1.1. The virtual Orbital platform, available on the website www.getorbital.com - our mobile apps or application programming interfaces (the "API") ("Orbital", the "Platform", the "Website") offers a range of services, provided according to the Platform’s Terms and Conditions and all documents incorporated therein (the "Services").
1.2. The Services on the Platform may be provided by:
(any of the aforementioned companies further may be referred to as the "Company", “Orbital” "we" or "us") depending on the country you access the Platform or use the Services from and subject you conclude the agreement with when accepting General Terms and Conditions and other related documents of the Platform.
1.3. In order to provide Services through the Platform we may process personal data of our customers, or representatives, other related persons, such as family members, beneficial owners, transaction senders, etc. (all together referred to as the "Customer" or "you"). Any personal data we gather, use or share about you is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the "GDPR") and other applicable laws.
1.4 This Policy applies if you use the Platform and any of the Services, available through it and indicates how your personal data is being processed by any Company, which in such a case, acts as a personal data controller. The Policy explains how we process your personal data through any relationship we have, whether it would be a call through the phone, use of the Services on the Platform, a message via e-mail or any other possible means. In case you provide information about other natural persons to the Company, you undertake to make this Policy known to them before the disclosure of such information to the Company.
1.5 By using the Platform or any of the Services offered through it you confirm you have read, understood and agreed with this Policy. The Company reserves the right to make changes to this Policy from time to time. An up-to-date version of the Policy is posted on the Platform, therefore, please do review it regularly.
2.1 The Company undertakes to ensure your personal data is:
2.1.1 processed lawfully, fairly, and in a transparent manner in relation to you;
2.1.2 collected for specified, explicit and legitimate purposes (i.e., prevention of money laundering and terrorist financing, performance of Services, etc.), and not further processed in a manner that is incompatible with those purposes;
2.1.3 adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
2.1.4 accurate and, where necessary, kept up to date;
2.1.5 kept in a form which permits your identification for no longer than is necessary for the purposes for which the personal data are processed;
2.1.6 processed in a manner that ensures appropriate security of your personal data.
2.2. The Company follows the above indicated principles strictly during the processing of your personal data and requests the same from the data processors which it may use to process personal data on behalf of the Company.
3.1. Your personal data will be processed if:
3.1.1. you have given consent to the processing of your personal data for one or more specific purposes; and/or
3.1.2. processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract; and/or
3.1.3. processing is necessary for compliance with a legal obligation to which we are subject; and/or
3.1.4. processing is necessary for the purposes of the legitimate interests pursued by us or the third party.
3.2 The Company may subject its Customers to decisions based solely on automated processing, including profiling, only if it is necessary for conclusion of a contract between you and the Company or due to provision of the Services under such contract, it is authorised by the law or you have expressed an explicit consent to such processing.
4.1. Your personal data is being processed for the purposes of:
4.1.1. account establishment;
4.1.2. performance of the Services (sale and purchase, transfers of funds, payment collection, etc.);
4.1.3 prevention of money laundering and terrorist financing (implementation of the principle "Know Your Customer");
4.1.4. crime prevention;
4.1.5. implementation of international sanctions;
4.1.6. Services support;
4.1.7. quality assurance;
4.1.8. direct marketing;
4.1.9. use of the Company's social networks accounts;
4.1.10. proper and secure operation of the Platform.
4.2 The processing of your personal data is necessary for the implementation of the above indicated purpose(s), therefore, if you fail to provide the requested data the Company may not be able to provide your requested Services.
5.1. The Company collects your personal data directly from you or from the third parties when:
5.1.1. you use or view the Platform;
5.1.2. you register to the Platform;
5.1.3 you use our Services;
5.1.4. you request Services support;
5.1.5. we execute Customer's due diligence or ongoing due diligence;
5.1.6. we monitor your transactions;
5.1.7. we check whether you are not related to fraudulent activities;
5.1.8. we receive requests, orders, decisions or etc. from the third parties regarding you.
5.2 The Company may also collect your personal data from other Orbital companies, as they are defined in General Terms and Conditions of the Platform, upon the change of Orbital company as your service provider.
6.1. The scope of the Customer's personal data indicated below which could be requested by the Company and further processed in order to provide the Services for the purposes indicated in article 4 of this Policy may vary depending on the type of Services chosen particularly by the Customer and Company's applied verification procedures to execute it, as well as, legal requirements applied for such provision of Services in order to prevent possible risks and various crimes.
6.2 In order to provide the Services, we may process your personal data categories, such as (including but not limited):
6.2.1. General data. Name, surname, personal code, date of birth, citizenship(s), place of birth (city, country), country of residence for tax purpose, taxpayer identification number (TIN), address, city/town, postal code, phone number, e-mail, networks account information (i.e., Facebook, Google, Skype) signature, selfie with the identity document, video, data about Customer which may be provided in double-checking systems;
6.2.2. Other Customer's profile information. Profile type, unique character sequence assigned to the Customer for identification, executed Customer’s assessment (evaluation) results, member ID, user ID, user PIN, referral code, referral ID, session ID, login status, social sign on type, email confirmed status, phone confirmed status, secret questions information, compliance officer comments;
6.2.3 Social network data. Social sign on type, social network profile photo, name, surname, your comments, emotions and other actions expressed via our social network account, other your social network profile information provided by you;
6.2.4. Identity document data. ID Type (Passport/Identity Card/Residence permit), its copy, MRZ, document number, date of issue, date of expiry;
6.2.5. Data obtained and/or created while performing legal obligation. Inquiries, requests, notifications, orders, courts decisions or other data related to the specific Customer(s) which may be received by or provided to the police, courts, investigative bodies, notaries, tax administrator, courts, bailiffs and other institutions;
6.2.6. Information about Customer‘s occupation and income sources:
22.214.171.124 Specific occupation: paid employee/owner of legal entity (company name)/registered self-employee/student/retired/unemployed;
126.96.36.199 Main sectors of customer's occupation, individual or business activity;
188.8.131.52 Information regarding countries in which customer is employed, carries out individual activity or business: countries, whereas activity or business is conducted or registered in preferential tax zone, percentage of turnover in cash for such activity or business, percentage of turnover in individual or business activity is handled in cryptocurrency;
6.2.7. Account opening information:
184.108.40.206. Services which the client plans to use;
220.127.116.11. Source of funds in Customers account;
18.104.22.168. Monthly planned account turnover; countries from which the funds will be received or transferred;
6.2.8. Information about Politically Exposed Person (the "PEP"):
22.214.171.124. Information whether the Customer is PEP itself or has an immediate relationship with PEP;
126.96.36.199. General information regarding PEP: relation, name, surname, country, PEP's position;
6.2.9 Information about Beneficial Owner (the "UBO"):
188.8.131.52. Information whether the Customer is the UBO of the account and the funds in the account;
184.108.40.206. General UBO's identification data: name, surname, date of birth, citizenship, country of residence for tax purposes, tax identification number (TIN), place of birth (city, country), registered residential address, share of benefit;
6.2.10. Financial data:
220.127.116.11. information about linked card(s) (i.e., currency, partial card number, validity date, card's owner name and surname, CVV/CVV2);
18.104.22.168. information about prepaid card(s);
22.214.171.124. accounts related to the Customer's account on the Platform (used for receiving/sending funds);
126.96.36.199. information about accounts in other financial institutions (i.e., name of institution, country, account number);
188.8.131.52 information about other Customers' s cryptocurrencies;
184.108.40.206. information about used Orbital merchant services;
220.127.116.11. transactions information: transaction ID, method, type (credit, deposit, withdrawal, exchange), status, sender, recipient (ID), QR code/wallet/fiat account number, payment provider's information, time and date register, order ID, amount, currency (code), coupon code;
6.2.11. Communication data: date, time, correspondence, video and voice calls, chats, etc.
6.2.12. Information related to electronic devices: IP address(es); time zone; log-in and log-out register; browser information; electronic device's operating system information; location data (country (code), city), internet service provider (ISP); selected language; information regarding Customer's actions within Website.
6.2.13. History data: customer's experience using the Website, the register of all Customer's actions performed on the Platform (i.e. operations, such as funds transactions, linking cards, log-in and log-out register, register of reset passwords, separately expressed Customer's consents for personal data processing (i.e. for direct marketing).
6.2.14. Other data which may be requested or gathered by the Company or provided by the Customer herself/himself or any third party.
The scope of the Customer's personal data indicated below which could be requested by the Company and further processed in order to provide the Services for the purposes indicated in article 4 of this Policy may vary depending on the type of Services chosen particularly by the Customer and Company's applied verification procedures to execute it, as well as, legal requirements applied for such provision of Services in order to prevent possible risks and various crimes.
7.1 Your personal data indicated in article 6 of this Policy may be provided by the Company itself or upon respective request to the below indicated categories of personal data recipients:
7.1.1 credit, financial, payment and (or) electronic money institutions;
7.1.2. payment services providers, as well as intermediary services providers;
7.1.3. cards providers;
7.1.4 authorities (i.e., supervising institutions, law enforcement institutions, courts);
7.1.5 auditors, legal and financial consultants;
7.1.6. IT providers;
7.1.7. marketing services providers;
7.1.8. fraud detection services providers;
7.1.9. data processors;
7.1.10. any of the Companies, in order to ensure smooth provision of the Services on the Platform upon change of the Company as your Service provider;
7.1.11. other Partners of Orbital, as they are defined in annexes of General Terms and Conditions of the Platform, in order to ensure smooth and easy delivery of the Services;
7.1.12. other service providers which services may include, or which are engaged in personal data processing executed by the Company.
7.2 Personal data may also be provided to other recipients if:
7.2.1. the Company has to comply with a legal obligation to which it is a subject; or
7.2.2 such requested personal data is necessary for the concrete data recipient to carry out a particular inquiry in the general interest, in accordance with the European Union or Member State law; or
7.2.3 the data requesting party has a legitimate interest to request for such information.
7.3. The Company maintains strong cooperation with local and international authorities and institutions, therefore, upon request of such party substantiated under article 7.2 of this Policy, your personal data may be provided to the requested party without permission to notify you.
7.4. In general, the Company processes your personal data within the EU or the European Economic Area (the "EEA"), however, there might be some cases when the Company cooperates with the recipients outside EU or EEA. In such cases the Company makes all reasonable efforts to ensure that at least one of the following GDPR requirements is complied:
7.4.1. the recipient is located in the territory which is acknowledged by the European Commission as ensuring the adequate level of personal data protection;
7.4.2. the Company and the recipient have concluded the agreement with the standard terms and conditions regarding personal data security which were approved by the European Commission;
7.4.3. the Codes of conduct or other security measures under GDPR has been complied.
8.1 The Company processes personal data so that it could achieve the purposes indicated in article 4 of this Policy.
8.2 In order to set the below indicated data retention periods the Company has referred to the legal acts and public recommendations applicable in the European Union and locally such as compliance with legit limitation periods, as well as current business practice.
8.3 Depending of the category of personal data and the purpose it is being processed your data retention period applied within the Company as it is required by the law or business practice to ensure smooth delivery of the Services is:
8.3.1. for the purposes indicated in articles 4.1.1- 4.1.5 of this Policy we process your personal data throughout the term of our contractual relationship and store it after this relationship ends for as many years as it is required by law (for example, it may be required to store such data for additional 8 years). The personal data processing for such a period is based on the necessity to execute Customer's due diligence, conduct ongoing monitoring, collect supporting evidence and records of transactions. In case the contractual relationship has not been established based on reasons not related with prevention of money laundering and terrorist financing (e.g. you decided not to finish application or verification procedure due to your own personal reasons) your personal data will be stored for 3 years since the last contact with you or action from your side;
8.3.2 for the purposes indicated in article 4.1.6. - 4.1.7. we process your personal data collected via correspondence with you throughout the term of our contractual relationship and store it after this relationship ends for as many years as it is required by law (for example, it may be required to store such data for additional 5 years). As for your personal data processed for the same aforementioned purposes and collected when you call to our support services, or communicate with us when you have not established or has already terminated contractual relationship with us, we store such communication data for 3 years since the day of execution of voice call record or our last contact with each other via other communication means. The personal data processing for such periods is based on necessity to keep records of communication with you;
8.3.3. for the purpose indicated in article 4.1.8. we may process your personal data throughout the term of our contractual relationship or throughout the term your consent is valid (up to 3 years, if not renewed) and after the day of termination of contractual relationship or expiration date/ revocation of the consent we store it for additional period of time due to possible claims (for example, possible prescription period for claims can be 3 years) although newsletters will not be sent during this period;
8.3.4. for the purposes indicated in article 4.1.9. we process your personal data until your social network account or Company's social network account is deleted – whichever comes first;
8.3.5. for the purposes indicated in article 4.1.10. we process your personal data throughout the term we support the Platform.
8.4 Upon the end of the retention period, indicated above, your personal data is erased.
9.1. In order to provide you generic or personalized up-to-date news about Orbital products, Services and proposals, your email address and/or telephone number might be processed by the Company for direct marketing purposes.
9.2. You may receive generic direct marketing newsletters based on Company’s legitimate interest according to the applicable law and/or personalized direct marketing newsletters based on your explicitly expressed consent.
9.3. In order to select and send you the news which is likely to be most interesting and relevant to you, the Company may profile you based on meaningful factors, such as your location, the day of your last sign-in to the Platform, the history of your use of the Services, etc. Kindly note that your profile will be segmented only if you have explicitly agreed to receive personalized direct marketing news.
9.4. In order to send you the newsletters we may use third party services and share your email address and/or telephone number with it.
9.5. Your contact details, indicated in article 9.1., will be processed for the period indicated in article 8.3.3. of this Policy. Together with your email address and/or telephone number your personal data, such as IP address and the date when you gave a consent and or you have renewed it (and later on also the day of termination of Services or expiration/revocation date of the consent), will be processed for the aforementioned period.
9.6. You have a right to object to processing of your personal data for direct marketing purposes or revoke your present consent for receiving personalized news at any time by withdrawing your consent in your profile settings or by clicking on the withdrawal link provided in the received newsletters or by sending us a request at the contacts provided in the Platform.
10.1. The Company takes various security ensuring technologies and procedures in order to protect your personal data against unauthorised or unlawful processing, accidental loss, misuse, unauthorized access, illegal usage, destruction, disclosure, damage, etc. This includes legal, organisational, technical, and physical security measures, such as latest security systems, two-factor authentication and passwords, ability to detect cyber security attacks and other threats to the integrity of the Platform, working only with trustworthy service providers, etc. However, no transmission of information via email or other telecommunication channels or your access to the Platform or the Services through the internet could be fully secured. Therefore, you should take due care when you are accessing the Platform or using the Services via the internet or sharing confidential information via e-mail or other telecommunication channels.
You have certain legal rights in relation to the processing of your personal data, including:
12.1.1. the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information regarding its processing;
12.1.2 the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, taking into account the purpose of the processing, the right to have incomplete personal information completed;
12.1.3. the right to obtain from us the erasure of personal data concerning you without undue delay if one of the grounds set out in article 17 of the GDPR applies;
12.1.4. the right to obtain from us restriction of processing where one of the grounds set out in article 18 of the GDPR applies;
12.1.5. the right to data portability in accordance with article 20 of the GDPR;
12.1.6. the right to object at any time to processing of your personal data in accordance with article 21 of the GDPR;
12.1.7 the right not to be subject to automated individual decision-making, including profiling in accordance with article 22 of the GDPR.
12.2. This Policy does not deprive you of any other legal rights you may enforce under the applicable law.
12.3. The Customer may exercise his/her rights only after the Company has successfully identified him/her. If the Company is not sure about the identity of the person sending the data request, the Company may not provide the requested information to him/her, unless the Customer's identity is confirmed. In case you decide to use other communication channels, such as sending a request via email, kindly ask you to indicate in the e-mail your name, surname, your date of birth and the last four digits of your identity document number which you used when entering into business relationship with the company (if you have provided it before). In addition, the Company keeps the right to decide if the other or additional legitimate means of identification proof should be requested, such as a selfie with your ID document, certified copy of your ID document, video or voice call, or any other additional document or method which could determine your identity.
12.4. The Customer is provided with information related to the exercise of their rights free of charge. However, the Customer's request for the exercise of rights may be waived or may be subject to an appropriate fee if the request is manifestly unfounded or excessive, in particular because of their repetitive character.
12.5. The Company shall provide the Customer with information on the actions taken upon receipt of the Customer's request for the exercise of his rights or the reasons for the inaction no later than within 1 month from the receipt of the request. The period for submitting the requested information may be extended, if necessary, for 2 more months, depending on the complexity and number of requests. When the Customer submits the request by electronic means, the information shall also be provided by electronic means.
12.6. If the Customer considers that his/her personal data is being processed in violation of his/her rights and legitimate interests in accordance with applicable law, the Customer shall have the right to file a complaint against the processing of personal data to the State Data Protection Inspectorate located in the country where your data controller is incorporated.
13.1. You confirm that you have provided correct data about yourself in every required form and that afterwards, when changing or adding any data at the Platform, you will enter only correct data. The Company will not tolerate invalid, false or otherwise incorrect data and will pursue actions in accordance with its legal obligations. You shall bear any losses that occur with regard to the submission of invalid, false or otherwise incorrect data.
13.2. You are responsible for maintaining adequate security and control of every identification number, password, and/or any other code that you use to access the Platform. If you have not complied with this obligation and/or could, but have not prevented it and/or performed it on purpose or due to own negligence, you assume the losses and undertake to reimburse the losses of other persons incurred as a result of your (in)action.
13.3. In the event of loss of any password by yourself or if the password(s) are disclosed not due to your or Company's fault, or in case of a real threat that has occurred or may occur to your account, you undertake to change the password(s) immediately or, if you do not have a possibility to do that, not later than within 1 calendar day notify the Company. The Company shall not be liable for consequences that have originated due to the notification failure.
13.4. After the Company receives the notification from you as indicated above, the Company shall immediately suspend access to your account and provision of the Company’s Services until a new password is provided/created for you.
13.5. The Company draws your attention to the fact that email address and any other contact information you have chosen to link to your account are used for your identification and communication. You undertake responsibility to protect these instruments and logins to them. You are responsible for password disclosure and for all operations performed after you use the password for a relevant account. We recommend memorizing your passwords and not to write them down or enter anywhere where they may be seen by other persons.
If you have any questions regarding this Policy or your personal data protection or if you want to withdraw your consent, or execute your rights you may contact us by email firstname.lastname@example.org or mail via postal address: Pay Perform Limited, 230 Blackfriars Road, London SE1 8NW, England with a notice "Data Protection".
15.1. This Policy shall be viewed and applied in accordance with the GDPR and other applicable laws.
15.3. The Platform and Services may contain links to our partners or other third-party websites. If you use the services of our partners or other third-parties, their own privacy policies apply, and you will be covered by such respective policies.