This Privacy Policy (“Policy”) describes how Hundred Exchange (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal data in connection with our website, platform, applications, and related services (collectively, the “Services”).
We are committed to protecting your privacy and ensuring that your personal data is handled in a safe, responsible, and transparent manner. Please read this Policy carefully to understand our practices regarding your personal data and how we will treat it.
1. DATA CONTROLLER
1.1. For the purposes of applicable data protection laws, Hundred Exchange is the data controller responsible for the processing of your personal data in connection with the Services.
1.2. If you have any questions about this Policy or our data protection practices, or if you wish to exercise any of your rights as a data subject, please contact us using the contact details provided in Section 14 of this Policy.
2. CATEGORIES OF PERSONAL DATA WE COLLECT
2.1. We collect and process various categories of personal data depending on how you interact with our Services. The categories of personal data we may collect include:
Account Data: This includes your username, password, account preferences, settings, and other information associated with your account.
Financial Data: This includes Digital Asset wallet addresses, transaction history, account balances, trading activity, and source of funds or wealth information.
Technical Data: This includes your Internet Protocol (IP) address, browser type and version, device type and identifiers, operating system, time zone settings, geolocation data, and other technical information collected through cookies and similar technologies.
Usage Data: This includes information about how you use our Services, including pages visited, features used, links clicked, time spent on pages, search queries, and other interaction data.
Communications Data: This includes the content of your communications with us, including emails, chat messages, support tickets, and any other correspondence.
Marketing Data: This includes your preferences in receiving marketing communications from us and your communication preferences.
Biometric Data: Where permitted by applicable law and where you provide your consent, this may include facial recognition data or other biometric identifiers used for identity verification purposes.
3. HOW WE COLLECT PERSONAL DATA
3.1. We collect personal data through various means, including:
Directly from You: We collect personal data that you voluntarily provide to us when you register for an account, conduct transactions, communicate with us, subscribe to our newsletters, participate in surveys or promotions, or otherwise interact with our Services.
Automatically: We automatically collect certain technical and usage data when you access or use our Services through cookies, web beacons, pixels, log files, and similar tracking technologies.
From Third Parties: We may receive personal data about you from third parties, including identity verification service providers, fraud prevention services, credit reference agencies, sanctions screening providers, blockchain analytics providers, public databases, government authorities, and other users of the Services.
From Publicly Available Sources: We may collect personal data from publicly available sources, including public blockchain networks, social media profiles, company registries, and other public records.
4. LEGAL BASES FOR PROCESSING
4.1. Under applicable data protection laws, we must have a valid legal basis for processing your personal data. We rely on the following legal bases depending on the nature and purpose of the processing:
Performance of a Contract: We process your personal data where it is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.
Legitimate Interests: We process your personal data where it is necessary for our legitimate interests or the legitimate interests of a third party, provided that such interests are not overridden by your interests or fundamental rights and freedoms.
Consent: Where required by applicable law, we process your personal data based on your freely given, specific, informed, and unambiguous consent.
5. PURPOSES OF PROCESSING
5.1. We process your personal data for the following purposes:
Providing and Managing the Services: To create, maintain, and administer your account; to process and execute your transactions; to provide you with access to features and functionalities of the Services; and to provide customer support and respond to your inquiries.
Identity Verification and Compliance: To screen against sanctions lists, PEP databases, and adverse media; to conduct AML/CFT monitoring and transaction surveillance; to comply with applicable laws, regulations, and regulatory guidance.
Security and Fraud Prevention: To detect, prevent, investigate, and mitigate fraud, unauthorized access, security incidents, and other malicious or illegal activities.
Analytics and Improvement: To analyze usage patterns and trends; to conduct research and analytics to understand how users interact with our Services.
Communications: To communicate with you about your account, transactions, and use of the Services.
Marketing: To send you marketing communications about our products, services, promotions, and events, where you have consented to receive such communications.
Legal and Regulatory Compliance: To comply with our legal and regulatory obligations.
Business Operations: To manage our business operations, including corporate governance, auditing, accounting, and financial reporting.
6. DATA SHARING AND RECIPIENTS
6.1. We may share your personal data with the following categories of recipients:
Affiliates and Group Companies: We may share your personal data with our subsidiaries, affiliates, and other companies within our corporate group for the purposes described in this Policy.
Service Providers: We engage third-party service providers to perform functions and provide services on our behalf.
Regulatory and Governmental Authorities: We may disclose your personal data to regulatory authorities, law enforcement agencies, tax authorities, courts, and other governmental bodies where required by applicable law.
Blockchain Networks: When you conduct transactions using our Services, certain transaction data may be recorded on public blockchain networks.
Business Transferees: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity.
6.2. We do not sell your personal data to third parties for monetary consideration.
7. INTERNATIONAL DATA TRANSFERS
7.1. Your personal data may be transferred to, stored in, and processed in countries outside your country of residence, including countries that may not provide the same level of data protection as your home country.
7.2. Where we transfer personal data from the EEA, the United Kingdom, or Switzerland to a country that has not been deemed to provide an adequate level of data protection, we implement appropriate safeguards.
8. DATA RETENTION
8.1. We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements.
8.2. The retention period for your personal data depends on the nature of the data, the purposes for which it is processed, and applicable legal and regulatory requirements.
9. DATA SUBJECT RIGHTS
9.1. Under applicable data protection laws, including the GDPR, you have certain rights with respect to your personal data, including:
Right of Access: You have the right to request confirmation as to whether we are processing your personal data, and if so, to request access to your personal data.
Right to Rectification: You have the right to request that we correct any inaccurate personal data we hold about you.
Right to Erasure: You have the right to request that we erase your personal data in certain circumstances.
Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
Right to Object: You have the right to object, on grounds relating to your particular situation, to the processing of your personal data based on our legitimate interests.
Right to Withdraw Consent: Where we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw your consent at any time.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority.
9.2. To exercise any of your rights, please contact us using the contact details provided in Section 14 of this Policy.
10. AUTOMATED DECISION-MAKING AND PROFILING
10.1. We may use automated decision-making, including profiling, in connection with the provision of our Services. This may include risk assessment, fraud detection, and identity verification.
10.2. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
11. COOKIES AND TRACKING TECHNOLOGIES
11.1. We use cookies, web beacons, pixels, and similar tracking technologies to collect certain information about your interactions with our Services.
11.2. The types of cookies and tracking technologies we use include: Strictly Necessary Cookies, Performance and Analytics Cookies, Functionality Cookies, and Targeting and Advertising Cookies.
11.3. You can manage your cookie preferences through your browser settings or through our cookie consent tool (where available).
12. SECURITY MEASURES
12.1. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
12.2. While we take reasonable measures to protect your personal data, no method of transmission over the internet or electronic storage is completely secure.
13. CHILDREN'S PRIVACY
13.1. Our Services are not directed at individuals under the age of eighteen (18) years. We do not knowingly collect personal data from children.
14. CONTACT INFORMATION
14.1. If you have any questions, concerns, or requests regarding this Policy or our data protection practices, please contact us at:
Hundred Exchange Website: https://www.hundred.exchange
15. CHANGES TO THIS PRIVACY POLICY
15.1. We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
15.2. We encourage you to review this Policy periodically to stay informed about our data protection practices. Your continued use of the Services following the posting of changes to this Policy constitutes your acceptance of such changes.