General Data Protection Regulation (GDPR)

What is the GDPR?

The General Data Protection Regulation (GDPR) is an EU regulation on personal data protection aimed at updating the existing national laws to strengthen personal data protection. Now the residents of the EU and Switzerland will better know which of their personal details are used. They will also have a better understanding of where, when, and why those details are processed and deleted.

This article complements Clause 5 (Privacy Policy) of our User Agreement and realizes the users’ legal right to be informed about the collection, processing, use, transfer, storage, and erasure of their personal data at Magnetic Exchange.

By providing your personal data through our website at https://magnetic-exchange.org, you agree to the processing of your data in accordance with our Privacy Policy, as well as to the rest of the clauses of our User Agreement. In case you do not agree to the terms set forth in those documents, please, refrain from further use of our website.

Who carries out the collection, processing, and storage of your personal data?

All the information you provide is stored on our protected servers located both in the European Economic Area (EEA) and beyond its borders. By providing us with your personal data, you agree to the transfer, storage, and processing of this data, including to doing so outside the EEA.

Despite all our efforts, we are not able to fully guarantee the impossibility of interception of your personal information by third parties while your data is being transferred from you to us. Therefore, when providing us with your personal data, you act at your own risk.

As soon as we receive the personal data, we start applying strict security procedures aimed at preventing the unauthorized access to this information.

In accordance with the EU Anti Money Laundering Directive (AML), in the framework of the due diligence procedure, we have to conduct the Know Your Customer (KYC) client identification and to store the collected personal data for minimum 10 years. Upon the expiry of those years, the data should be erased fully and irrevocably.

What personal information do we collect and why?

When you register:

• We collect email addresses for our registration system. Your email address is used to identify you when you log in to the system and to allow sending you notifications and important marketing information.
• We collect IP addresses to detect system abuse.

When you log in to your account:

• We ask for your email address to identify your account.
• We collect IP addresses to detect system abuse as well as to establish technical details related to your last login.

When you fill the personal information section of your account:

• We suggest you indicate your surname, name, patronymic, and phone number:
  • For the minimum personal identification needed to implement the AML procedures in accordance with the legal requirements.
  • For simplification of your interaction with our website. You will not have to re-enter those details for each new order.
  • For us to be able to quickly reach you in case of emergency.
• We suggest you indicate your gender so that we can address you in the correct way.
• We suggest you change your email address in case you wish to log in to our website by using another email address.
• We suggest you indicate your account number so that we transfer to it your rewards for participating in our partner program.

When you go through personal identification:

• We collect your surname, name, patronymic, date of birth, place of birth, and other passport details, as well as your residence address, information on your professional activities, and contact details. This is required for the personal identification needed to implement the AML KYC procedure in accordance with the legal requirements.
• We ask that you send us a photo of you with your personal identification document in your hands to make sure that no third party has got hold of your data.
• We ask you to provide us with a photo of your personal identification document and a photo of a document proving your address for implementation of the AML KYC procedure and for confirmation of the submitted details.
• We collect IP addresses to detect system abuse.

When you create an exchange order:

• We request your email address to conduct the minimum personal identification as well as to be able to quickly reach you in case of emergency.
• We request the account number, from which the payment will be made, to issue the payment invoice.
• We request the recipient account number to transfer you the money.
• We may ask for additional information related to the accounts, for example, the account holder’s surname, name, date of birth, residence address, and other details needed for the implementation of the AML procedures and requirements of payment systems.
• We collect IP addresses and other technical parameters of the exchange order to detect system abuse as well as to establish technical details related to your location.

When you request an additional reserve:

• We request your e-mail address in order to notify you when we have the required amount. We do not keep your e-mail address afterwards.
• We collect IP addresses to detect system abuse.

When you use the feedback form:

• We request your e-mail address in order to provide a response.
• We suggest that you provide your name so that we will know how to address you.
• We collect IP addresses to detect system abuse.

When you use our online chat:

• We request your e-mail address in order to send you a copy of the conversation.
• We suggest that you provide your name so that we will know how to address you.
• We collect IP addresses to detect system abuse.

Cookies

• When you log in to our system, we place cookies on your computer to maintain an active session of your browser. Without this, our system will not work properly.
• We use Google Analytics, which can place its own cookies. Although this service traces your behavior, Google assures that all data is anonymous.
• We place cookies on your computer when you first access our website through someone’s partner link. This allows evaluating each partner’s work. Your details are not shared with the partner.
• We make place temporary cookies when you create an exchange order on our website. This allows us directing you to the right page once you pay or refuse to pay for the order.

With whom can we share your personal data?

• We may share your personal data and details on the performed operations with law-enforcement agencies upon an official written request or upon a court decision, provided the privacy status of the data is maintained.
• We are obliged to share your personal data and details on the performed operations with law-enforcement agencies on our own initiative in case there is a reasonable suspicion that you are involved in activities related to laundering proceeds of criminal behavior, financing of terrorist organizations, and other fraudulent or illegal activities, provided the privacy status of the data is maintained.
• We may share details on your transaction and your personal data related to that transaction upon an official request from the electronic payment system to execute the payment order related to your exchange order as well as to conduct internal investigations.
• We may share your personal data and details of performed operations with you upon receiving from you the respective request.
• In order to send you emails, we may share your personal data and details on the performed operations with our partners through protected channels (without the right to store and independently use those details).
• In all other cases, your personal data is not subject to sharing.

You have the right to:

• Access your data. You can reach us using the contact details indicated below and request the copy of your personal data that we possess. We will provide that information within 30 days after receiving your request. As the retrieval of that information may require certain time and routine work, a reasonable fee might be charged for this service as allowed by the GDPR.
• Update your information. You can access your account and change the information that has not been confirmed. To modify confirmed data, please, reach our customer support.
• Cancel your consent to further processing of your personal data at any time. To do so, send an email to compliance@magneticexchange.com. The cancellation of your consent is valid from the moment of its receipt but has no effect on data processing already performed based on your consent received earlier. In accordance with the AML Directive requirements, we will continue storing your data for 10 years from the moment the transaction, during which the data was used, is completed.
  For provision of new services, we will again ask for your permission to process your personal data.
• Request correction of errors in your personal information stored in our system. If we do not agree that the information is inaccurate, you have the right to apply to court with a request to have this inaccurate information corrected, blocked, destroyed, or erased.
• Refuse to provide us with the personal data we request from you. If this data is required for a service provision, we will not be able to provide you with that service.
• Request deletion of your account. To do so, send an email to compliance@magneticexchange.com. The access to your account will immediately be stopped. Your personal information and data on your operations, as well as the respective technical information, will be erased after 10 years as required by the AML Directive.
• Forbid to accept cookies from our website by making the corresponding modifications in your browser’s settings. This might cause the website to malfunction.

Contact us

Send us an email at compliance@magneticexchange.com if you have concerns with respect to the safety of the personal data you have shared with us. We’ll work with you to sort things up and make sure your data is and remains safe.