Privacy Policy

PRIVACY POLICY

1. DATA CONTROLLER

The company Responsible for the processing of your data under this Privacy Policy shall be:

For clients of Kantox European Union S.L: The Data Controller will be Kantox European Union SL, a company incorporated in Spain and identified with CIF number B67369371 and with registered office at Torre Mapfre, Planta 22, Marina, 16-18, 08005 Barcelona, Spain. The company is duly authorised by the Bank of Spain, with registration number 6890.

For customers of Kantox Limited: The Data Controller will be Kantox Limited, a company incorporated in the United Kingdom and identified by registration number 07657495 and having its registered office at 10 Harewood Avenue, London NW1 6AA, United Kingdom. The company is duly authorised by the UK Financial Conduct Authority (FCA) as a payment institution under number FRN 580343 and is registered with HM Revenue & Customs as a money services business under number 12641987.

Both companies are hereinafter referred to as 'Kantox'.

At Kantox, we recognise the importance of protecting your personal information and are committed to treating it responsibly and in accordance with the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 and the UK GDPR ("GDPR") on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the UK Data Protection Act 2018.

This privacy policy aims to regulate all aspects relating to the processing of data of the different users who browse or provide their personal data through the different forms located on the website.

2. PURPOSE OF THE DATA COLLECTED AND BASIS FOR LEGITIMISATION

The data we request from you in the various forms on our website are adequate, relevant and strictly necessary for:

• To deal with the request or request made by the user through the contact form located on the website. We collect and process the user's personal data in order to process and manage their request, query or any other request made through this form.

The basis for the legitimacy of the data processing is the express consent given by the user by ticking the acceptance box of our privacy policy before sending the request.

• Manage experiences or opinions regarding products and/or services through user testimonials that will be published on the website and thus be able to help other users.

The basis of legitimacy of the data processing will be the consent given by the user when registering through the form provided for this purpose on the website and selecting the acceptance box of our privacy policy before sending your request.

• Manage your request to book a meeting to learn about our products and services.

The basis of legitimacy of the data processing will be the consent given by the user when registering through the form provided for this purpose on the website and selecting the acceptance box of our privacy policy before sending your request.

• Send newsletters and bulletins about Kantox products.

The basis of legitimacy of the data processing will be the consent given by the user when selecting the acceptance box of our privacy policy before subscribing to the newsletter in the form provided for this purpose on the website.

• Send surveys about customer experience related to our products/services

The basis of legitimacy of the data processing is the performance of the contractual relationship between user and Kantox in order to improve the quality of the services.

• Manage the CV sent by the interested party through the form provided for this purpose and include it in the company's database of candidates.

The legitimate basis for managing and processing the curriculum of the interested party is his or her consent, which he or she expresses by affirmatively sending it and selecting the acceptance box of our privacy policy prior to sending it.

Any other information or data you choose to share with us.

The mandatory data are specified in the forms themselves, and your refusal to provide them will mean that we will not be able to process your request. You also assure us that all the data provided are true, accurate and relevant to the purpose for which they are requested. It is important that in order for us to keep the personal data updated, the user informs us whenever there has been any modification in them, otherwise, we are not responsible for the veracity of them. Kantox will not be responsible for the non-execution of a payment if the information provided by the user is incorrect. Kantox will not be responsible for errors, mistakes or information that is not properly updated.

The user guarantees that the personal data provided are truthful, guaranteeing that all the information provided corresponds to the real situation, that it is up to date and accurate, being obliged to communicate any modification.

3. USE OF THE KANTOX PLATFORM

In order to access the services provided by Kantox, the User will be asked to set up log-in details consisting of a username and password for each individual that is registered to use the service on your behalf in accordance with Kantox Terms of Use (“an “Authorised User”). The basis of legitimacy for the processing of this data is the execution of the contractual relationship between you and Kantox. If any Authorised User leaves your organisation or is otherwise no longer authorised to access and use the Services on your behalf, you must notify Kantox by emailing us at support@kantox.com

Users are responsible for the adequate custody and confidentiality of any individual and/or passwords that they have selected in the registration from, and they undertake not to assign their use to third parties, or to allow their access to third parties. You must treat log-in details as confidential and must take all reasonable steps to keep them safe (which includes not sharing them with anyone else or allowing anyone else to use them). The log-in details are personal and cannot be assigned, transferred or used by any individual other than the Authorised Users. You must let us know immediately by telephone or email of any actual or threatened unauthorised use of log-in details or other actual or potential security breach of which you become aware.

Kantox reserves the right in our discretion to disable a log-in ID at any time if, in our opinion, you have failed to comply with any provision of the Terms of Use, the present Privacy Policy, or if we think it is necessary to protect other Users and/or the security or the operation of the Website.

4. RETENTION OF YOUR PERSONAL DATA

The processing of the data for the purposes described will be maintained for the time necessary to fulfil the purpose of its collection and/or until you revoke your consent, without prejudice to compliance with the legal obligations arising from the processing of the data and when necessary for the formulation, exercise or defence of potential claims, provided that this is permitted by the applicable legislation. For further information, please contact us at gdpr@kantox.com.

5. SHARING OF YOUR DATA WITH THIRD PARTIES

The data processed by Kantox is hosted in the EU and processed within the EU or in the third country that the European Commission deems to offer an adequate level of security, or by service providers that have entered into binding agreements that fully comply with the law on transfers to third countries. In this regard, your data will be stored in the EU-West1 region of Amazon Web Services (AWS), more specifically in Ireland.

Other recipients of your data may include government agencies and administrations, to the extent that we are legally obliged to do so, and service companies, such as tax consultants or lawyers.

Kantox endeavours to ensure the security of personal data when it is sent outside the company and ensures that third party service providers respect confidentiality and have appropriate measures in place to protect personal data. These third parties are obliged to ensure that the information is handled in accordance with data privacy regulations.

6. INTERNATIONAL DATA TRANSFER

The personal data that we process in the context of our processing systems and website may be stored in countries outside the European Economic Area (EEA).

Where we transfer your personal data outside the European Economic Area, we will comply with applicable data protection laws. These are some of the mechanisms we may use when transferring your personal data internationally:

-The transfer of your personal data is to a country that is officially recognised by the European Commission as ensuring an adequate level of protection for personal data.

-We reserve the right to use specific contracts approved by the European Commission that give personal data the same protection as they enjoy in Europe (so-called EU standard clauses).

‍

7. ‍PROCESSING OF PERSONAL DATA TO FIGHT AGAINST MONEY LAUNDERING AND TERRORIST FINANCING ‍
   

As a payment entity, we must have a robust system to fight against money laundering and terrorist financing, as well as a system for implementing local, European, and international sanctions, which may require the processing of your personal data primarily through our Know Your Customer (KYC) process to identify you, verify your identity, and analyze your data to check if you appear on sanctions lists, before or during the provision of our services.

‍
In the context of this processing, we are responsible for the processing of your data.

‍
The legal basis for this processing is compliance with a legal obligation applicable to the data controller.

8. ‍EXERCISE OF RIGHTS AND HOW YOU CAN EXERCISE THEM

You can address your communications and exercise your rights by sending a request to the following e-mail address: gdpr@kantox.com

Under the UK and EU GDPR, you have certain rights when it comes to the processing of your personal data:

• Right to be informed: You have the right to receive clear, transparent and easily understandable information about how we use your personal data and your rights.
• Right of access: You have the right to obtain access to your personal data.
• Right of rectification: You have the right to have your personal data rectified if it is inaccurate or incomplete.
• Right of erasure: this right allows you to request the erasure or deletion of your personal data where there is no compelling reason for us to continue to use it. This is not an absolute right of erasure and exceptions apply.
• Right to restrict processing: You have the right to "block" or delete further use of your personal data. When processing is restricted, we may continue to store your personal data, but we may no longer use it.
• Right to data portability: You have the right to obtain and re-use your personal data for your own purposes in different services.
• Right to object to processing: You have the right to object to certain types of processing.
• Right not to be subject to an automated decision: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal (or similarly important) effects for you.

The exercise of rights to your personal data may, in some cases, be limited by applicable laws and/or regulations. For example, legislation regarding the fight against money laundering and the terrorism financing.

In some cases, the request may be refused if you ask for the deletion of data necessary for compliance with legal obligations.

If you feel that your rights have not been properly addressed, you have the right to lodge a complaint with:

For customers of Kantox Limited: You can lodge a complaint with the Information Comissioner Officer at https://ico.org.uk/.

For customers of Kantox European Union S.L.: You can lodge a complaint with the Spanish Data Protection Agency at www.aepd.es.

We would appreciate the chance to address your concern directly, prior to submitting it to the above mentioned supervisory authority. This is not a requirement, and you may go directly to the authority.

9. ‍ RESPONSIBLE FOR THE ACCURACY AND VERACITY OF THE DATA PROVIDED

The user is solely responsible for the veracity and correctness of the data included, exonerating Kantox of any responsibility in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated. The user undertakes to provide complete and correct information in the registration or subscription form. Kantox reserves the right to terminate the services contracted with the users in the event that the data provided is false, incomplete, inaccurate or not up to date.

Kantox is not responsible for the veracity of the information that is not of its own elaboration and of which its origin is indicated from another source, so it does not assume any responsibility regarding hypothetical damages that could originate from the use of this information.

Kantox reserves the right to update, modify or delete the information contained in its web pages and may limit or deny access to this information.

10. ‍PROCESSING OF PERSONAL DATA OF MINORS

Anyone who provides data through the forms on this website and accepts its processing declares that they are over 14 years of age, and access to and use of the portal by minors under that age is prohibited. If at any time, the Data Controller detects that a minor under 14 years of age has provided personal data, we will proceed to the cancellation of the same.

Likewise, parents or guardians may in any case contact Kantox to block the access account of minors in their care who have registered by falsifying their identity.

‍

11. ‍SOCIAL NETWORKS

The purpose of tools such as Facebook, Twitter, Instagram, Linkedin etc. or other social networks is to give visibility and dissemination to the activities carried out by our organisation. These tools store personal data on the servers of the respective services and are governed by their own privacy policy. It is recommended that you review and read the conditions of use and privacy policy of the social network at the time of registration, taking into account the different configuration possibilities in relation to the degree of privacy of the user profile on the social network. Likewise, the Controller reserves the right to remove from its social networks any information published by third parties that violates the law, incites to do so or contains messages that violate the dignity of persons or institutions. As well as the right to block or report the profile author of these messages.

12. ‍ SECURITY MEASURES IMPLEMENTED TO PROTECT YOUR PERSONAL DATA

Kantox has adopted the legally required levels of security for the protection of personal data, and tries to install those additional technical means and measures within its reach to avoid the loss, misuse, alteration, unauthorised access and theft of the personal data provided to Kantox.

‍

Kantox is not responsible for any hypothetical damages that may derive from interferences, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operative functioning of this electronic system, caused by causes beyond the control of Kantox, delays or blockages in the use of this electronic system caused by deficiencies or overloads of telephone lines or overloads in the Data Processing Centre, in the Internet system or in other electronic systems, as well as damages that may be caused by third parties through illegitimate intromissions beyond the control of Kantox. However, the user must be aware that security measures on the Internet are not impregnable.

‍

13. ‍MODIFICATION OF THE PRIVACY POLICY

This privacy policy is subject to change. We recommend that you review the privacy policy from time to time.

‍

14. ‍LINKS TO OTHER WEBSITES

The website www.kantox.com may contain links to other websites. By clicking on one of these links and accessing an external website, the visit will be subject to the privacy policy of that website, and disclaims any responsibility for its privacy policy.

‍

15. COUNTRY-SPECIFIC PROVISIONS

Canada

This section supplements the Privacy Policy and applies to the collection, use, disclosure and retention of personal data by KANTOX, obtained in the context of their commercial activities which comprise both services provided to third parties or affiliates and the management and use of providers or partners (including personal data or potential clients or providers). Except as noted below, nothing in this Canada-specific section changes or modifies the Privacy Policy, in case of conflict between the Privacy Policy and this section, this section shall prevail.

‍

Rights

‍
As provided by and in accordance with Canadian data protection laws you have the following rights with respect to your personal data:

• You can request access to your personal data.
• You can ask for the correction of your personal data if it is inaccurate, incomplete or no longer up to date in accordance with applicable laws.
• You can withdraw your consent to our collection, use and disclosure of your personal data, except in limited circumstances, including legal or regulatory requirements or as a result of a contractual obligation (for instance, if you are a representative of our client and we need to process your personal data in order to provide services to our client).

Should you wish to exercise these rights, please refer to the “Contact Us” subsection. You can also unsubscribe from receiving commercial emails from us.

‍

Collection, use and sharing of personal data‍
Our collection, use and sharing of your personal data is done on the basis of your consent (which may be implied or obtained by our client or provider rather than by us directly), unless we are otherwise permitted to process your personal data without consent under Canadian data protection laws (for instance, when a consent exception applies). Note that we may use or share personal data in order to comply with Canadian laws and regulations that are equivalent to those mentioned in sections 2 and 5 of the Privacy Policy.

The categories of data processors and service providers which perform services on our behalf and with whom we may share your personal data are: providers offering IT services, telecommunication services; compliance and due diligence services, advisory services, marketing and communications services as well as financial institutions, and providers of similar services required to support our activities in Canada.

‍

International transfers of personal data
We may transfer your personal data outside Canada, including when we share personal data with other entities within the KANTOX Group or transfer personal data to service providers located in other jurisdictions. As a result of such transfers, your personal data may be available to government authorities under lawful orders and laws applicable in foreign jurisdictions.

‍

Data retention
We may anonymize personal data at the expiration of the retention period described in section 4 of the Privacy Policy, so that it can no longer directly or indirectly identify you.

‍

Contact Us
If you wish to exercise the rights set out in the “Rights” of this section, or if you have any questions or complaints related to our personal data processing practices, please contact our Data Protection Officer at gdpr@kantox.com. 

‍

United States of America

The regulations in this section supersede previous sections of the Privacy Policy where indicated in relation to data processed by KANTOX in the United States.

‍

In addition to the categories of personally identifiable data, this specific section of the Privacy Policy also applies to suppliers, vendors and other third parties who provide products or services or otherwise that interact with us.

‍

With respect to the exercise of rights, U.S. residents may retain certain rights to the extent provided by applicable state and federal laws. Imported data may apply foreign standards as applicable.

‍

In addition to the purposes listed in section 2 of this Privacy Policy, your personal data is processed to comply with our various legal and/or regulatory obligations.

‍

California Notice at Collection

KANTOX is responsible for collecting and processing your personal information in connection with our financial activities, including payment entity services and currency exchange services.

‍

We may collect personal information for the purposes described in section 2 of our Privacy Policy.

‍

We do not, and have never, sold the personal information of California residents. We do not share personal information to facilitate cross-context behavioral advertising. To the extent that you have questions about this practice, please email us at gdpr@kantox.com. 

‍

We will retain your personal information for the longer of:

• the period required by applicable law;
• such other period consistent with our policies and procedures.

Most personal information collected in relation to a specified client is kept for the duration of the contractual relationship plus a specified number of years after the end of the contractual relationship or as otherwise required by applicable law.

‍

If you would like further information on the period for which your personal information will be stored or the criteria used to determine that period please contact us at gdpr@kantox.com. 

‍

If you have any questions about this section of the Privacy Policy or need to access it in an alternative format due to having a disability, please contact us at gdpr@kantox.com.