The protection of our Users Personal Data is paramount to Io FinNet Group, Inc, we are committed to transparency and accountability in how we process your data and comply with global data protection standards, including GDPR. This Privacy Policy for Io FinNet Group, Inc., a Delaware corporation having its principal place of business at 4208 Six Forks Rd., 10th Floor, Raleigh, NC, 27609, United States of America (“Io.Finnet”, “Company”, “we”, “us” or “our”), describes how and why we might collect, store, use and/or share (“Process”) Users Personal Data when Users use our software products (the “Software Product(s)”).
Io.finnet undertakes to comply with European regulations on the protection of Personal Data, in particular the General Data Protection Regulation (EU) of April 27, 2016 (“GDPR”) as well as any local data privacy law applicable to the Processing.
Io.finnet has a team dedicated to the protection of Personal Data, including a Data Protection Officer, a security team and a legal team. As a User of the Software Products, please take the time to read and understand this Privacy Policy, it will help you understand your privacy rights and choices. If you, as a User, do not agree with our policies and practices, please do not use our Software Products. If you, as a User, still have questions or want to make use of your privacy rights, please contact us at privacy@iofinnet.com.
2. Definitions
Capitalized terms set out below, including those in the preamble of the Privacy Policy, shall have the following meaning:
“Controller”, “Processing” and “Supervisory Authority” shall have the meaning assigned to them in Article 4 of the GDPR.
Data Protection Law(s): means (i) the EU General Data Protection Regulation 2016/679 (“GDPR”), (ii) the e-Privacy Directive 2002/58/EC (“e-Privacy Directive”), and any further applicable legislation replacing the e-Privacy Directive and/or the GDPR; (iii) any data protection law, statute or regulation of a European Union (“EU”) Member State, which may apply to one of the Parties pursuant to its data Processing activities or its establishment within the EU and (iv) any guidelines or opinion adopted by the European Data Protection Board (“EDPB”) as to interpret the application of GDPR and the e-Privacy Directive (v) the decisions of the Supervisory Authority or the judicial or administrative courts of an EU Member State which are binding on one of the Parties by way of its data Processing activities or its establishment within the EU; and (vi) the decisions rulings adopted by the Court of Justice of the European Union (CJEU) or the European Court of Human Rights (ECHR) regarding Personal Data and privacy protection and freedom of speech or freedom of information; and (vii) any applicable local data protection regulation to the processing.
Personal Data: shall have the meaning assigned to them in Article 4 of GDPR.
Privacy Policy: refers to the hereby privacy policy to inform Users of the commitments taken by Io.finnet to protect Users Personal Data when they use the Software Products.
Purpose(s): refers to the main purpose(s) for the use of Personal Data.
Software Product(s): refers to one or all of the software products and attached services provided by Io.finnet.
User or Users: means an individual user who is using the Software Products or all the Users of the Software Products.
User(s) Account: refers to the User(s) account(s) created by the User(s) to gain access to the Product.
3. What is personal data?
Personal Data is any information relating to an identified or identifiable natural person (“Data Subject”). To qualify as a Data Subject, one has to be identifiable, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4. Purpose of this Privacy Policy
This Privacy Policy explains:
• how io.finnet collects, uses and shares Users Personal Data when they use the Software Products; • how io.finnet protects and ensures the security, integrity and confidentiality of Users Personal Data; • what information Io.finnet receives from third-parties and what information Io.finnet shares with third-parties; • what Users privacy rights are, and how they can exercise them.
The following guiding principles are applied by io.finnet so as to protect Users Personal Data:io.finnet does not collect any more Personal Data than is necessary; • io.finnet only uses Users Personal Data for the purposes specified in this Privacy Policy, unless Users agree otherwise; • io.finnet does not keep Users Personal Data if it is no longer needed; and other than as we specify in this Privacy Policy, Io.finnet does not share Users Personal Data with third parties. • io.finnet does not rent or sell Users Personal Data to third parties. • io.finnet does not keep Users Personal Data if it is no longer needed; and other than as we specify in this Privacy Policy, Io.finnet does not share Users Personal Data with third parties. • io.finnet does not rent or sell Users Personal Data to third parties.
5. Who collects Personal Data
Io.finnet is a Controller for the Processing described in Section 7 of this Privacy Policy as relates Io.vault and Io.network;
Io.finnet is a Processor for the Processing described in Section 7 of this Privacy Policy as relates Io.flow.
6. What Personal Data is collected
Io.finnet collects Personal Data from Users. Personal Data of Users processed by Io.finnet is collected through different channels.
Io.finnet may collect the following Personal Data:
Across the Dashboard (Io.vault, Io.flow, Io.network and dApps):
Io.finnets collects certain categories of data across all products (Io.vault, Io.flow, Io.network and dApps) for the general functioning, improvement and security of the services. These include:
Account data
User Account credentials: User ID, email, password hash
User personal information: first and last name, phone number, email address, residential address, nationality
User settings: newsletter preferences, language, protocols, notification setting, country
Technical data
User Device information (type of device, IP address, unique identifier, device model, operating system and version, browser used, cookies or similar technologies, system language);
Information about User usage (IP address, connection date and time, pages visited);
Data about User internet connection (notably connection type).
Usage data
User activity logs and interaction data: session durations, content accessed, frequency and scope of use;
Analytics information interaction patterns (e.g., clicks, navigation paths, scrolling behavior) collected via third-party analytics providers.
For Io.vault:
Network identifiers and Transaction Information
Public Keys. Using Secure Multi-Party Computation (MPC), multiple shares are created that together can be used to perform the functionality of a private key, these shares are stored in encrypted format locally on the Users Devices and are never shared with Io.finnet. What is shared with Io.finnet is the public keys to which these private shares correspond.
Information on all transactions connected to these public keys created through (notably time of transaction, date of transaction, amount of transaction, USD value of transaction, sender’s public address, recipient’s public address);
Support ticket/inquiry data
Details regarding support tickets/inquiry (date, time, subject and content of tickets)
Content of exchanges with agents (emails, chat)
Any other data that may be necessary to resolve tickets/inquiry
Fraud Detection Data
Transaction details collected for fraud prevention, such as sender and recipient wallet addresses, transaction amounts, timestamps, and USD values, as facilitated by third-party security providers;
User identifiers: IP addresses, wallet addresses, behavioral patterns for security analysis.
Subscription data / order data
Invoices, credit notes, and other administrative documents;
Payment details (SSI, payment method, transaction date and time, currency, amount paid);
Contact information (first name, last name, email, phone number);
Billing address (street, city, postal code, country);
Order details.
For Io.network:
In addition to the data collected across the dashboard, Io.network processes the following data categories for its specific operations (please note that this data is collected on top of the data listed under Io.vault, as Io.network leverages on Io.vault for its operations).
Support ticket/inquiry data
Details regarding support tickets/inquiry (date, time, subject and content of tickets);
Content of exchanges with agents (emails, chat);
Any other data that may be necessary to resolve tickets/inquiry.
Subscription data / order data
Invoices, credit notes, and other administrative documents;
Payment details (SSI, payment method, transaction date and time, currency, amount paid);
Contact information (first name, last name, email, phone number);
Billing address (street, city, postal code, country);
Order details.
For Io.flow:
Transaction Data
Underlying Client personal information (first and last name, physical address, SSI, payment method, transaction date and time, currency, amount);
Transaction details: method, transaction date and time, currency and amount.
Support ticket/inquiry data
Details regarding support tickets/inquiry (date, time, subject and content of tickets);
Content of exchanges with agents (emails, chat);
Any other data that may be necessary to resolve tickets/inquiry;
Subscription Data / Order Data
User Invoices, and other administrative documents;
User Payment details (SSI, payment method, transaction date and time, currency, amount paid);
User Contact information (first name, last name, email, phone number);
User Billing address (street, city, postal code, country);
User Commission Report.
7. Why we process your personal data
Io.finnet processes Personal Data for multiple purposes. Depending on the purposes, Processing can be based on (i) the legitimate interests pursued by Io.finnet, (ii) on contractual obligations, or (iii) because Users gave their consent.
Io.finnet processes Personal Data for the following Purposes and based on the following legal basis:
PURPOSE N°1: DELIVER THE SOFTWARE PRODUCTS
Processing
To set up, configure and manage Users accounts;
To provide Users with the features and functionalities of the Software Products;
To send Users administrative notifications (if Users enable them) related to the function of the Software Products.
Legal Basis
The legal basis for this processing is “necessary for the performance of a contract and/or to fulfill its legal obligations”
PURPOSE N°2: TO MANAGE USER TICKETS (FEEDBACK/ COMPLAINTS/ QUESTIONS) WITH CUSTOMER SUPPORT SERVICES FOR THE SOFTWARE PRODUCTS
Processing
To manage the feedback, complaints and issues from Users;
To transfer a data privacy request to the privacy team;
To improve the quality and speed of customer care provided by Io.finnet to its Users.
Legal Basis
The legal basis for this processing is “necessary for the performance of a contract and/or to fulfill its legal obligations”.
The legal basis for this processing is “necessary to fulfill its legal obligations”.
The legal basis for this processing is the legitimate interest of the company to provide their services.
PURPOSE N°3: TO MANAGE PAYMENTS FOR THE SOFTWARE PRODUCTS
Processing
To process payments when clients subscribe to the Software Products;
To fulfill Io.finnet’s accounting and legal obligations
Legal Basis
The legal basis for this processing is “necessary for the performance of a contract or to fulfill its legal obligations such as fiscal law and regulations”.
The legal basis for this processing is “necessary to fulfill its legal obligations such as fiscal law and regulations”
PURPOSE N°4 : TO IMPROVE AND MONITOR THE SOFTWARE PRODUCTS
Processing
To improve the Software Products and develop new features;
To send surveys to Users to gather experience and optimize the Software Products;
For statistical purposes in order to optimize the Software Products, including: -Analyzing user interactions to optimize features and address usability challenges; -Generating statistical insights to inform product development and improve user experience.
Legal Basis
The legal basis for this processing is Io.finnet’s legitimate interest to deliver the best possible services on the Software Products
The legal basis for this processing is Io.finnet’s legitimate interest to deliver the best possible services on the Software Products
The legal basis for this processing is Io.finnet’s legitimate interest to deliver the best possible services on the Software Products.
PURPOSE N°5: TO SECURE THE SOFTWARE PRODUCTS AND PREVENT FRAUD
Processing
To ensure the security, confidentiality, integrity and availability of the Software Products. This includes: -Leveraging third-party solutions to detect, prevent and address security incidents or fraudulent activities; -Investigating and mitigating potential risks to user accounts, transactions and system integrity
Legal Basis
The legal basis for this processing is Io.finnet’s legitimate interest in maintaining secure and fraud-free operations and our compliance applicable Data Protection Laws.
PURPOSE N°6: TO IMPROVE THE RELATIONSHIP WITH THE CLIENT
Processing
To maintain a good business relationship with clients by organizing contests, loyalty programs, sponsorship, and grant discounts to clients.
Legal Basis
The legal basis for this processing is Io.finnet’s legitimate interest to deliver the best possible services through the Software Products.
8. HOW WE SHARE USERS PERSONAL DATA
Internal Use: Personal Data of Users may be processed by the employees of Io.finnet (within the limits of their respective attributions) and its subsidiaries and group companies, exclusively in order to achieve the purposes of this Privacy Policy.
External Use: Io.finnet may share Personal Data (only if appropriate and to the extent permitted by the applicable laws) with the following categories of third parties:
Technical Suppliers • Cloud services and storage suppliers (including but not limited to AWS) • For hosting and data storage purposes • Networking and telecommunication suppliers • To enable connectivity and communication • Maintenance suppliers & security services suppliers • Including Blockaid, which is used for fraud detection and transaction security by analyzing certain data (e.g., IP address, device information) to identify and mitigate risks • Usage Data Analysis suppliers • Including Fullstory, which collects pseudonymized interaction data (e.g., clicks, navigation paths), used solely for analytical purpose on the user experience and to improve the usability of our the services.
Payment processors • Io.finnet’s banks, as may be required by the banks themselves to justify origin of payment to Io.finnet • Money Service Businesses, Payment Service Providers, or Electronic Money Institutions (for io.flow) • The financial institution operating a settlement platform enabled by io.network (for io.network / io.vault)
Authorities • Legal, judicial and administrative authorities
Where these third-parties are located abroad or may host the Users’ Data abroad, Io.finnet will set up specific data privacy contractual clauses to ensure that these third parties apply protective measures to the Users Personal Data that respect the terms of this Privacy Policy.
The Software Products are hosted in Amazon Web Service Inc (AWS) cloud services. AWS’ servers are ISO 27001 compliant.
9. third-party services and dapps
Our platform provides access to third-party decentralized applications (“dApps”) and services, which are not operated by us. When you use these services, the provisions of this Privacy Policy relating to third-party interactions will apply, including the sharing of certain data necessary to facilitate your use of the services.
While we facilitate the use of these services, they are operated by third-parties whose data processing practices we do not control. Your interaction with them is governed by their respective terms and conditions and privacy policies, which you acknowledge. We recommend reviewing these policies to understand how your data may be used.
10. Duration of users Personal Data Storage
Io.finnet processes and stores Users Personal Data for the duration required by the purposes for which it is collected and in compliance with applicable laws and regulations.
At the end of these periods, the Personal Data may be subject to a new Processing for statistical and research purposes. However this Processing shall only be performed subject to the anonymity of the data which will not give rise to new exploitation of the Personal Data and will be archived in a secure, anonymous manner according to applicable law.
11. Users Data Privacy Rights
Amongst Data Protection Laws, GDPR gives rights to European citizens with regards to their Personal Data. GDPR being globally considered as the standard in terms of Personal Data protection, Io.finnet’s goal is to, wherever applicable and not constrained by local laws and regulations, allow its Users to benefit from these rights.
These rights are:
A Right to access
Users can obtain from the Controller, information as to whether or not their Personal Data is being processed, and, where that is the case, can demand access to said Personal Data, including: Purpose(s) of the Processing, categories of Personal Data being processed, the recipients or categories of recipient to whom Personal Data have been or will be disclosed and whether these recipients are in third countries or are international organizations, etc.; A Right to rectification Users can request the rectification, without undue delay, of their Personal Data where it is inaccurate, incomplete or outdated;
A Right to object Users can, at any time, object to any Processing or Transfer of their Personal Data by the Controller, it being specified that this objection may be in relation to all of a User PersonalData or only certain information and may in relation to all Processing and Transfers or only certain Processing and Transfer. Users must understand however that where they object toProcessing or Transfer, Io.finnet’s ability to provide the Software Products might be hindered.
Right to be Forgotten Users can obtain from the Controller the erasure of their Personal Data, without undue delay where:• The Personal Data is no longer necessary in relation to the Purposes; • The Personal Data is no longer necessary in relation to the Purposes; • You object to the Processing pursuant to Article 21(1) and Io.finnet does not justify that there are overriding legitimate grounds for the processing; • Personal Data has been unlawfully processed; • Personal Data has to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject; • Personal Data has been collected in relation to the offer of information society services referred to in Article 8(1).
Right to withdraw consent Where Io.finnet is relying on Users Consent to process Users Personal Data, whether express or implied, they have the right to withdraw their consent at any time by either updating their preferences or contacting us as indicated below, it being specified that this withdrawal of consent may be accompanied with a request for erasure of the User Personal Data;
Right to Opt-out marketing and promotional communications
Where Users have given consent to be provided with our marketing and promotionalcommunications, they are able to unsubscribe at any time from those either by updating their preferences or by clicking on the unsubscribe prompt in the e-mail communications that are sent by Io.finnet. Users can also apply this right by contacting us as indicated below
Right to Personal Data portability
Where Users Personal Data is being Processed by automated means and has been obtained on the basis of consent or a contract, they may request to receive the Personal Data they have Provided to a Controller in a structured, commonly used and machine-readable format in order to be able to transmit this Personal Data to another Controller without hindrance from the Controller to which the Personal Data has been provided initially
Right to object and automated individual decision-making.
Users have a right to object to automated individual decision-making (decision which has legal implications for them and made solely by automated means without any humaninvolvement) and profiling (automated processing of Personal Data to evaluate certain elements about an individual), except where these are necessary for the entry into orperformance of a contract or authorized by domestic law applicable to the Controller or based on Users explicit consent.
Right to lodge a complaint before the Supervisory Authority
If Users consider that the Processing of their Personal Data is a violation of their data privacy rights, then they may submit a complaint to the national supervisory authority responsible for the protection of privacy rights in their country (the “Supervisory Authority”).
12. how users can exercise their rights
To exercise any of rights, you can send a request:
• By email at the following address: privacy@iofinnet.com; • By letter at the following postal address: Data Protection Officer – Io FinNet Group, Inc.: 4208 Six Forks Rd., 10th Floor, Raleigh, 27609, USA.
Where you exercise your right electronically, answers and Personal Data will be provided, where appropriate, electronically, except if you make the specific request that they are not.
Io.finnet may request additional information from you, in order to verify your identity, before moving forward with the request.
Please be aware that Io.finnet must also comply with regulations and applicable laws which might mandate that it keeps certain Personal Data elements for a set duration. Where this is the case, Io.finnet will notify you that it cannot erase said Personal Data, and where it is possible to stop Processing, will archive it so that it is no longer being Processed and becomes only available to the institutions and authorities that can/must have access to it according to applicable law and regulations.
13. How your Personal Data is protected and secured
Io.finnet is taking steps so that Users can be assured their Personal Data is safe when using the Software Products and more generally when their Personal Data is processed by Io.finnet
We follow data minimization principles and set up the following measures: • Pseudonymization and anonymization techniques whenever they are technically feasible; • Restricting Personal Data access to the sole employees who need to access Personal Data to perform the services described in the Service description, ensured by a regular review of access rights performed by the IT and legal departments.
Technical, organizational and structural security measures are in place to protect Users Personal Data against accidental, unauthorized or unlawful access, disclosure, alteration, loss, or destruction and, therefore, ensure the security, integrity and confidentiality of their Personal Data.
Notwithstanding the above, we will take all legally required measures to remedy such an event, which may include notifying you of a breach in the likelihood of a higher risk to your rights and freedom.
In case of security breach, Io.finnet will provide you with a notification determining:
• the nature of the security breach; • if possible, the categories and the approximate number of persons affected by the security breach; • the categories and the approximate number of records of Personal Data concerned; • the likely consequences of the security breach; • the steps taken or plan to take to prevent the incident from recurring or to mitigate any negative consequences. If the security breach represents a risk, we shall notify the security breach to the competent Supervisory Authority within the shortest possible delay.
14. HOW USERS CAN CONTACT US IN RELATION TO THIS NOTICE AND DATA PRIVACY
If Users have questions or comments about this notice, they may contact our Data Protection Officer (DPO) by e-mail at privacy@iofinnet.com
15. UPDATES TO THE PRIVACY POLICY
Io.finnet may update this Privacy Policy from time to time. The updated version will be made evident by the date it bears, which coincides with its publication and is the moment where it becomes effective. If this Privacy Policy is modified in a material way, we might notify Users by either posting visible notice of such changes or by sending Users a notification (either in app or via e-mail). As we encourage Users to read this Privacy Policy at the onset of their use of the Software Products, we also encourage them to regularly check on it to be best informed on how we are processing and protecting their Personal Data.
