Privacy Policy

Privacy Notice to Users

Last modified: 18.03.2019

Interpretation: “controller”, “processor”, “data subject”, “personal data” and “processing” shall have the meanings given to them under the European Union General Data Protection Regulation (GDPR). PrepayWay Systems Estonia OÜ (registry code: 14375086; address: Lõõtsa street 8, Tallinn 11415, e-mail: info@prepayway.com, hereinafter „the Token Generator“) is a data controller within the meaning of the GDPR and undertakes to hold any personal data provided by data subjects using the Website and/or entering into Token Sale Agreement, (hereinafter ”Users“) in accordance with the applicable EU and Estonian Data Protection Legislation. This privacy notice (hereinafter „Privacy Notice“) explains the manner in which the Token Generator collects, processes and maintains personal data from and about Users, including visits to and usage of its website www.prepayway.com (hereinafter „the Website“), as well as data collected while Users are entering into a Token Sale Agreement. Users should review this notice carefully as it contains information about the treatment of their personal data and their rights under the GDPR.

  1. Definitions
    1. Administrator - Token Generator and/or third party service provider contracted by Token Generator to handle KYC procedures in connection with the Token Sale.
    2. Data subject – an identified or identifiable natural person;
    3. Ecosystem - set of services provided by PrepayWay AG, owner of PrepayWay Systems Estonia OÜ, and other affiliates of PrepayWay AG and/or partners;
    4. Personal data - any information relating to an identified or identifiable natural person;
    5. Users – a person using the Website and/or a party to a Token Sale Agreement defined as „Purchaser“, concluded between thea person and Token Generator, defined as „Purchaser“;
    6. Service Provider - PrepayWay AG or/and an affiliate of PrepayWay AG or PrepayWay AG partners;
    7. Token Generator - PrepayWay Systems Estonia OÜ (registry code: 14375086);
    8. Token Sale – aquisition of Tokens by User from Token Generator;
    9. Token Sale Agreement – the agreement for the sale of tokens between User and Token Generator;
    10. User Credentials – information requested by Token Generator from the User for KYC („know-your-customer“) purposes;
    11. Website - www.prepayway.com;
    12. White paper – non-binding PrepayWay white paper, which describes matters relating to InBit Tokens and the PrepayWay Ecosystem (as amended or supplemented from time to time);
  2. Legal Person User:
    1. Where Purchaser is a legal person, Purchaser represents and warrants that:
      1. all personal data (including User Credentials) that is provided or made available to Token Generator has been collected, processed and transferred in accordance with the EU Data Protection Legislation;
      2. in particular and without restriction that the consent of the data subjects to whom the personal data relates has been procured before their data was collected, processed, and/or disclosed as described herein;
      3. that such personal data is adequate, relevant, and limited to what is necessary for the purposes described herein and is accurate and up-to-date.
  3. Categories of Personal Data
    1. In the course of its business, to comply with applicable “know your customer” (KYC) and “anti-money laundering” (AML) legislation, the Token Generator may collect, record, store, transfer and otherwise process information by which Purchasers may be directly or indirectly identified.
    2. The categories of personal data fulfilment of the Token Sale Agreement, including KYC procedures, include:
      1. Identifying information: Name, title, date of birth, age, gender, nationality, picture (e.g. passport / driver's licence), national identification number, usernames, email address, residential address, utility bills
      2. Contact information: Postal address, telephone / mobile / fax number, email address;
      3. Family information: Family structure, siblings, offspring;
      4. Financial information: Source of wealth, personal assets, bank account numbers and income details, tax identification number, financial and investment qualification, shareholder reference number;
      5. Transaction information: Payment details and other details of products and services purchased by the investor, sworn statements, power of attorney information;
      6. Professional information: Job titles, employment history, employer details;
      7. Marketing and communication information: Personal data contained in emails, data regard the investor's preferences in connection with marketing communications;
      8. Special category data: Data obtained pursuant to the Token Generator's standard criminal record checks, political opinion and affiliation data obtained further to the Token Generator's standard AML and client due diligence checks.
  4. Sources of Personal Data
    1. The Token Generator collects personal data about Users mainly through the following sources:
      1. information provided by User in writing (including any anti-money laundering, identification, and verification documentation), in person, by telephone (which may be recorded), electronically or by any other means;
      2. transactions within the Ecosystem or undertaken during the Token Sale, including account balances, purchases, distributions, payments and withdrawals;
      3. information captured on Token Generator's Website (www.PrepayWay.com), including registration information and any information captured via cookies, and
      4. credit reference agencies and available public databases or sources, such as news outlets, websites and international sanctions lists.
    2. The Token Generator collects information by running its Website, information provided thereto and in KYC communications, information sent by User's computer, mobile phone, or other access device and processes such information. When User visits the Website, the Token Generator collects information sent by User's computer, mobile phone, or other access device. This information may include User's IP address, device information including, but not limited to, identifier, name, and type, operating platform, mobile network information and standard web log information, such as browser type, and the pages User accessed on Token Generator's website. When User uses a location-enabled device with Token Generator's website, Token Generator may collect geographical location data or use various means to determine the location, such as sensor data from User's device that may, for instance, provide data on nearby cell towers and wi-fi access spots.
  5. Purposes and Legal Bases
    1. The Token Generator may process User's personal data for any one or more of the following purposes:
      1. to comply with any applicable legal, tax or regulatory obligations on Token Generator and/or any of its delegates or service providers under any applicable laws including but not limited to anti-money laundering and counter-terrorism legislation, in particular to ensure identification of the User. If any such obligations derive from the laws of a non-European Economic Area country, Token Generator and/or any of its delegates or service providers may be obliged to comply with those obligations in connection with the provision of services to investors, provided such action is in compliance with EU/EEA legislation;
      2. in order to enable Token Generator and Users to satisfy their contractual duties and obligations to each other;
      3. to properly record, manage and administer User's purchase and any related accounts on an on-going basis;
      4. to assist Service Provider in the development of the Ecosystem and the performance of the activities set out in the White Paper;
      5. to conduct and perform technical analysis on the completion of the Token Sale;
      6. to advise User of matters relative to its purchase of Tokens, including current values and changes to Token Generator documentation;
      7. for any other legitimate business interests of Token Generator including for statistical analysis, direct marketing and market research purposes, where such interests are not overridden by the interests of User;
      8. for risk management and control purposes relating to Token Generator or any entity in the same group;
      9. to investigate and respond to any complaints about Token Generator and to help maintain service quality and train staff to deal with complaints and disputes; or
      10. for any other specific purposes where Users have given their specific consent.
    2. The legal bases for processing are the agreement with the User (including related to use of the website), legal obligations under EU and Estonian law, User’s specific consent (if given), and other legitimate interests.
    3. Purchasers are required to provide their personal data for statutory and contractual purposes. It is clearly marked, which data is mandatory for different activities by the Purchaser. The Token Generator collects only statistical data from mere visits to its Website. However, personalized data has to be collected before a Token Sale Agreement can be concluded. Failure to provide the required personal data or an objection to processing may result in Token Generator being unable to permit, process, or release User's purchase and this may result in Token Generator terminating its relationship with User. Further, User's failure to provide accurate and complete information required for User's receipt of Tokens may result in delays, losses, costs, non-delivery of refunds or Tokens or other issues. User acknowledges that Token Generator may refuse to distribute Tokens to User and/or deny access to User's account until all requested and required information and/or documents are provided.
    4. Token Generator will only use User's personal data for the purposes for which it was collected, unless Token Generator reasonably considers that the personal data needs to be used for another purpose and that purpose is compatible with the original purpose. If Token Generator needs to process personal data for an unrelated purpose, Token Generator will notify the User and explain the legal basis which allows or requires Token Generator to do so.
  6. External Transfers / Processors
    1. Token Generator may share User's personal data with third parties in order to complete the Token Sale, to reveal or suppress fraud, to fix technical bugs, or to eliminate security problems. Token Generator will disclose User's personal data to its affiliates, subsidiaries and third-party service providers only in so far as is necessary to complete the Token Sale.
    2. The Token Generator is using third party service providers for know-your- customer (KYC) procedures which are required by law to combat terrorism financing, tax evasion and money laundering. The Token Generator can access any data collected by the third party service providers due to Token Sale Agreement.
    3. Where processing is carried out on behalf of Token Generator, Token Generator shall engage a data processor (such as the Administrator) which provides sufficient guarantees and implements appropriate technical and organizational security measures in a manner that such processing meets the requirements of the EU and Estonian Data Protection Legislation, and ensures the protection of the rights of Users. The Token Generator will enter into a written contract with the data processor which will set out the data processor's specific mandatory obligations as laid down in the GDPR, including to process personal data only in accordance with documented instructions from the Token Generator.
    4. The Token Generator will not transfer personal data to a country outside of the EEA where data protection laws may be different from the requirements under the GDPR unless:
      1. that country ensures an adequate level of data protection (such as Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework), or
      2. appropriate safeguards such as the model clauses (which are standardised contractual clauses, approved by the European Commission) are in place, or
    5. Token Generator relies on one of the derogations provided for under GDPR, for example where User has clearly consented to such transfer.
  7. Marketing
    1. User acknowledges and agrees that he or she or it may receive commercial electronic messages and advertising materials from Token Generator, Service Providers, Administrator or third parties by order of Token Generator on the e- mail address and the mobile phone number provided to Token Generator or Administrator.
  8. Retention
    1. The Token Generator will not keep personal data for longer than is necessary for the purpose(s) for which it was collected. In determining appropriate retention periods, Token Generator shall have regard to any applicable statutes of limitation and any statutory obligations to retain information, including anti-money laundering, counter-terrorism, and tax legislation. Token Generator will take all reasonable steps to destroy or erase the data from its systems when they are no longer required.
  9. User Rights
    1. Users have the following rights:
      1. to access their personal data;
      2. to correct personal data where it is inaccurate or incomplete;
      3. to restrict under certain circumstances the further processing of their personal data;
      4. to ask for erasure of their personal data when it is no longer needed and under certain other circumstances;
      5. to object to the use of their personal data (including for direct marketing purposes);
      6. to ask for personal data portability under certain circumstances.
    2. User may exercise its rights by writing to Token Generator at the following e-mail address: compliance@prepayway.com
    3. There are also situations where Token Generator can refuse to comply with a request to restrict further processing (for example, where it is subject to a legal obligation to process the data). Where the processing is based on consent, the withdrawal of consent shall not affect the lawfulness of any prior processing based on consent received or processing for other reasons and based on other grounds where this is permitted under applicable law. Token Generator may also refuse User access to personal data should it have doubts as to validity, authenticity and genuineness of the documents provided by User.
  10. Automated Decision Making
    1. Token Generator does not envisage that any decisions will be taken about User using fully automated means, however Token Generator will notify User in writing if this position changes.
  11. Governing Law and Complaints
    1. This Privacy Policy and obligations arising from or related to it are governed by the laws of the Republic of Estonia.
    2. Any and all disputes arising from or related to personal data protection will be settled by the parties by way of negotiations. Failing agreement, User shall have the right to lodge a complaint with the supervisory authority Estonian Data Protection Inspectorate, Väike-Ameerika 19, 10129 Tallinn, Estonia, or address a claim to court.
    3. In case the dispute between the parties is to be resolved in judicial proceedings, the parties agree to refer the dispute to Harju County Court in accordance with the legislation in force in the Republic of Estonia.
    4. The above mentioned does not exclude consumers from their rights regarding jurisdiction.
  12. Cookies:
    1. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
    2. When User accesses the Website, Token Generator or third party service providers on behalf of Token Generator may place small data files called cookies on User's computer or other device. Token Generator uses these technologies to recognize Users as a user; to customize the Website and for advertising; to measure promotional effectiveness, to collect information about User’s computer or other access device to comply with applicable law, and to mitigate risk, help prevent fraud and promote trust and safety.
    3. Token Generator uses cookies that are needed to ensure the proper functioning of the Website, as well as Google analytics cookies.
    4. It is possible to reject cookies from your browsers (different browsers have different options). Blocking all cookies may affect the usage of the Website.
  13. Change to Privacy Notice
    1. This privacy notice may be changed from time to time, and will be updated in due course to comply with further requirements (if any) under the GDPR.