatory requirements and combat online fraud. This information includes your contact information, your payment information (including your credit card number and billing address), your IP address, the amount and currency of purchase, your browser information and additional information.
- Abide by any applicable law.
We will process your Personal Information for a variety of reasons, each of which is prescribed by relevant data protection laws.
- Fulfillment of a contract, compliance with a legal obligation – it is necessary for us to process your Personal Information where it is necessary for the performance of a contract (such as for the TOU) or in order for us to comply with our various legal and/or regulatory responsibilities, including, but not limited to, complying with any AML and KYC legislation).
- Legitimate interests – we also process your Personal Information where we deem such processing to be in our (or a third party’s) legitimate interests and provided always that such processing will not prejudice your interests, rights and freedoms. Examples of us processing in accordance with legitimate interests would include: (i) where we disclose your Personal Information to any one or more of our associate/subsidiary companies following a restructure or for internal administrative purposes; (ii) processing for the purposes of ensuring network and information security, including preventing unauthorized access to our electronic communications network; (iii) safeguarding the integrity of our Service by combating, reporting and sharing information related to fraudulent activities; (iv) adhering to regulatory and statutory requirements; (v) improving and optimizing our Service and debugging errors; (vi) sharing personal information with our advisers and professional services providers (such as auditors) for ensuring our compliance with regulatory requirements and industry best practices.
- Consent – our processing of your Personal Information will primarily be necessary for us to provide you with the Service. However, on certain occasions we may ask for your consent to processing Personal Information. In these instances your Personal Information will be processed in accordance with such consent and you will be able to withdraw this consent in writing at any time.
- Special Categories of Personal Data – our processing of your Personal Information may also involve special categories of personal data, such as biometric data and your racial or ethnic origin (as defined under Article 9 of the GDPR). We will process such information, as well as disclose it to competent authorities (such as law enforcement bodies), where it is necessary for the following purposes (to the extent permissible by applicable law): (i) prevention or detection of an unlawful acts, (ii) safeguarding your (or others’) economic well-being.
Simplex discloses Personal Information, or have disclosed Personal Information in the preceding 12 months, in the following cases:
- With our commercial partners (as applicable), including the merchants and operators of the Exchanges;
- With acquiring and card issuing banks;
- With third-party authentication vendors (such as identity verification, customer authentication and due diligence vendors), partner risk screening providers (such as Refinitiv, Privacy Statement can be found here) and other data sources (such as geo-location services), in accordance with our legal or regulatory obligations and risk management procedures which are carried out in our legitimate interest or the public interest;
- With our service providers (such as cloud computing companies, including payment processors, banking platforms and currency clouds, and marketing platforms);
- In order to fulfill the purposes stated above, including to satisfy any applicable law, regulation, legal process, subpoena or governmental request;
- In order to respond to claims that any content available on the Service violates the rights of third-parties;
- When Simplex or any of its affiliates is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of its assets.
For a description of the categories of third parties to whom personal information was disclosed, please see section 2.
For more information about the transfer of your personal data outside of the EEA, please contact us at [email protected]
If you have registered with an account through our Service, Simplex will retain your Personal Information during the period your account is active. In addition, Simplex will retain your Personal Information for additional periods, as necessary to enable Simplex to meet its legal obligations under applicable laws or regulations, such as the applicable financial regulations, KYC and AML regulations, as well as to meet Simplex’ contractual obligations. Simplex will retain your Personal Information for no longer than eight (8) years.
In addition, Simplex may retain Personal Information provided that retaining such information is strictly necessary for Simplex’ legitimate interests, such as fraud prevention and record keeping, enforcing its policies, resolving or exercising claims regarding potential disputes, and where Simplex is guided to do so by the applicable regulatory authority.
To use the Service, you must be over the age of eighteen (18). Simplex does not knowingly collect Personal Information from children under the age of eighteen (18) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of eighteen (18) are not using the Service. In the event that it comes to our knowledge that a person under the age of eighteen (18) is using the Service, we will prohibit and block such User from accessing the Service and will take appropriate measures to prevent that User from making use of our Service.
When you access or use the Service, we may use (and authorize third parties to use) industry-wide technologies such as cookies or similar technologies, including web beacons, pixel tags, scripts, tags and other technologies that store certain information on your computer (“Local Storage”) and which will allow us to enable automatic activation of certain features, and make your Service experience much more convenient and effortless (collectively “Tracking Technologies”). These Tracking Technologies allow us and third parties to automatically collect information about you (such as your IP address, device unique identifiers and your online behavior), in order to enhance your navigation on our Site, improve our Site’s performance and customize your experience on our Site, as well as for advertising and fraud prevention purposes. We also use this information to collect statistics about the usage of our Site, perform analytics, deliver content which is tailored to your interests
You may contact us at any time at [email protected], and request:
- To access (including asking for supplementary information), delete, change or update any Personal Information relating to you (for example, if you believe that your personal information is incorrect, you may ask to have it corrected or deleted);
- That we will restrict or cease any further use of your Personal Information;
- That we will provide the Personal Information you volunteered to us in a machine-readable format.
- To withdraw your consent to our processing activities (provided that such processing activities rely on your consent, and not on a different legal basis);
- To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where such processing is necessary for the performance of the contract between you and us, or it is based on your explicit consent, as provided hereunder.
Please note that these rights are not absolute and requests are subject to any applicable legal requirements, including legal and ethical reporting or document retention obligations (such as KYC and AML regulations).
If you have any general questions about the Personal Information that we collect about you, how we use it, please contact us at [email protected]
We take great care in implementing and maintaining the security of the Service and safeguarding any Personal Information we process. The Personal Information is hosted on Amazon Web Services and Google Cloud Services, which provides advanced security features. Simplex employs industry standard procedures and policies to ensure the safety of its Users’ Personal Information, and prevent unauthorized use of any such information. In addition, in order to safeguard the privacy expectation of the Users, Simplex is Payment Card Industry Data Security Standards (“PCI DSS”) certified. Please note that while we take reasonable measures to safeguard your personal data, we cannot fully guarantee its security.
If you are a consumer located in the state of California, we process your personal information in accordance with the CCPA. The following paragraphs provide additional information about the processing of personal information and the data protection rights of consumers in California:
- Right to know: you may request access to the personal information we collect, use or disclose.
- Right to delete: you may request the deletion of your personal information collected by us.
- Right to opt-out of the sale of personal information: you may request to opt out from the sale of your personal information. Simplex does not sell your personal information to any third parties and/or businesses.
- Right for non-discrimination: you have a right not to receive discriminatory treatment for the exercise of your privacy rights, unless permitted by the CCPA or other applicable laws.
In the 12 preceding months, we have disclosed the categories of Personal Information as described in the table below:
|Category of Personal Information||Personal Information Collected||Categories of third parties to whom Personal Information was disclosed|
|1. Identifiers and personal information per the Cal. Civ. Code § 1798.80(e))||Full name, physical address, email address, IP address, phone number, copy of government issued-ID or passport number and related details, country of residence, nationality, gender, wallet ID (if applicable), photo or video selfie, payment card details (*), tax information (such as TIN), bank information (such as IBAN), business activity of the User and his/her income (including source of funds), bank account details, details whether the individual is a Politically Exposed Person, details whether the individual is acting on behalf on an organization and related organizational information.||Third party identity verification services;Liquidity providers;Financial institutions;Payment processors;Merchants;Service providers (e.g. cloud storage); Professional advisors.|
|2. Internet or Other Electronic Network Activity Information||IP address, device, browser type, publicly-available social network information including profile picture URL address, date of birth, gender, occupation or work information, education and other information which the User made public, cookies and log files, keystrokes, captioning and recording of user behavior, mouse movements|
|3. Commercial information||Details regarding the business activity of the User and his/her income (including source of funds), transaction history and use of the Service.|
|4. Geolocation data||Geographic location|
|6. Inferences drawn from any of the information identified||User risk assessment for fraud prevention and compliance.|
Please see section 10 for more details on how to exercise your personal information rights. For more details on the categories of personal information we collect or disclose for business purposes, please see sections 2 and 6, respectively.
You can designate an authorized agent to make a request under the CCPA on your behalf if: (a) the authorized agent is a natural person or a business entity registered with the Secretary of State of California; and (b) you can sign a written declaration that you authorize the authorized agent to act on your behalf. If you use an authorized agent to submit a request to exercise your right to know or your right to request deletion, please mail a certified copy of your written declaration authorizing the authorized agent to act on your behalf using the contact information in section 10. If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.
4 Ariel Sharon St.
You can also reach us through our EU representative:
Simplex Payment Services, UAB
Antakalnio g. 17,
Attn: Data Protection Officer
We will make an effort to reply within a reasonable timeframe. Please feel free to reach out to us at any time. If you are unsatisfied with our response, you can reach out to the applicable data protection authority:
The State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija in Lithuanian, website available at https://vdai.lrv.lt/)
Address: A. Juozapavičiaus str. 6
LT-09310 Vilnius Lithuania
T +370 5 279 1445
F +370 5 261 9494