PRIVACY POLICY

Products privacy policy

This is the io.finnet corporate products privacy policy, for io.finnet website privacy policy please see https://www.iofinnet.com/website-privacy-policy

Last updated: 22 April, 2024
‍1. Preamble
The protection of your Personal Data is paramount to Io FinNet Group, Inc.

This Privacy Policy for Io FinNet Group, Inc., a Delaware corporation having its principal place of business at 4208 Six Forks Rd., 10th Floor, Raleigh, NC, 27609, United States of America (“Io.Finnet”, “Company”, “we”, “us” or “our”), describes how and why we might collect, store, use and/or share (“Process”) Users Personal Data when Users use our software products (the “Software Product(s)”).

Io.finnet undertakes to comply with European regulations on the protection of Personal Data, in particular the General Data Protection Regulation (EU) of April 27, 2016 (“GDPR”) as well as any local data privacy law applicable to the Processing.

Io.finnet has a team dedicated to the protection of Personal Data, including a Data Protection Officer, a security team and a legal team.

As a User of the Software Products, please take the time to read and understand this Privacy Policy, it will help you understand your privacy rights and choices. If you, as a User, do not agree with our policies and practices, please do not use our Software Products. If you, as a User, still have questions or want to make use of your privacy rights, please contact us at privacy@iofinnet.com.
2. Definitions
Capitalized terms set out below, including those in the preamble of the Privacy Policy, shall have the following meaning:

“Controller”, “Processing” and “Supervisory Authority” shall have the meaning assigned to them in Article 4 of the GDPR.

Data Protection Law(s): means (i) the EU General Data Protection Regulation 2016/679 (“GDPR”), (ii) the e-Privacy Directive 2002/58/EC (“e-Privacy Directive”), and any further applicable legislation replacing the e-Privacy Directive and/or the GDPR; (iii) any data protection law, statute or regulation of a European Union (“EU”) Member State, which may apply to one of the Parties pursuant to its data Processing activities or its establishment within the EU and (iv) any guidelines or opinion adopted by the European Data Protection Board (“EDPB”) as to interpret the application of GDPR and the e-Privacy Directive (v) the decisions of the Supervisory Authority or the judicial or administrative courts of an EU Member State which are binding on one of the Parties by way of its data Processing activities or its establishment within the EU; and (vi) the decisions rulings adopted by the Court of Justice of the European Union (CJEU) or the European Court of Human Rights (ECHR) regarding Personal Data and privacy protection and freedom of speech or freedom of information; and (vii) any applicable local data protection regulation to the processing.

Personal Data: shall have the meaning assigned to them in Article 4 of GDPR.

Privacy Policy: refers to the hereby privacy policy to inform Users of the commitments taken by Io.finnet to protect Users Personal Data when they use the Software Products.

Purpose(s): refers to the main purpose(s) for the use of Personal Data.

Software Product(s): refers to one or all of the software products and attached services provided by Io.finnet.

User or Users: means an individual user who is using the Software Products or all the Users of the Software Products.

User(s) Account: refers to the User(s) account(s) created by the User(s) to gain access to the Product.
3. What is personal data?
Personal Data is any information relating to an identified or identifiable natural person (“Data Subject”). To qualify as a Data Subject, one has to be identifiable, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4. Purpose of this Privacy Policy
This Privacy Policy explains:

• how io.finnet collects, uses and shares Users Personal Data when they use the Software Products;
• how io.finnet protects and ensures the security, integrity and confidentiality of Users Personal Data;
• what information Io.finnet receives from third-parties and what information Io.finnet shares with third-parties;
• what Users privacy rights are, and how they can exercise them.

The following guiding principles are applied by io.finnet so as to protect Users Personal Data:io.finnet does not collect any more Personal Data than is necessary;

• io.finnet only uses Users Personal Data for the purposes specified in this Privacy Policy, unless Users agree otherwise;
• io.finnet does not keep Users Personal Data if it is no longer needed; and other than as we specify in this Privacy Policy, Io.finnet does not share Users Personal Data with third parties.
• io.finnet does not rent or sell Users Personal Data to third parties.
5. Who collects Personal Data
Io.finnet is a Controller for the Processing described in Section 7 of this Privacy Policy as relates Io.vault and Io.network;

Io.finnet is a Processor for the Processing described in Section 7 of this Privacy Policy as relates Io.flow.
6. What Personal Data is collected
Io.finnet collects Personal Data from Users.

Personal Data of Users processed by Io.finnet is collected through different channels.

Io.finnet may collect the following Personal Data:

For Io.vault:
Account data
To set up, configure and manage Users accounts;
User personal information (first and last name, phone number, email address, residential address, nationality);
User settings (newsletter preferences, language, protocols, notification settings, country).
Technical data
User Device information (type of device, IP address, unique identifier, device model, operating system and version, browser used, cookies or similar technologies, system language);
Information about User usage of the Software Product (IP address, connection date and time, pages visited);
Data about User internet connection (notably connection type).
Usage data
User activity logs;
Account configurations;
Analytics information about the use of the Software Product (session durations, content accessed, interaction with user-interface, frequency and scope of use, etc.)
Network identifiers and Transaction Information
Public Keys (Using Secure Multi-Party Computation (MPC), multiple shares are created that together can be used to perform the functionality of a private key, these shares are stored in encrypted format locally on the Users Devices and are never shared with Io.finnet. What is shared with Io.finnet is the public keys with which these private shares correspond to.)
Information on all transactions connected to the aforementioned public keys created through the Software Product (notably time of transaction, date of transaction, amount of transaction, USD value of transaction, sender’s public address, recipient’s public address);
Support ticket/inquiry data
Details regarding support tickets/inquiry (date, time, subject and content of tickets)
Content of exchanges with agents (emails, chat)
Any other data that may be necessary to resolve tickets/inquiry
Subscription data / order data
Invoices, credit notes, and other administrative documents;
Payment details (SSI, payment method, transaction date and time, currency, amount paid);
Contact information (first name, last name, email, phone number);
Billing address (street, city, postal code, country);
Order details.
For Io.network:
Account data
User Account credentials (user id, email, password hash);
User personal information (first and last name, phone number, email address, residential address, nationality);
User settings (newsletter preferences, language, protocols, notification settings, country).
Technical data
User Device information (type of device, IP address, unique identifier, device model, operating system and version, browser used, cookies or similar technologies, system language);
Information about User usage of the Software Product (IP address, connection date and time, pages visited);
Data about User internet connection (notably connection type).
Usage data
User activity logs;
Account configurations;
Analytics information about the use of the Software Product (session durations, content accessed, interaction with user-interface, frequency and scope of use, etc.)
Network identifiers and Transaction Information
Public Keys (Using Secure Multi-Party Computation (MPC), multiple shares are created that together can be used to perform the functionality of a private key, these shares are stored in encrypted format locally on the Users Devices and are never shared with Io.finnet. What is shared with Io.finnet is the public keys with which these private shares correspond to.)
Information on all transactions connected to the aforementioned public keys created through the Software Product (notably time of transaction, date of transaction, amount of transaction, USD value of transaction, sender’s public address, recipient’s public address);
Any associated underlying bank account identifiers  (associated internal account number and SSI details).
Support ticket/inquiry data
Details regarding support tickets/inquiry (date, time, subject and content of tickets);
Content of exchanges with agents (emails, chat);
Any other data that may be necessary to resolve tickets/inquiry.
Subscription data / order data
Invoices, credit notes, and other administrative documents;
Payment details (SSI, payment method, transaction date and time, currency, amount paid);
Contact information (first name, last name, email, phone number);
Billing address (street, city, postal code, country);
Order details.
For Io.flow:
Account data
User Account credentials (user id, email,);
User banking details (Physical address, SSI, payment method, transaction date and time, currency, amount);
User settings (newsletter preferences, language, protocols, notification settings, country).
Transaction Data
Underlying Client personal information (first and last name, physical address, SSI, payment method, transaction date and time, currency, amount);
Support ticket/inquiry data
Details regarding support tickets/inquiry (date, time, subject and content of tickets);
Content of exchanges with agents (emails, chat);
Any other data that may be necessary to resolve tickets/inquiry;
Commission Report Data
User Invoices, and other administrative documents;
User Payment details (SSI, payment method, transaction date and time, currency, amount paid);
User Contact information (first name, last name, email, phone number);
User Billing address (street, city, postal code, country);
User Commission Report.
7. Why we process your personal data
Io.finnet processes Personal Data for multiple purposes. Depending on the purposes, Processing can be based on (i) the legitimate interests pursued by Io.finnet, (ii) on contractual obligations, or (iii) because Users gave their consent.

Io.finnet processes Personal Data for the following Purposes and based on the following legal basis:
PURPOSE N°1: DELIVER THE SOFTWARE PRODUCTS
Processing
To set up, configure and manage Users accounts;
To provide Users with the features and functionalities of the Software Products;
To send Users administrative notifications (if Users enable them) related to the function of the Software Products.
Legal Basis
The legal basis for this processing is “necessary for
the performance of a contract and/or to fulfill its
legal obligations”
PURPOSE  N°2: TO MANAGE   USER TICKETS (FEEDBACK/ COMPLAINTS/ QUESTIONS) WITH CUSTOMER SUPPORT SERVICES FOR THE SOFTWARE PRODUCTS
Processing
To manage the feedback, complaints and issues from Users;
To transfer a data privacy request to the privacy team;
To improve the quality and speed of customer care provided by Io.finnet to its Users.
Legal Basis
The legal basis for this processing is “necessary for the performance of a contract and/or to fulfill its legal obligations”.
The legal basis for this processing is “necessary to fulfill its legal obligations”.
The legal basis for this processing is the legitimate interest of the company to provide their services.
PURPOSE N°3: TO MANAGE PAYMENTS FOR THE SOFTWARE PRODUCTS
Processing
To process payments when clients subscribe to the Software Products;
To   fulfill   Io.finnet’s   accounting   and   legal obligations
Legal Basis
The legal basis for this processing is “necessary for the performance of a contract or to fulfill its legal obligations such as fiscal law and regulations”.
The legal basis for this processing is “necessary to fulfill its legal obligations such as fiscal law and regulations”
PURPOSE N°4 : TO IMPROVE AND MONITOR THE SOFTWARE PRODUCTS
Processing
To improve the Software Products and develop new features;
To send surveys to Users to gather experience and optimize the Software Products;
For statistical purposes in order to optimize the
Software Products (such statistics are based on User
data with the aim to generate general results)
Legal Basis
The legal basis for this processing is Io.finnet’s legitimate interest to deliver the best possible services on the Software Products
The legal basis for this processing is Io.finnet’s legitimate interest to deliver the best possible services on the Software Products
PURPOSE N°5: TO SECURE THE SOFTWARE PRODUCTS AND PREVENT FRAUD
Processing
To ensure the security, confidentiality, integrity and availability of the Software Products and prevent fraud
Legal Basis
The legal basis for this processing is Io.finnet’s legitimate interest to deliver the best possible services   through   the   Software   Products   and compliance   with   Data   Protection   Laws   and “necessary to fulfill its legal obligations
PURPOSE N°6: TO IMPROVE THE RELATIONSHIP WITH THE CLIENT
Processing
To maintain a good business relationship with clients by organizing contests, loyalty  programs,
sponsorship, and grant discounts to clients.
Legal Basis
The legal basis for this processing is Io.finnet’s legitimate interest to deliver the best possible services through the Software Products
8. HOW WE SHARE USERS PERSONAL DATA
Internal Use: Personal Data of Users may be processed by the employees of Io.finnet (within the limits of their respective attributions) and its subsidiaries and group companies, exclusively in order to achieve the purposes of this Privacy Policy.

External Use: Io.finnet may share Personal Data (only if appropriate and to the extent permitted by the
applicable laws) with the following categories of third parties:

Technical Suppliers
• Cloud services and storage suppliers (including without limitation AWS and webflow)
• Networking and telecommunication suppliers
• Maintenance suppliers
• Security services suppliers
• Usage Data Analysis suppliers

Payment processors
• Io.finnet’s banks, as may be required by the banks themselves to justify origin of payment to Io.finnet
• Money Service Businesses, Payment Service Providers, or Electronic Money Institutions (for io.flow)
• The financial institution operating a settlement platform enabled by io.network (for io.network / io.vault)

Marketing suppliers
• Customer relationship management software

Authorities
• Legal, judicial and administrative authorities

Where these third-parties are located abroad or may host the Users’ Data abroad, Io.finnet will set up specific data privacy contractual clauses to ensure that these third parties apply protective measures to the Users Personal Data that respect the terms of this Privacy Policy.

The Software Products are hosted in Amazon Web Service Inc (AWS) cloud services. AWS’ servers are ISO 27001 compliant.
9. Storage duration of your Personal Data
Io.finnet processes and stores Users Personal Data for the duration required by the purposes for which it is collected and in compliance with applicable laws and regulations.

At the end of these periods, the Personal data may be subject to a new Processing for statistical and research purposes. However this Processing shall only be performed subject to the anonymity of the data which will not give rise to new exploitation of the Personal Data and will be archived in a secure, anonymous manner according to applicable law.
10. Your Data Privacy Rights
Amongst Data Protection Laws, GDPR gives rights to European citizens with regards to their Personal Data. GDPR being globally considered as the standard in terms of Personal Data protection, Io.finnet’s goal is to, wherever applicable and not constrained by local laws and regulations, allow its Users to benefit from these rights.

These rights are:

A Right to access

You can obtain from the Controller, information as to whether or not your Personal Data is being processed, and, where that is the case, can demand access to said Personal Data, including: Purpose(s) of the Processing, categories of Personal Data being processed, the recipients or categories of recipient to whom Personal Data have been or will be disclosed and whether these recipients are in third countries or are international organizations, etc.;

A Right to rectification


Users can request the rectification, without undue delay, of their Personal Data where it is inaccurate, incomplete or outdated;

A Right to object


You can, at any time, object to any Processing or Transfer of your Personal Data by the Controller, it being specified that this objection may be in relation to all of your Personal Data or only certain information and may in relation to all Processing and Transfers or only certain Processing and Transfer. You must understand however that where you object to Processing or Transfer, Io.finnet’s ability to provide access to the Corporate Website might be hindered.

A Right to object


Users can, at any time, object to any Processing or Transfer of their Personal Data by the Controller, it being specified that this objection may be in relation to all of a User Personal Data or only certain information and may in relation to all Processing and Transfers or only certain Processing and Transfer. Users must understand however that where they object to Processing or Transfer, Io.finnet’s ability to provide the Software Products might be hindered.

Right to be Forgotten


Users can obtain from the Controller the erasure of their Personal Data, without undue delay where:• The Personal Data is no longer necessary in relation to the Purposes;

• You object to the Processing pursuant to Article 21(1) and Io.finnet does not justify that there are overriding legitimate grounds for the processing;
• Personal Data has been unlawfully processed;
• Personal Data has to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
• Personal Data has been collected in relation to the offer of information society services referred to in Article 8(1).

Right to withdraw consent


Where Io.finnet is relying on your Consent to process your Personal Data, whether express or implied, you have the right to withdraw your consent at any time by either updating your preferences or contacting us as indicated below, it being specified that this withdrawal of consent may be accompanied with a request for erasure of your Personal Data;

Right to Opt-out marketing and promotional communications

Where you have given consent to be provided with our marketing and promotional communications, you are able to unsubscribe at any time from those either by updating your preferences or by clicking on the unsubscribe prompt in the e-mail communications that are sent by Io.finnet. You can also apply this right by contacting us as indicated below;

Right to Personal Data portability

Where your Personal Data is being Processed by automated means and has been obtained on the basis of consent or a contract, you may request to receive the Personal Data you have Provided to a Controller in a structured, commonly used and machine-readable format in order to be able to transmit this Personal Data to another Controller without hindrance from the Controller to which the Personal Data has been provided initially;

Right to object and automated individual decision-making.

Users have a right to object to automated individual decision-making (decision which has legal implications for them and made solely by automated means without any human involvement) and profiling (automated processing of Personal Data to evaluate certain elements about an individual), except where these are necessary for the entry into or performance of a contract or authorized by domestic law applicable to the Controller or based on Users explicit consent.

Right to lodge a complaint before the Supervisory Authority

If you consider that the Processing of your Personal Data is a violation of your data privacy rights, then you may submit a complaint to the national supervisory authority responsible for the protection of privacy rights in your country (the “Supervisory Authority”).

Right to lodge a complaint before the Supervisory AuthorityIf you consider that the Processing of your Personal Data is a violation of your data privacy rights, then you may submit a complaint to the national supervisory authority responsible for the protection of privacy rights in your country (the “Supervisory Authority”).
11. how you can exercise your rights
To exercise any of rights, you can send a request:

• By email at the following address: privacy@iofinnet.com;
• By letter at the following postal address: Data Protection Officer – Io FinNet Group, Inc.: 4208 Six Forks Rd., 10th Floor, Raleigh, 27609, USA.

Where you exercise your right electronically, answers and Personal Data will be provided, where appropriate, electronically, except if you make the specific request that they are not.

Io.finnet may request additional information from you, in order to verify your identity, before moving forward with the request.

Please be aware that Io.finnet must also comply with regulations and applicable laws which might mandate that it keeps certain Personal Data elements for a set duration. Where this is the case, Io.finnet will notify you that it cannot erase said Personal Data, and where it is possible to stop Processing, will archive it so that it is no longer being Processed and becomes only available to the institutions and authorities that can/must have access to it according to applicable law and regulations.
12. How your Personal Data is protected and secured
Io.finnet is taking steps so that Users can be assured their Personal Data is safe when using the Software Products and more generally when their Personal Data is processed by Io.finnet.

We follow data minimization principles and set up the following measures:


• Pseudonymization and anonymization techniques whenever they are technically feasible;
• Restricting Personal Data access to the sole employees who need to access Personal Data to perform the services described in the Service description, ensured by a regular review of access rights performed by the IT and legal departments.

Technical, organizational and structural security measures are in place to protect Users Personal Data against accidental, unauthorized or unlawful access, disclosure, alteration, loss, or destruction and, therefore, ensure the security, integrity and confidentiality of their Personal Data.

Notwithstanding the above, we will take all legally required measures to remedy such an event, which may include notifying you of a breach in the likelihood of a higher risk to your rights and freedom.

In case of security breach, Io.finnet will provide you with a notification determining:

• the nature of the security breach;
• if possible, the categories and the approximate number of persons affected by the security breach;
• the categories and the approximate number of records of Personal Data concerned;
• the likely consequences of the security breach;
• the steps taken or plan to take to prevent the incident from recurring or to mitigate any negative consequences. If the security breach represents a risk, we shall notify the security breach to the competent Supervisory Authority within the shortest possible delay.
13. HOW USERS CAN CONTACT US IN RELATION TO THIS NOTICE AND DATA PRIVACY
If Users have questions or comments about this notice, they may contact our Data Protection Officer (DPO) by e-mail at privacy@iofinnet.com
14. UPDATES TO THE PRIVACY POLICY
Io.finnet may update this Privacy Policy from time to time. The updated version will be made evident by the date it bears, which coincides with its publication and is the moment where it becomes effective. If this Privacy Policy is modified in a material way, we might notify Users by either posting visible notice of such changes or by sending Users a notification (either in app or via e-mail). As we encourage Users to read this Privacy Policy at the onset of their use of the Software Products, we also encourage them to regularly check on it to be best informed on how we are processing and protecting their Personal Data.