Privacy Policy

Last revised on January 01, 2025

Introduction

Halo Harbor s.r.o is committed to safeguarding the privacy and personal data of our clients, in accordance with the European Union's Regulation (EU) 2016/679 (GDPR) and other relevant legal requirements, as well as industry best practices. Our Privacy Protection Policy outlines our approach to the processing of personal data, including information that pertains to you directly or indirectly. It also details your rights to privacy and how we aim to protect them.

Terms

Data Subject: A natural person whose personal data is processed.
Controller: A natural or legal person, public institution, agency, or other body that alone or jointly with others determines the purposes and means of personal data processing. Halo Harbor s.r.o, a limited liability company with registration number 21823481 and located at Děčínská 552/1, Střížkov (Praha 8), 180 00 Praha, Czech Republic is the controller. The company's email address is [email protected].
Personal Data: Any information that is or may be relevant to the Data Subject, such as name, surname, personal identification number or identification number, address, telephone number, e-mail address, economic and other actions specific to the Data Subject.
Processing of Personal Data: Any activities we perform with the Data Subject’s Personal Data, such as collecting, registering, organising, structuring, storing, adapting or modifying, retrieving, viewing, using, disclosing, transmitting, distributing or otherwise making available, coordinating or combining, limiting, deleting or destroying.
Terms: These Privacy Protection Policy terms.
Consent: Any consent freely and knowingly provided by the Data Subject by which the Data Subject consents to the Processing of his or her Personal Data for a specific purpose.
Profiling: The use of the Data Subject’s Personal Data to assess the Data Subject’s personal conduct, in particular, by analysing or predicting conduct relating to the Data Subject’s economic situation, personal preferences, interests, reliability, behaviour, location.
Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Third Party: A natural or legal person, public authority, agency or body other than the Data subject, Controller, Processor or persons who, under the direct authority of the Controller or Processor, are authorised to process Personal Data.

Standards for Handling Personal Data

Halo Harbor s.r.o and the Processor(s) process the personal data of the Data Subject in accordance with the GDPR while following these principles:

  • Legality, Integrity, and Transparency: Personal data is processed transparently and in good faith, following the law.
  • Purpose Limitation: Personal data is collected only for specified, explicit, and legitimate purposes and is not further processed in a manner that is incompatible with those purposes.
  • Data Minimisation: Personal data is relevant and includes only the information that is necessary for the purposes of processing.
  • Accuracy: Personal data is accurate and, where necessary, kept up to date. All reasonable steps must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.
  • Restriction on Storage: Personal data is stored in a way that allows the identification of Data Subjects for no longer than is necessary for the purposes for which the relevant Personal Data is processed.
  • Integrity and Confidentiality: Personal data is processed in such a way as to ensure adequate security of Personal Data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage through appropriate technical or organizational measures.

1. Types of Personal Data We Collect

We collect various types of personal data to provide and improve our services. This may include:

  • Contact Information: Your home address, mailing address, phone number, and email address.
  • Identification Data: Your name, surname, personal identification number, date of birth, and details from your identification documents, such as a passport or identity card.
  • Tax Information: Taxpayer number, country of birth, citizenship, and place of tax residence.
  • Communication Data: Information collected through your letters, emails, phone calls (whether recorded or not), and devices/technologies used to communicate.
  • Documented Information: Data stored in physically and electronically accessible documents.
  • Investment and Wallet Data: Information about your investment portfolio and virtual currency wallet, including cryptographic asset flow and balance, incoming and outgoing cryptographic transfers, and virtual currency fees.
  • Financial Knowledge: Details about your education, experience, and expertise in investments.
  • Transaction Data: Information about your transactions within Halo Harbor s.r.o., such as services received, requests, complaints, agreement performance, and similar data.
  • Financial Data: Details about the origin of your funds and assets, accounts, payment documents, financial liabilities, payment discipline, types and value of assets (including financial instruments and transactions), expenses, and income.
  • Economic Activity: Information about your job, employment, commercial or economic activity, business partners, income stability, and other sources of profit.
  • AML and CTF Data: Data for anti-money laundering (AML) and counter-terrorist financing (CTF) purposes, including government-issued photo identification, country of residence, source of funds, source of wealth, data about your assets, place of work, position, nature of your work, and whether you are a politically exposed person (PEP) or related to one.
  • Legal & Compliance Data: Data obtained while performing our legal obligations, including inquiries made by investigative bodies, notaries, tax authorities, bailiff courts, and other state institutions.

2. Reasons for Processing Your Data

We process your personal data for several reasons, ensuring it’s always legal and necessary. These include:

  • Contractual Obligations: To enter into and perform contracts with you, such as providing our services.
  • Legal Obligations: To comply with laws and regulations.
  • Consent: When you’ve given explicit and unambiguous permission.
  • Legitimate Interests: To safeguard our legitimate interests or those of third parties, such as improving our services, maintaining security, and balancing these interests against your right to privacy.

3. Legal Basis for Data Processing

Our data processing activities are based on the following legal grounds:

  • Service Provision: Identifying you, assessing product relevance, advising on digital payments, improving service quality, and managing customer relationships.
  • Marketing: Conducting marketing activities based on your consent.
  • Legal Compliance: Meeting legal obligations, such as anti-money laundering regulations and reporting to public authorities.
  • Financial Management: Fulfilling solvency, accounting, and auditing requirements.
  • Security and Compliance: Preventing and detecting violations of the law, processing inquiries, and complaints related to our services.

4. How We Obtain Your Data

We collect your personal data through various channels, ensuring accuracy and relevance:

  • Direct Provision: You provide data directly when you submit applications, communicate with us, or use our services.
  • Third-Party Sources: We may receive data from partners, public databases, law enforcement agencies, identity verification services, payment providers, and fraud prevention organizations.
  • Public Sources: We might collect information from publicly accessible sources or third-party entities involved in verification or compliance activities.

5. Automated Decision-Making and Profiling

We may use automated decision-making and profiling to enhance our services:

  • Service Customization: Tailoring services and offers based on your preferences and needs.
  • Risk Evaluation: Assessing risks to ensure compliance and security.

6. Data Retention

The duration of personal data storage depends on various factors, including the need to fulfill our obligations, protect our interests, and comply with legal requirements. For instance, data related to anti-money laundering is kept for up to 5 years. If justified, data may be retained longer.

7. Your Rights Regarding Personal Data

You have several rights concerning your personal data, including:

  • Access: Obtain information about the data we hold about you.
  • Rectification: Correct any inaccurate or incomplete data.
  • Erasure: Request the deletion of data that is no longer needed.
  • Restriction: Limit the processing of your data under certain conditions.
  • Portability: Receive your data in a digital format and transfer it to another controller.
  • Objection: Object to the processing of your data, particularly for direct marketing or based on our legitimate interests.

To exercise your rights, contact us at [email protected]. We’ll respond within one month, which can be extended by two months if necessary. We may request verification of your identity for security purposes.

8. Data Security

We implement various measures to protect your personal data, including:

  • Organizational Measures: Training for employees and strict internal policies.
  • Physical Measures: Secure facilities and access controls.
  • Technological Measures: Encryption, secure IT systems, and regular security assessments.

9. Sharing Your Data

We may share your personal data with:

  • Service Providers: Third parties providing services on our behalf, such as identity verification, website hosting, payment processing, fraud prevention, accounting, and auditing.
  • Law Enforcement and Regulatory Authorities: When required by law or legal process.
  • Business Partners: Involved in your transactions or service delivery.

All third parties are required to protect your data and use it only for specified purposes.

10. Requests and Contact

For any requests or inquiries about your personal data, please contact us via email at [email protected]. We aim to respond promptly, typically within one month. In cases of excessive or unfounded requests, we may charge a reasonable fee based on administrative costs.

11. Updates to This Privacy Policy

We may periodically review and update this Privacy Policy to reflect changes in our practices or legal requirements. The latest version will always be available on our website (haloharbor.exchange), with the "Last Revised Date" indicating the date of the latest modifications. Significant changes will be communicated to you through your provided contact information. By continuing to use our services after any updates, you accept the revised Privacy Policy.