2. About the Data Controller and the Data Protection Officer
“Personal Data Controller” is the company that determines the purposes and means of the processing of personal data.
The controller of the personal data we process is Billium Finance LLC, registered under No. 1947
The Personal Data Protection Officer may be contacted at firstname.lastname@example.org.
3. Your Consent
4. What is “personal data”?
The General Data Protection Regulation (GDPR) (EU Regulation 2016/679) defines personal data as “any information relating to a data subject, that is, an identified or identifiable natural person, that is, a person who can be identified directly or indirectly, in particular by reference to an identifier, such as name, identification number, location data, online identifier”. In other words, personal data is any information about you that allows you to be identified.
The personal information we collect and use is listed in this Policy.
5. What personal information do we collect and process?
A. The information you provide:
- By filling out any forms, including when you register to access our services, sign up for our newsletter, or send us problem reports;
- By interacting with us in any way;
- By requesting information about our products and services;
We collect the following information:
- Your first name, last name, middle name, address and date of birth;
- Your email address and device information;
- Your username, password, and other registration information;
- Your bank account details, including account number, bank branch number, SWIFT code, and International Bank Account Number (IBAN);
- Details of your Billium account, the debit card linked to it, and any other debit and credit cards that you register in our System, including the expiration dates of such cards and CVC codes (the last three digits of the number shown on the back of the card);
- Data and information obtained through due diligence, including identification documents, copies of any other documents you provide to us to verify your identity, and any other information necessary to provide our services, your image in photo or video format;
- Financial information, if applicable.
B. Information we receive from third parties
We may also obtain your personal information through third parties, including but not limited to the following information:
- Information received by the Billium Group company;
- Information obtained by payment systems (such as Visa, Mastercard, etc.), anti-fraud organizations, credit bureaus, executive authorities, and law enforcement agencies;
- Information obtained from publicly available sources, such as company registries, websites designed for in-depth counterparty due diligence;
- Information from social networks.
C. Transaction information
- Information about your account receipts and payments, including information about the date, amount, currency, parties involved in the payment transaction, information about text messages sent and received along with payments, information about merchants, payment methods used, technical usage data, and geolocation data.
D. Information from your device when you use our site. We may collect the following technical information:
- The name of your Internet Service Provider (IP address), network environment data, credentials, browser type and settings information, time zone information, device used, unique device identifier, mobile network information, a mobile operating system and mobile browser type, and session date, time and duration information.
6. Legal basis for using your personal data
We only process your personal data if there is a legal basis for doing so. There may be the following legal basis for processing personal data:
- Contractual obligations
- Legal obligation
- Legitimate interests
A) Contractual obligations
We will use your personal data to fulfill our obligations under the contract we have with you.
We will use your personal data to verify and confirm your identity for the purposes of creating your account and performing administrative functions on it.
We will use your personal data to process transactions flowing through your Billium account and/or card, as well as to carry out your orders for your account.
We will provide you with important information about the products and services available, as well as necessary technical support and maintenance.
B) Legal Obligation
We will use your data to fulfill the legal obligations imposed on us, verify and confirm your identity as part of our KYC – Know Your Customer ("Identification, Verification and Customer Research") process, and provide necessary assistance to the authorities in conducting investigations as required by applicable law. We may collect and retain your personal data for risk management purposes and detect and prevent fraud and other illegal or prohibited activities.
C) Legitimate Interests
We may monitor and record all communications sent to and received from you for record keeping purposes, to improve our services and products, and for educational purposes.
With your express consent, we may use your personal data to contact you by email in order to provide you with information about our products and services or for other business purposes. You may withdraw such consent at any time.
7. Automated Decision Making
We do not use automated decision making techniques in processes that may affect the services we provide to you. Checking your user profile for risk assessment or fraud prevention purposes is done manually.
9. Data Security
We are committed to protecting your personal information. We take various measures to ensure the security of your personal information as you submit an application or input, submit your personal information, or access your personal information.
We use data encryption methods and authentication procedures to prevent unauthorized access to our system and your data.
All confidential information provided is transmitted via Secure Socket Layer (SSL) protocol.
Only those of our employees who need access to your data to perform their job responsibilities are granted access rights. We regularly train our employees and educate them about the importance of maintaining the confidentiality and privacy of personal information.
We refine our security procedures to ensure compliance with the strictest requirements of industry best practices, thus ensuring a high level of protection for your personal data.
There are also a number of rules you can follow on your part. Always use a strong password and don't use the same password for more than one account. Don't tell your password to anyone. Our representatives never ask for user passwords, so you should be cautious about any such requests, and report them to us by contacting technical support.
10. Data Retention
We will not retain your personal data longer than necessary for the specific purpose or purposes for which it was collected, unless longer retention is required or permitted by law. Once your personal information is no longer needed, we will delete it without possibility of recovery.
11. Disclosure of your personal data to third parties
In providing our services, we may need to disclose your personal data to third parties, in particular:
Who can we share your data with?
Why do we share your data?
Financial and banking institutions such as bank card issuers and acquirers of bank cards, payment networks, including Visa and Mastercard to perform payment transactions initiated by you using our network, your bank card and/or your bank account.
External analytics service providers
To collect metrics and information about your use of the Service, including an assessment of how Agents and End Users use the Service ("Usage Data"), to develop new features, improve existing features or inform sales and marketing strategies, based on our legitimate interest in improving the Services. When Usage Data is processed, all personal information is anonymized.
Other business partners and suppliers (including IT service providers, card manufacturers, delivery services, etc.)
To enforce the contract we made with them or with you.
Potential or existing sellers or buyers of the enterprise
In the event that we decide to sell or buy any business or assets, or in the event of an actual or potential merger or similar business combination, we may transfer your data to the new Data Controller. The basis for such processing is a legitimate interest. In such cases, the transfer of personal data is required in order to complete the transaction.
Third parties, such as courts, law enforcement or government authorities, or authorised third parties in legally mandated cases where such disclosure is reasonably necessary.
We may disclose your information to comply with our legal obligations, to fulfill requests related to criminal investigations, in connection with any alleged unlawful acts or suspicion thereof, or any other actions for which we or other users may be legally liable, and to enforce our business policies, protect and defend our rights and property and the rights and property of third parties.
12. Cross-Border Data Transfers
13. Links to Third-Party Websites
Please read their privacy policies before you provide any personal information to such sites.
14. Data subject rights
Under the General Data Protection Regulation, you have the right to control the way your personal data is processed. You have the following rights:
Right to receive information. You have the right to be informed about the processing (collection and use) of your personal data.
Right of access. You have the right to request confirmation as to whether we are processing the personal data concerning you. You can also request information about how we collect, share and use your personal information.
Right to rectification. You have the right to check your personal data and to have any outdated or inaccurate personal data corrected.
Right to delete data (“right to be forgotten”). You have the right to request that we delete your personal data if there is no objective need to process such personal data for legitimate business purposes under this Policy or applicable law.
Right to restrict processing and right to object. You have the right to request us to restrict the processing of your personal data, to object to the processing of your personal data, and to object to the use of automated decision-making methods.
Right to data portability. On request and if technically possible, we will provide you with your personal data or pass it on to another data controller in a structured, ubiquitous and machine-readable format.
Right to withdraw consent. Where we have specifically requested your consent to process your personal data, and we have no other legal basis for processing your personal data, you have the right to withdraw your consent at any time by changing the settings in your account or by sending a letter to that effect, indicating the specific consent you withdraw. You can opt out of receiving materials we send you electronically by clicking on the “Unsubscribe” link included in every email we send you.
Right to lodge a complaint with the supervisory authority. You have the right to complain with the supervisory authority at your location about the Controller's handling of personal data. The procedure for lodging a complaint is described in detail in Section 15 of this Policy.
Reasonable access to your personal data will be granted within one month of receipt of your request. If access cannot be granted within the above period, we will inform you of the exact date on which the information will be provided.
You can exercise all of the above rights by sending an email to .................... Before we disclose any personal information to you, we may ask you to produce proof of your identity.
We may charge a fee for access to personal data to cover our own costs in providing you with information about the personal data we hold about you.
Please note that we will try to comply with any requests you make in order to exercise your rights, but in some cases there may be legal or other reasons why we cannot or are not obligated to comply with such a request. In such cases, we will be forced to deny or only partially honor your request.
15. Lodging a complaint
In accordance with the General Data Protection Regulation, a data subject has the right to lodge a complaint with the supervisory authority in the Member State of his or her usual place of residence, place of work or place of alleged violation, if the data subject believes that the processing of personal data concerning him or her violates the said Regulation.
If you are not satisfied with the response you receive from Billium, you can lodge a complaint with the supervisory authority in the Member State in which you reside. You can find the relevant supervisory authority by clicking on the link below:
17. Contact Person