We are committed to protecting your personal data and to respecting your privacy, by complying with all data protection laws and regulations applicable in Romania, including the General Data Protection Regulation (EU) 2016/679 (the “GDPR”).
We use our best endeavours and take all reasonable steps in order to ensure the confidentiality and security of your personal data and to impose the same obligation to all the recipients that, through the Platform, have access to your personal data. However, please note that some of the recipients (such as some of our partners - cryptocurrency platforms) are also data controllers, therefore they are independently liable for the way they process your personal data, as we will explain into more details below.
I. Who we are
The data controller is Globe Monnaie SRL, with its headquarters in 44 Brazda lui Novac Street, floor 1, Craiova, Dolj county, Romania, registered with the Trade Registry under no. J16/1839/2017, having fiscal registration code 37865699 and VAT code RO44092588 (“Tokero” or the “Company”), having the telephone number +40371789139, the e-mail address [email protected], which is also the entity managing the Platform where we collect your personal data.
II. The processing of your personal data
During the activity carried out by Tokero, your personal data may be processed for different purposes. The personal data that we collect in the process of managing the Platform and offering our services to the users may be provided by the users of this Platform directly (e.g., name, surname, e-mail address, telephone number and any other data provided in the context of the interaction with the Platform) or may be collected indirectly (e.g., IP address). We will further explain below and provide you with the relevant information regarding the activities of processing personal data that we perform (including the purposes of processing personal data, the legal ground of the processing for each applicable purpose, the categories of processed data, the duration of the processing, the recipients and the transfer of personal data, where applicable), taking into consideration the nature of your relationship with the Company, namely as a user holding a personal account or as the representative of a legal entity holding a corporate account on the Platform.
When you are visiting our Platform, we are using cookies to automatically collect technical information that could identify the visitor/user, such as the IP address, the type of internet browser used for navigating our Platform, your operating system, data regarding the visits on the Platform (including the number of visits, the time spent on the Platform, the manner in which the website is accessed, the behaviour on the Platform).
IV. Specific information regarding the personal data processing activities on the Platform
This section refers to your capacity as a user of the Platform. In general, in order to achieve the purposes below, the Company collects personal data from you directly as an individual user holding a personal account on the Platform or you are indicated as the representative of a legal entity holding a corporate account on the Platform.
V. The Company processes your personal data for the following purposes, based on the legal basis indicated for each of them:
|Purpose and categories of data||Legal basis||Duration of the processing|
Purpose: Creating and managing an account on the Platform
Categories of data: type of account, name, surname, e-mail address, telephone number, copy of an identification document (passport or identity card), a document revealing the bank account number (IBAN) that will be used for deposits or withdrawals (bank account statement or a print screen from the bank app revealing the name and the IBAN of the user), a picture of the user holding the identification document and an individual code provided by the Company for identification purpose
|Performance of a contract to which the user is a party, respectively the Terms of service; The legitimate interest represented by the common interest of the Company and the legal entity user holding a corporate account to have and develop a commercial relationship.||For the entire period of holding the account active on the Platform, as well as for the period required by the tax, accountancy, anti-money laundering, know your customer laws and the period necessary to protect the Company’s rights, taking into account the law applicable to the agreement, including the tax statute of limitation period (generally 10 years)|
Purpose: Implementation in relation to the users of the Platform of the internal policies and legal obligations related to anti-money laundering, know your customer and identification of the beneficial owner
Categories of data: last name, first name, e-mail address, copy of the identification document, image of the data subject, custom identification code/text, bank account numbers (IBAN), video images, declaration of the source of funds for deposit exceeding EUR 10,000 or for any suspicious transaction, proof of the source of funds for deposit exceeding EUR 20,000, extended proof of the source of funds for deposit exceeding EUR 100,000 and/or any other data provided to the Company during the performance of the agreement for the fulfilment of its object, data regarding the legal representatives of the user, the shareholders and beneficial owners (according to the legal requirements regarding their identification), in accordance with the anti-money laundering provisions
|Compliance with the legal requirements of the Company for the prevention of and fight against money laundering, know your customer and identification of the beneficial owner||For the entire period of holding the account active on the Platform, as well as for the period necessary to protect the Company’s rights and the period required by the tax, accountancy, anti-money laundering, know your customer, identification of the beneficial owner laws (generally 10 years)|
Purpose: Provision of the services on the Platform, such as crypto-to-fiat, fiat-to-crypto and crypto-to-crypto exchange/trading services, including through Crypto Spots, including performing any activities related to the provision of the services as described under the Terms of service (or other terms incorporated by reference) and the applicable legislation.
Categories of data: name, surname, type of account, e-mail address, telephone number, IBAN, proof of the source of funds, when necessary, transaction data, deposit and withdrawal addresses
|Performance of a contract to which the user is a party, respectively the Terms of service The legitimate interest represented by the common interest of the Company and the legal entity user holding a corporate account to have and develop a commercial relationship. Compliance with a legal obligation incumbent to the Company||For the entire period of holding the account active on the Platform, as well as for the period required by the tax, accountancy, the prevention of and fight against money laundering, know your customer laws and the period necessary to protect the Company’s rights, taking into account the law applicable to the agreement, including the tax statute of limitation period (generally 10 years)|
Purpose: Monitoring and managing the Platform in order to ensure maintenance, security, compliance with the Terms of service, compliance with the competent authorities’ inquiries and with the legal provisions in force
Categories of data: username, type of account, transaction data, deposit and withdrawal addresses
Performance of a contract to which the user is a party, respectively the Terms of service Compliance with a legal obligation incumbent to the Company
The legitimate interest of the Company to ensure a proper functioning of the Platform
||For the entire period of holding the account active on the Platform, as well as for the period necessary to protect the Company’s rights and the period required by the applicable laws (generally 10 years)|
Purpose: Organization of events or webinars to which the users/ representatives of the users may join; taking photos and other recordings of such events
Categories of data: username, type of account, photo, video and audio data, […]
|The Company’s legitimate interest to organize events or webinars for a public/private audience, potentially including the users of the Platform Consent of the users to be informed on the upcoming events/webinars Consent of the users to for the Company to record and take photos at the events/webinars||For the entire period of holding the account active or until the withdrawal of the consent.|
Purpose: Notifications (commercial communications) to users regarding information and updates related to the Company’s services, Company news, promotions, offers, campaigns
Categories of data: last name, first name, e-mail address
|The consent for the commercial communications sent by the Company or the legitimate interest for sending communications to the users who have previously purchased similar services of the Company, according to the applicable legal provisions. The unsubscribe option is offered in all commercial communications sent, irrespective of their nature.||Throughout the relationship with the user or until the withdrawal of the consent. The Company will keep evidence of the persons that subscribed / unsubscribed during the statute of limitation period (generally 3 years) but after the relation with the user ends or the user has withdrawn his/her consent, the respective user will no longer receive commercial communications.|
Purpose: Organizing and development of a contest, promotion
Categories of data: last name, first name, e-mail address, phone number, relevant information regarding your participation to the contest/promotion
|Performance of an agreement to which the user is a party, respectively the terms and conditions of the contest, promotion||Throughout the organization and development of the contest/campaign, as well as for the period necessary to protect the Company’s rights and the period required by the applicable laws, taking into consideration the statute of limitation period (generally 3 years).|
Purpose: Organizing the Client Referral Rewards Program through which the user is rewarded for recommending the Platform to others and for the first trades performed by the newly brought users on the Platform
Categories of data: name, surname of the participants to the program, referral link, transaction data, country. The user who made the recommendation does not have full-name traceability of the new users that joined the Platform, but he/she may see on his/her account the number and the country of the new users who used his/her referral link to join and use the Platform and the services.
Purpose: Answer your queries or requests by electronic correspondence (e-mail, contact form) or telephone.
Categories of data: last name, first name, e-mail address, telephone number, transaction data, the question/request addressed and any other information provided in the request and throughout the following correspondence.
|The processing is based on a legitimate interest of the Company to provide answers to your visitor/user queries or requests and to keep the contact with the visitors/users.||For the period necessary to settle or answer your question/request, taking into account the applicable laws and the statute of limitation period (generally 3 years).|
Purpose: Organizing and development of a survey through the users of the Platform
Categories of data: username, last name, first name, e-mail address, information related the preferences of the user
|The consent of the user.||For the period necessary to carry on the survey and to analyse the results, the moment after which personal data will be anonymized or destroyed.|
|Purpose and categories of data||Legal basis||Duration of the processing|
VI. Recipients of your personal data
For reaching the purposes described above, the Company uses the services of several contractual partners, acting as data processors, controllers or third parties (the latter referring to parties who do not intend to process the data, but may have access to them upon fulfilling their tasks or interacting with the Company).
The following categories of recipients have access to the personal data: (i) companies providing services for hosting and maintenance of our Platform, carrying out their activity in Romania, the providers of software through which activities for the management of contractual, financial and accounting documents are carried out, carrying out their activity in Romania, providers of emailing services, such as SendGrid (Twilio Inc.), Sendinblue SAS, which carry out their activity in the United States of America and in France; (ii) public authorities, financial or legal auditors or institutions competent to carry out inspections and checks on the Company’s business or assets, which request the Company to provide information, by virtue of the latter’s legal obligations. Such public authorities or institutions may be the National Supervisory Authority for Personal Data Processing, ANAF or other authorities competent to perform verifications on our activity; (iii) to comply with a legal requirement or to protect the rights and assets of our Company or of other entities or people, such as courts of law; (iv) third parties acquisitors, insofar the business of the Company would be (totally or partially) transferred and the data subjects’ data would be part of the assets representing the object of the transaction and (v) affiliated companies of the same corporate group as Tokero.
VII. Transfer of personal data abroad
To the extent that, in the context of the operations described above, your personal data may be transferred abroad to states in the European Union (“EU”) or European Economic Area (the “EEA”) (for example, in data centres around the world, wherever the Company facilities or service providers are located), any transfer performed the Company in an EU or EEA member state will observe the legal requirements laid down by the GDPR.
As regards the collaboration with the providers located outside EEA/EU, different transfer mechanisms apply in order to ensure protection of the personal data transferred, as follows: in relation to the video communications platform provider (Zoom Video Communications), the provider of emailing services (SendGrid), the cryptocurrency platforms providing exchanges services (Payward Ltd, Binance, Ascendex) they are headquartered outside of the EU/EEA in the USA and Cayman Islands. In such cases, the Company relies on the standard contractual clauses adopted by the European Commission (in relation with SendGrid (Twilio Inc.), Binance and Payward Ltd) or the Binding Corporate Rules adopted by Payward Ltd.
VIII. Refusal of the processing and consequences thereof
The personal data indicated above, which are processed under a legal obligation or for the performance of the contract to which you are a party represent a necessary obligation for the conclusion of a contract with the Company, and you must provide personal data for the conclusion or performance of the agreement and to enable us to comply with our legal obligations towards you and towards the public authorities. If you do not provide us with the data for the purposes mentioned above, we will not be able to conclude the agreement and we will not be able to develop the contractual relationship based on the agreement. Thus some features of the website/app will remain unavailable within your account.
IX. What happens to your personal data after the cessation of the data processing
The Company processes personal data only for the period necessary to achieve the data processing purposes explained in the above section, while complying with the legal requirements in force. If the Company establishes that it has a legitimate interest or a legal obligation to further process your personal data for other purposes, you will be informed accordingly in this respect.
Once the processing period indicated above expires and the Company no longer has legal or legitimate reasons to process your personal data, the data will be deleted in accordance with its procedures, which may involve archiving, anonymizing or destroying them.
X. External websites
Occasionally, the Company’s Platform may provide references or links to other websites, such as Facebook, LinkedIn, Instagram, Twitter, Pinterest, YouTube, Bitcoin talk, Telegram ("External Websites"). The Company does not control these External Websites third party sites or any of the content contained therein. You agree that the Company is in no way responsible or liable for External Websites referenced or linked from the Company’s Platform, including, but not limited to, website content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to, or arising from those sites.
External Websites have separate and independent privacy policies. The Company encourages you to review the policies, rules, terms, and regulations of each site that you visit. You may review the privacy policies of the above-mentioned websites as follows:
(i) Facebook - https://www.facebook.com/policy.php;
(ii) LinkedIn - https://www.linkedin.com/legal/privacy-policy;
(iii) Instagram - https://help.instagram.com/519522125107875;
(iv) Twitter - https://twitter.com/en/privacy;
(v) Pinterest - https://policy.pinterest.com/en/privacy-policy-2016;
(vi) YouTube - https://policies.google.com/privacy?hl=en;
(vii) Bitcoin talk - https://bitcointalk.org/privacy.php and
(viii) Telegram - https://telegram.org/privacy.
We seek to protect the integrity of the Company’s Platform and welcome any feedback about External Website information provided on the Company’s Platform.
The Company can only process personal data of social media users if they communicate directly with Tokero via such platforms (e.g., posted articles, likes, direct messages, user inquiries, comments, etc.). In such cases, the Company is also responsible for the processing of personal data gathered thereby. In addition to the data processed by us, other providers, in particular operators of social network platforms, also process personal user data. The Company has no influence on this data processing and is not responsible for it - the data processing takes place exclusively in the area of responsibility of such other providers.
If you do not want the above-mentioned websites to associate the use of our online services with the user account, please do not access the respective links on the Company’s Platform.
This processing activity is based on the legitimate interest to allow interaction with stakeholders through different social media platforms.
XI. Automated decision making and automated profiling
XII. Security of the data processing
The Company constantly evaluates and upgrades the security measures implemented to ensure a secure and safe personal data processing. These security measures include, but are not limited to:
- Password protected directories and databases.
- Secure Sockets Layered (SSL) Transport Layer Security (TLS) technology to ensure that your information is fully encrypted and sent across the Internet securely.
- PCI Scanning to actively protect the Company’s servers from hackers and other vulnerabilities.
- All financially sensitive and/or credit information is transmitted via SSL TLS technology and encrypted securely stored in the Company’s database. Only the Company’s authorized personnel are permitted access to your personal data, and these personnel are required to treat the information as highly confidential.
XIII. Data processing of data subjects over 18 years old
The Company does not want, nor intend to collect or process data related to minors. Thus, all personal data processing activities presented in this Policy refer exclusively to individuals who are at least the age of majority in the state of residence (in Romania this age is 18 years). The use of the Platform as well as the services available on the Platform is prohibited for persons who have not reached this age. If, despite our reasonable prevention endeavours, such processing still takes place, we will stop it once we notice that the users have not reached the age mentioned above and such users will be notified as to the fact their accounts cannot be approved while still below the age of majority.
XIV. The data subject’s rights in respect of the data processing
Within the context of the processing of your personal data, you have the following rights:
- The right of access to the processed personal data: you have the right to obtain a confirmation whether or not your personal data are being processed, and, if affirmative, to have access to the type of personal data and to the conditions of processing;
- The right to request the rectification or erasure of personal data: you have the possibility to request the rectification of inaccurate personal data, the supplementation of incomplete data or the erasure of your personal data in case (i) the data are no longer needed for their original purpose (and no new lawful purpose exists), (ii) the lawful basis for the processing is the data subject`s consent, the data subject withdraws that consent, and no other lawful ground exists, (iii) the data subject exercises the right to object and the controller has no overriding grounds for continuing the processing, (iv) the data have been processed unlawfully, (v) erasure is necessary for compliance with EU law or laws fromRomania, or (vi) the data were collected in connection with the information society services offered to children (if the case), where specific requirements regarding consent are applicable;
- The right to request the restriction of processing: you have the right to obtain the restriction of processing in cases where: (i) you consider that the processed personal data are inaccurate, for a period enabling the controller to verify the accuracy of the personal data; (ii) the processing is unlawful, however you don’t want us to erase your personal data, but to restrict the use of data; (iii) in case the data controller no longer needs your personal data for the above-mentioned purposes, but you are requiring the data for establishing, exercising or defending a legal claim or (iv) you have objected to processing pending the verification whether the legitimate grounds of the data controller override those of the data subject;
- The right to withdraw your consentfor processing, at any time, when the processing is based on consent, without affecting the lawfulness of processing undertaken until that moment;
- The right to object to the data processing on grounds relating to your particular situation, when the processing is based on legitimate interest and to object at any moment to the data processing for direct marketing purposes, including profiling, if applicable;
- The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly affects the data subject in a significant manner;
- The right to data portability, meaning the right to receive your personal data, which you provided to the data controller in a structured, commonly used (where such a format exists) and machine-readable format and the right to transfer those data to another controller, if the processing is based on your consent or the performance of a contract and is undertaken by using automatic means;
- The right to file a complaint with the Data Protection Authority (ANSPDCP) and the right to address to the competent courts of law.
The above rights may be exercised at any time. For the purpose of exercising these rights, we encourage you to send a notice in writing, dated and signed or in electronic format, to the address indicated below. Also, if you wish to withdraw your consent, you may send an email to the address indicated in Section IX below or submit a written request in physical format or by mail to the Company’s headquarters.
XV. Contact details
You may address any question using the following contact details: