AML/KYC Privacy Notice
AML/KYC Privacy Notice
Wibanx sp.z.o.o t/a Cryptobanx COMPLIANCE PRIVACY NOTICE
This Privacy Notice informs customers about how their personal data is processed during the implementation of Know Your Customer (KYC), Anti-Money Laundering (AML), and Countering Financing of Terrorism (CFT) procedures.
This Privacy Notice should be read in conjunction with any other policies and terms & conditions in place between the customer and Wibanx sp.z.o.o.
1. The Data Controller: Wibanx sp.z.o.o (hereinafter – “the Company”), incorporated and registered in Poland with company number 0001098852, whose registered office is at
116 /52 UL. PIOTRKOWSKA, LODZ, 90-006, POLAND.
Web address: www.cryptobanx.com
2. Personal data processing purpose: customers’ personal data are collected and processed in accordance with the legal obligation of the Company, based on Anti-Money Laundering and Combating the Financing of Terrorism Legislation (hereinafter – “AML/CFT legislation”), to indicate possible criminal acts such as money laundering and terrorist financing, as well as reduce AML/CFT risks.
3. Legal basis for personal data processing: customers’ personal data are lawfully processed in accordance with AML/CFT legislation and for compliance with AML/CFT-related legal obligations to which the Company is subject, as well as for the performance of a task carried out in the public interest.
4. Delegation of data processing by the Company: The Company uses Sum and Substance Ltd, incorporated and registered in London, England with company number 09688671 as the data processor to process data in accordance with the personal data processing purpose. The Company shares collected personal data with the data processor based on a respective agreement to carry out personal data processing in line with our instructions and applicable law. For the performance of a task carried out in the public interest and compliance with AML/ CFT-related legal obligations to which the Company is subject, customers’ personal data may be disclosed to appropriate authorities or bodies.
5. The processing activity in line with this Privacy Notice may include the following categories of personal data:
◦ general personal data, such as full name, sex, personal identification code or number, date of birth, legal capacity, nationality and citizenship, location (street, city, country, postcode);
◦ identity document data, such as document type, issuing country, number, expiry date, MRZ, information embedded into document barcodes (may vary depending on the document), security features;
◦ facial image data, such as photos of face (including selfie images) and photo or scan of face on the identification document, videos, sound recordings;
◦ biometrical data such as facial features;
◦ banking details, such as card holder name, expiry date, first 6 and last 4 digits of the card number, data extracted from documents provided as proof of source of funds/ wealth;
◦ contact details, such as address, e-mail address, phone number, IP address;
◦ technical data, including, but not limited to, information regarding the date, time and activity in the Services; IP address and domain name; software and hardware attributes (e.g., camera name and type); general geographic location (e.g., city, country) from Data Subject’s device;
◦ unique identifier (Applicant ID) created only for association Data Subject’s and its personal data inside the Informational System;
◦ relevant publicly available data, such as information regarding a person being a Politically Exposed Person (PEP) or included in sanctions lists;
◦ personal information that the Data Processor has received from the Controller, such as contact details;
◦ personal information additionally provided by Data Subjects, such as data obtained during their communications with the Data Processor, namely requests, reports.
6. Personal data processing methods: personal data are processed by means of automated text extraction, verification of authenticity/validity, and other automated methods of processing photos and scanned copies of documents. Personal data processing includes the following processing activities: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission to the Data Controller and data processors, dissemination or otherwise making available for the performance of a task carried out in the public interest or in the exercise of official authority, transfer (including cross-border transfer, where necessary), alignment or combination, restriction, erasure and destruction. The Company may check customers’ personal data against personal data in multiple databases, including International Politically Exposed Persons (PEPs), Sanctions, Country- Specific Sanctions Lists, Criminal Lists, and Financial Lists. The Company may also review media information about their customers.
7. Personal data transfers: when transferring customers’ personal data outside the EEA/the UK area, the Company relies on Adequacy Decision and the appropriate safeguards.
8. Retention period: customers’ personal data is kept for the period indicated in the national AML/CFT legislation of the Company. The retention period, established by the AML/CFT legislation, begins either at the end of the relationship between the customer and the Company or upon an accidental transaction.
The Company guarantees the following rights to customers:
◦ The right to access your data and to obtain confirmation by the Company that customer data is being processed;
◦ The right to obtain from the Company without undue delay the rectification of inaccurate personal data concerning the customer, including the right to incomplete personal data completed, including by means of providing a supplementary statement;
◦ The right to erasure, if one of the following grounds applies:
(i) the personal data are no longer necessary in relation to the purposes for which it was collected or otherwise processed;
(ii) the customer objects to the processing and there are no overriding legitimate grounds for the processing;
(iii) the personal data have been unlawfully processed;
◦ The right to restriction of processing, if one of the following applies:
◦ (i) the customer contests the accuracy of the personal data (for a period enabling the Company to verify the accuracy of the personal data);
◦ (ii) the processing is unlawful and the customer opposes the erasure of the personal data and requests the restriction of its use instead;
◦ (iii) the Company no longer needs the personal data for the purposes of the processing, but it is required by the customer for the establishment, exercise or defence of legal claims;
◦ (iv) the customer has objected to processing pending the verification of whether the Company’s legitimate grounds override those of the customer;
◦ The right to data portability when the mandatory retention period, established in AML/CFT legislation, ends;
◦ The right to lodge a complaint with the supervisory data protection authority;
10. Automated decision-making: the Company’s customers are not subject to automated decision-making. Automated means are used to collect personal data and could be used to analyse collected information.
11. Contact details regarding the AML/KYC Privacy Notice:
Wibanx sp.z.o.o t/a cryptobanx, 116 /52 UL. PIOTRKOWSKA, LODZ, 90-006, POLAND
Email for data privacy questions: compliance@cryptobanx.com
Tel: +44 20 3287 0676
Wibanx sp.z.o.o - AML/KYC Compliance Privacy Notice V1.0
Last Updated 02/05/2024
Wibanx sp.z.o.o t/a Cryptobanx COMPLIANCE PRIVACY NOTICE
This Privacy Notice informs customers about how their personal data is processed during the implementation of Know Your Customer (KYC), Anti-Money Laundering (AML), and Countering Financing of Terrorism (CFT) procedures.
This Privacy Notice should be read in conjunction with any other policies and terms & conditions in place between the customer and Wibanx sp.z.o.o.
1. The Data Controller: Wibanx sp.z.o.o (hereinafter – “the Company”), incorporated and registered in Poland with company number 0001098852, whose registered office is at
116 /52 UL. PIOTRKOWSKA, LODZ, 90-006, POLAND.
Web address: www.cryptobanx.com
2. Personal data processing purpose: customers’ personal data are collected and processed in accordance with the legal obligation of the Company, based on Anti-Money Laundering and Combating the Financing of Terrorism Legislation (hereinafter – “AML/CFT legislation”), to indicate possible criminal acts such as money laundering and terrorist financing, as well as reduce AML/CFT risks.
3. Legal basis for personal data processing: customers’ personal data are lawfully processed in accordance with AML/CFT legislation and for compliance with AML/CFT-related legal obligations to which the Company is subject, as well as for the performance of a task carried out in the public interest.
4. Delegation of data processing by the Company: The Company uses Sum and Substance Ltd, incorporated and registered in London, England with company number 09688671 as the data processor to process data in accordance with the personal data processing purpose. The Company shares collected personal data with the data processor based on a respective agreement to carry out personal data processing in line with our instructions and applicable law. For the performance of a task carried out in the public interest and compliance with AML/ CFT-related legal obligations to which the Company is subject, customers’ personal data may be disclosed to appropriate authorities or bodies.
5. The processing activity in line with this Privacy Notice may include the following categories of personal data:
◦ general personal data, such as full name, sex, personal identification code or number, date of birth, legal capacity, nationality and citizenship, location (street, city, country, postcode);
◦ identity document data, such as document type, issuing country, number, expiry date, MRZ, information embedded into document barcodes (may vary depending on the document), security features;
◦ facial image data, such as photos of face (including selfie images) and photo or scan of face on the identification document, videos, sound recordings;
◦ biometrical data such as facial features;
◦ banking details, such as card holder name, expiry date, first 6 and last 4 digits of the card number, data extracted from documents provided as proof of source of funds/ wealth;
◦ contact details, such as address, e-mail address, phone number, IP address;
◦ technical data, including, but not limited to, information regarding the date, time and activity in the Services; IP address and domain name; software and hardware attributes (e.g., camera name and type); general geographic location (e.g., city, country) from Data Subject’s device;
◦ unique identifier (Applicant ID) created only for association Data Subject’s and its personal data inside the Informational System;
◦ relevant publicly available data, such as information regarding a person being a Politically Exposed Person (PEP) or included in sanctions lists;
◦ personal information that the Data Processor has received from the Controller, such as contact details;
◦ personal information additionally provided by Data Subjects, such as data obtained during their communications with the Data Processor, namely requests, reports.
6. Personal data processing methods: personal data are processed by means of automated text extraction, verification of authenticity/validity, and other automated methods of processing photos and scanned copies of documents. Personal data processing includes the following processing activities: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission to the Data Controller and data processors, dissemination or otherwise making available for the performance of a task carried out in the public interest or in the exercise of official authority, transfer (including cross-border transfer, where necessary), alignment or combination, restriction, erasure and destruction. The Company may check customers’ personal data against personal data in multiple databases, including International Politically Exposed Persons (PEPs), Sanctions, Country- Specific Sanctions Lists, Criminal Lists, and Financial Lists. The Company may also review media information about their customers.
7. Personal data transfers: when transferring customers’ personal data outside the EEA/the UK area, the Company relies on Adequacy Decision and the appropriate safeguards.
8. Retention period: customers’ personal data is kept for the period indicated in the national AML/CFT legislation of the Company. The retention period, established by the AML/CFT legislation, begins either at the end of the relationship between the customer and the Company or upon an accidental transaction.
The Company guarantees the following rights to customers:
◦ The right to access your data and to obtain confirmation by the Company that customer data is being processed;
◦ The right to obtain from the Company without undue delay the rectification of inaccurate personal data concerning the customer, including the right to incomplete personal data completed, including by means of providing a supplementary statement;
◦ The right to erasure, if one of the following grounds applies:
(i) the personal data are no longer necessary in relation to the purposes for which it was collected or otherwise processed;
(ii) the customer objects to the processing and there are no overriding legitimate grounds for the processing;
(iii) the personal data have been unlawfully processed;
◦ The right to restriction of processing, if one of the following applies:
◦ (i) the customer contests the accuracy of the personal data (for a period enabling the Company to verify the accuracy of the personal data);
◦ (ii) the processing is unlawful and the customer opposes the erasure of the personal data and requests the restriction of its use instead;
◦ (iii) the Company no longer needs the personal data for the purposes of the processing, but it is required by the customer for the establishment, exercise or defence of legal claims;
◦ (iv) the customer has objected to processing pending the verification of whether the Company’s legitimate grounds override those of the customer;
◦ The right to data portability when the mandatory retention period, established in AML/CFT legislation, ends;
◦ The right to lodge a complaint with the supervisory data protection authority;
10. Automated decision-making: the Company’s customers are not subject to automated decision-making. Automated means are used to collect personal data and could be used to analyse collected information.
11. Contact details regarding the AML/KYC Privacy Notice:
Wibanx sp.z.o.o t/a cryptobanx, 116 /52 UL. PIOTRKOWSKA, LODZ, 90-006, POLAND
Email for data privacy questions: compliance@cryptobanx.com
Tel: +44 20 3287 0676
Wibanx sp.z.o.o - AML/KYC Compliance Privacy Notice V1.0
Last Updated 02/05/2024
Company
Copyright © 2024 Wibanx sp.z.o.o, trading as CryptoBanx. Address: 116/52 UL PIOTRKOWSKA, ŁÓDŹ, 90-006, POLAND. Registration: 0001098852, VASP Authorization: RDWW-1277.
Company
Copyright © 2024 Wibanx sp.z.o.o, trading as CryptoBanx. Address: 116/52 UL PIOTRKOWSKA, ŁÓDŹ, 90-006, POLAND. Registration: 0001098852, VASP Authorization: RDWW-1277.
Reach Out Today For Assistance
Company
Copyright © 2024 Wibanx sp.z.o.o, trading as CryptoBanx. Address: 116/52 UL PIOTRKOWSKA, ŁÓDŹ, 90-006, POLAND. Registration: 0001098852, VASP Authorization: RDWW-1277.
Company
Copyright © 2024 Wibanx sp.z.o.o, trading as CryptoBanx. Address: 116/52 UL PIOTRKOWSKA, ŁÓDŹ, 90-006, POLAND. Registration: 0001098852, VASP Authorization: RDWW-1277.