Stealthex is committed to protecting and respecting your privacy. StealthEx Ltd, a limited company with a registered number 105029, having its registered office at Trust Company Complex, Ajeltake Road, Ajeltake Island, Majuro, Marshall Islands MH96960 (“we”, “us”, “our”) wants to tell you how we use and protect your personal information. This document among others includes information regarding to your rights and personal data that we hold.
The Laws and Regulations We Are in Compliance With
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”).
Stealthex.io may change this notice from time to time in the future. Any such changes will be posted here and, where appropriate, notified to you in writing. We advise you to check back frequently to see any updates or changes.
Principles of Stealthex.io is Devoted to
- Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless informed legal consent from you have received.
- Personal data shall be obtained for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under this Act. Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Background to the General Data Protection Regulation (‘GDPR’)
The General Data Protection Regulation 2016 replaces the EU Data Protection Directive of 1995 and supersedes the laws of individual Member States that were developed in compliance with the Data Protection Directive 95/46/EC. Its purpose is to protect the “rights and freedoms” of natural persons (i.e. living individuals) and to ensure that personal data is not processed without their knowledge, and, wherever possible, that it is processed with their consent.
Material scope (Article 2) ‑ the GDPR applies to the processing of personal data wholly or partly by automated means (i.e. by computer) and to the processing other than by automated means of personal data (i.e. paper records) that form part of a filing system or are intended to form part of a filing system.
Territorial scope (Article 3) ‑ the GDPR will apply to all controllers that are established in the EU (European Union) who process the personal data of data subjects, in the context of that establishment. It will also apply to controllers outside of the EU that process personal data in order to offer goods and services, or monitor the behaviour of data subjects who are resident in the EU.
Data controller ‑ the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data subject ‑ any living individual who is the subject of personal data held by an organisation.
Processing ‑ any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling ‑ is any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person, or to analyse or predict that person’s performance at work, economic situation, location, health, personal preferences, reliability, or behavior. This definition is linked to the right of the data subject to object to profiling and a right to be informed about the existence of profiling, of measures based on profiling and the envisaged effects of profiling on the individual.
Personal data breach ‑ a breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. There is an obligation on the controller to report personal data breaches to the supervisory authority and where the breach is likely to adversely affect the personal data or privacy of the data subject.
Data subject consent - means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.
Child ‑ the GDPR defines a child as anyone under the age of 16 years old, although this may be lowered to 13 by Member State law. The processing of personal data of a child is only lawful if parental or custodian consent has been obtained. The controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child.
Third party ‑ a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Filing system ‑ any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
Date «8» June, 2020
StealthEx Ltd is committed to compliance with data protection laws and this policy sets out our personal information gathering and sharing practices (the, “Website”, “Platform”) and the services we provide to Customers (the, “You”, “Your”, etc.).
1. Data Controller
1.1 This policy applies where we are acting as a data controller with respect to your personal data and therefore determine the purposes and means of the processing of that personal data.
1.3 Our website incorporates privacy controls you can use to specify whether you would like to receive commercials, limit the publication or any other use of your information. You can access the privacy controls via www.stealthex.io.
1.4 In this policy, "we", "us" and "our" refer to StealthEx Ltd .
1.5 Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information. You can access the privacy controls via www.stealthex.io.
2. Personal Data We Use, Purposes and Legal Grounds
2.1 In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
2.2 Please do not supply any other person's personal data to us, unless we prompt you to do so.
2.3 Information used:
|Type of information||Purpose||Legal basis of processing|
|Data about your use of our website.|
IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation paths, timing, frequency, pattern of your service use, language settings, domain name you connected to us
|To analyse the work of website and services.||Legitimate interests in monitoring and improving our website and services|
Your name, ID, IP address, email address, gender, date of birth, phone number, country of residence, passwords, information on the currency in your account on our website, bank information.
|Provision of our services to you and complying with KYC and AML obligations.||Performance of a contract between you and us.|
Your transaction details (e.g. Client’s Address).
|The transaction data may be processed for the purpose of payments and keeping proper records of those transactions in accordance with the applicable laws.||Performance of a contract between you and us.|
Any data we may request to identify for AML/KYC purposes.
|The inquiry data may be processed for the purposes of fulfilment of our KYC and AML obligations. The proper performance of our payment obligation to you||Performance of a contract between you and us.|
|Notification data.||The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters.||Legitimate interest|
The communication content that you send to us or we send to you and metadata associated with it.
|The proper performance of our contractual obligation before you. If you decide to contact us in accordance with the contract.||Performance of a contract between you and us.|
|Email, Phone number, your name, IP||We may use this data for the purposes of sending you the relevant notifications and/or newsletters or new commercial offers of our services you may be interested in.||Legitimate interest in providing to you with the services you might order.|
|Any of your personal data identified in this policy.||Exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure, the protection and assertion of our legal rights, your legal rights and the legal rights of others.||Legitimate interest in protection and assertion of our legal rights, your legal rights and the legal rights of others.|
|Any of your personal data identified in this policy||The obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice.||Legitimate interest in proper protection of our business against risks.|
3. Information We May Provide to Third Parties and Automated decision-making
3.1 We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
3.2 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
3.3 Financial transactions relating to our website and services may be handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
4. You Have the Following Rights
|The right to access.||You have the right to access your information being processed under our control. Please contact us via email [email protected] if you would like to inquire as to information we hold.|
|The right to rectification.||If the information StealthEx Ltd holds about you is inaccurate or not complete, you have the right to request us to rectify it. If that data has been transferred to a third party with your consent or for legal reasons, then we must also request them to rectify the data. You may contact us via [email protected] to rectify this information.|
|The right to erasure (The right to be forgotten).||If you want StealthEx Ltd to erase all your personal data and we are not obliged to continue to process and hold it, please contact us via [email protected]|
|The right to restrict processing.||You may request StealthEx Ltd to restrict the way we process your data. This means we are permitted to store the data but not further process it. If you want us to restrict processing of your data, please contact us via [email protected].|
|The right to data portability.||StealthEx Ltd provide you with a right to obtain and reuse your personal data for your own purposes across services in a safe and secure way without this effecting the usability of your data. It allows you to move, copy or transfer personal data easily from one company (IT environment) to another in a safe and secure way.|
|The right to object.||You have the right to object StealthEx Ltd to processing your data even if it is based on our legitimate interests, the exercise of official authority, direct marketing (including data aggregation), and processing for the purposeless of statistics. If you wish to object, please contact us via [email protected]|
|The right to withdraw consent.||You have the right to withdraw your consent at any time, and StealthEx Ltd must stop processing your data. If you want to withdraw your consent, please contact us via [email protected].|
|The right to complain to a Supervisory Authority.||You have the right to complain to the supervisory authority if you believe that StealthEx Ltd has not responded to your requests or solved a problem.|
5. International Transfers of Your Personal Data
5.1 Our subcontractors, advisers are situated in the countries the European Commission has made an adequacy decision with respect to the data protection laws of each of these countries.
6. Retaining and Deleting Personal Data
6.1 Personal data that we process for purposes we have specified in paragraph 2 shall not be kept for longer than is necessary for that purpose or those purposes.
6.2 We will retain your personal information for as long as is necessary for the processing purpose(s) for which it was collected and any other permitted linked purpose (for example certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data).
6.3 If information is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period one that period expires.
6.4 We restrict access to your personal information to those persons who need to use it for the relevant purpose(s). Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised (and the anonymised information may be retained) or securely destroyed.
6.5 In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the need of such information for particular purpose.
6.6 If we retained the data we will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by updating your details on the Platform or by contacting us.
7.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
7.2 Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
7.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
7.5 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version.
7.6 If you block cookies, you will not be able to use all the features on our website.
8. Security Over The Internet
8.1 No data transmission over the Internet or website can be guaranteed to be secure from intrusion; any transmission is at your own risk. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.
8.2 All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
9. Security of personal data
9.1 We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data.
9.2 We will store all your personal data on secure servers, personal computers and mobile devices, and in secure manual record-keeping systems.
9.3 The following personal data will be stored by us in encrypted form: your name, contact information, password(s) and cardholder data.
9.4 Data relating to your enquiries and financial transactions that is sent from your web browser to our web server, or from our web server to your web browser, will be protected using encryption technology.
9.5 You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
9.6 You should ensure that your password is not susceptible to being guessed, whether by a person or a computer program. You are responsible for keeping the password you use for accessing our website confidential and we will not ask you for your password (except when you log in to our website).
10.1 This policy applies to all Employees/Staff and interested parties of StealthEx Ltd such as outsourced suppliers. Any breach of the GDPR or this Policies may also be a criminal offence, in which case the matter will be reported as soon as possible to the appropriate authorities.
10.2 Compliance with data protection legislation is the responsibility of all Employees/Staff of StealthEx Ltd who process personal data.
10.3 Partners and any third parties working with or for StealthEx Ltd, and who have or may have access to personal data, will be expected to have read, understood and to comply with this policy. No third party may access personal data held by StealthEx Ltd without having first entered into a data confidentiality agreement, which imposes on the third party obligations no less onerous than those to which StealthEx Ltd is committed, and which gives us the right to audit compliance with the agreement.
10.4 Employees/Staff of StealthEx Ltd are responsible for ensuring that any personal data about them and supplied by them to StealthEx Ltd is accurate and up-to-date. All Employees/Staff are responsible for ensuring that any personal data that StealthEx Ltd holds and for which they are responsible, is kept securely and is not under any conditions disclosed to any third party unless that third party has been specifically authorised by us to receive that information and has entered into a confidentiality agreement.
10.5 All personal data should be accessible only to those who need to use it.
10.6 Care must be taken to ensure that PC screens and terminals are not visible except to authorised Employees/Staff of StealthEx Ltd.
11. Personal data of children
11.1 Our website and services are targeted at persons over the age of 13.
11.2 If we have reason to believe that we hold personal data of a person under that age in our databases, we will delete that personal data.
12.1 We may update this policy from time to time by publishing a new version on our website.
12.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
12.3 We may notify you of changes to this policy by email or through the private messaging system on our website.
13.3 This website is owned and operated by Stealthex.io.
13.4 Our principal place of business is at the Majuro, Marshall Islands.
13.5 You can contact us:
(a) by e-mail: [email protected]