Version 1.0 (07/11/2022)
Gain Changer Ltd, a company incorporated under the Laws of Malta, bearing the company registration number C 94475 and having its registered address at 206, Wisely House, Old Bakery Street, Valletta, VLT 1451, Malta is the data controller of the Proton Links Portal (the “Portal”) accessible at www.protonlinks.com (the “Website”) and any services pursuant thereto (the “Services”).
The terms “we”, “us” and “our” shall be construed accordingly.
We recognize our obligations as data controllers and are committed to complying with applicable data protection law. We are committed to ensuring that personal data is protected and processed lawfully.
1. What is personal data?
“Personal data” refers to all information which can render an individual personally identifiable, such as name, surname and email address and includes all information and documentation that can arise or be produced which can identify a person personally.
2. How do we collect personal data and what personal data do we process?
User registration is required to be able to utilize the Portal and to create a Portal account. As part of such registration, the Portal requires inputting personal data in the necessary fields as part of the registration process.
We envisage that the personal data that we shall collect and process to render the Service to be the personal data which you, the user registering the Portal account, chooses to provide to us in the respective fields when doing the Portal account’s registration.
You may also choose to provide to us further personal data as part of any correspondence with us with regards to delivery of Services.
Personal data in respect of other persons may need to be provided to us as part of the KYC, due diligence and credit reference checks which we may require as part of the Portal account registration process or thereafter.
3. Purposes and Legal Basis for Processing
We mainly envisaging processing your personal data for the purposes of delivering the Services and/or agreeing to deliver Services as per the terms and conditions accessible at (link).
We will also process any personal data that may be provided to us for any purposes required to comply with applicable laws as well as any purposes which may be inherently in our legitimate interests, including compliance checks and KYC screening, credit reference checks, as well as for defending or instituting legal actions or proceedings.
4. Information about other people
Information in respect of any person other than the Portal user cannot be provided to us as part of the Portal registration.
If any instance arises where you provide information to us about any person other than yourself, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and any of our outsourced service providers, to use it.
Such instances are envisaged to arise with regards to due diligence checks, KYC screening and credit reference checks.
It shall be in our legitimate interest to process the email address you use when registering a Portal account for the purposes of us sending emails to such email address which emails promote our own products and services.
Should you wish to no longer receive such promotional emails, you may do so at any time by emailing [email protected] or click the “Unsubscribe” link at the footer of any such promotional email correspondence we may choose to send to you.
6. Data Retention
Personal data shall be retained exclusively for the period in which it is necessary to fulfil the purpose of collection.
Generally, it is envisaged that the personal data will be mainly held for up to 5 years from the date of closure of the respective account.
If you want to learn more about any specific matter regarding our data retention or retention periods established in our Data Retention Policy, you may contact us at [email protected].
Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.
7. Data Security
We take the protection of your personal data very seriously and are committed to take the appropriate technical and organisation measures to protect your data against unauthorised or unlawful processing.
8. Your rights
- You enjoy various rights in relation to your personal data:
Right to Withdraw Consent – you have the right to withdraw your consent at any time where the processing was based on your consent. The withdrawal of your consent will have no affect on the lawfulness of processing based on consent before its withdrawal. Consent may be withdrawn by contacting [email protected]. It is not currently envisaged that processing is carried out on the basis of consent.
- Right of Access – the right to ascertain whether we hold personal data about you and to receive a copy of such personal data;
- Right to Complain – if you have any complaints regarding our processing of your personal data note that you may contact us at the contact details provided below. You also have a right to lodge a complaint with the Information and Data Protection Commissioner in Malta. The Information and Data Protection Commissioner may be contacted at idpc.gov.mt;
- Right to Erasure – you have a right to request that we delete your personal data in certain circumstances;
- Right to Object – you have a right to object to our processing of your personal data and request that we stop such processing in certain circumstances;
- Right to Data Portability – you may have a right to request that we port certain personal data in a structured, commonly used and machine-readable format. If technically feasible, you may also request that such data is transmitted by us directly to a third-party controller of your choice;
- Right to Rectification – you have the right to update, correct and rectify any inaccurate personal data we process about you;
- Right to Restriction – you have a right to request that we restrict your personal data in certain circumstances;
9. Recipients of personal data
We do not sell personal data to third parties. Only our employees, contractors, suppliers, advisors and representatives who require access to such personal data on a strict need to know basis will have access to the personal data.
Note that our IT suppliers and hosting service providers will process personal data for technical purposes.
We may also share personal data with third parties when Service delivery is agreed if such is required to a Service or where required to comply with our legal obligations or legitimate interests.
Please note that as part of the onboarding process, we may perform a KYC and due diligence onboarding process and a credit reference check whereby we use due diligence software, tools and KYC and/or credit reference service providers that may be provided with personal data by us to render to us our requested services.
All processing will happen in Malta or in the EU.
10. Automated Decision Making and Profiling
Your personal data will not be processed for the purposes of any decisions taken solely on the basis of profiling methods or algorithmic/automated decision-making without human intervention.
11. Contact Details
If you have any queries regarding our personal data processing practices, do not hesitate to contact us on [email protected].
Where applicable, we will not proceed with any new processing before we collect your consent following notification of the respective updates / changes.