Privacy Policy of Sofex Capital Ltd.
At Sofex Capital Ltd. accessible from www.sofex.finance one of our main priorities is the privacy of our visitors and clients. This Privacy Policy document contains types of information that is collected and recorded by Sofex Capital Ltd.and how we use it.
This Privacy Policy applies only to our online activities and is valid for visitors to our website and clients of our Services with regards to the information that they shared and/or collect in Sofex Capital. This policy is not applicable to any information collected offline or via channels other than this website.
I. Who are we?
(1) The controller of your personal data is Sofex Capital Ltd., Company No 208046425 with registered office and management address: Bulgaria, Sofia city, p.c. 1415, Vitosha district, 42 Okolovrasten pyt Str., fl.3, office 4, represented by the Managing Directors Stefan Tabakov and Bojidar Pavlov (referred to for short as “the Controller”, “We”, “Us”).
(2) If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact our Privacy team at info@sofex.finance.
II. Basic principles for personal data protection
We are committed to processing your personal data in compliance with all legal requirements under Regulation (EU) 2016/679 (abbreviated as “GDPR”). The main principles we follow are related to your personal data being:
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
III. Information we collect
(1) You enter your personal data yourself in the online form provided by us, therefore you guarantee that it is current and accurate at that time. In case of inaccuracy of the personal data entered by you and there is a need to update the data, you guarantee that you will inform us in order to carry out a correction on our part.
(2) As our Client, we may obtain information about your personality from public sources, our service providers assisting with AML, fraud, and security compliance, in order to comply with legal requirements for conducting checks related to anti-money laundering and counter-terrorist financing legislation.
(3) Personal data and purposes of processing:
3.1. As visitor of our website we collect data about your device (computer, phone, tablet, etc.), including your IP address, the browser you use and your language settings, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks in which case this data is anonymous and does not allow you to be identified.
The legality of the processing is based on Article 6, para. 1, (f) of the GDPR as it is necessary for the purposes of the legitimate interests of the Controller. We believe that we have an interest in analyzing the usability of our Website and the level of user satisfaction, administering the site, tracking users’ movement on the website, and gathering demographic information, as we understand that the processing of this data is also beneficial to you, since the aim is to improve the user experience and provide a service with a higher quality.
3.2. As our Client, we collect the following data:
Personal Information: Full name, residential address and contact details (e.g. email address, telephone number etc.), date of birth, place of birth, gender, citizenship; signature, utility bills;
Sensitive personal data: We may also collect sensitive personal data when permitted by local law or with your explicit consent, such as biometric information (photographs and a video or voice recording of you), to verify your identity by comparing the facial scan data extracted from your selfie or video with the photo in your government issued identity document.
Financial information: Bank account information, wallet addresses, bank cards details, details about your source of funds, assets and liabilities, information relating to economic and trade sanctions lists and all other relevant financial information related to an executed payment depending on the payment method chosen by the client as well as relevant AML due diligence documents for the source of funds.
PEP Information: Information on whether you (or someone close to you) holds a prominent public function;
Verification information: every information necessary to verify your identity such as a passport, ID Card, driver’s license, selfie photos / videos, login credentials or government-issued identity card, which may be processed using technologies that extract biometric data;
Employment Information: Job title, salary, employer and reputation information
Transaction information: information about the transaction you make on our services, such as the name of the recipient, your name and e-mail address
Activity | Purpose/s | Law basis under Art.6 GDPR | Categories of personal data |
---|---|---|---|
Registration of account | To create and maintain your account. And To provide you access to our services; | processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract | Personal information |
Onboarding process | Anti-money laundering and counter-terrorist financing legislation requires us to perform Customer Due Diligence (KYC) prior to establishing a business relationship with you. For this purpose we will perform screening through online tools and crossmatch this data with data we hold for the purposes of compliance with AML legislation. | processing is necessary for compliance with a legal obligation to which the controller is subject | Personal information Sensitive personal data Verification information PEP information Employment information Financial information |
Due diligence | We are generally required to collect various pieces of personal information to properly identify or verify your identity and comply with other specific AML or sanctions laws/regulations (e.g. funds transfer rules). The types of personal data collected will vary depending on the checks and identity verification needs in your location and the identity services selected by us. | processing is necessary for compliance with a legal obligation to which the controller is subject | Personal information Sensitive personal data Financial information Verification information PEP information Employment information Reports by background check providers (if it is applicable) Blockchain Transactions Reports Computer or mobile device information Geolocation Website usage information, Transaction information. |
To provide you our Services | We process your personal data in order to provide our Services. | processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract | Personal information Sensitive personal data Financial information Blockchain Transactions Reports Transaction information. |
Reporting to authorities | We are subject to various legal obligations to report to the relevant authority’s information required within the scope of ongoing/periodical reporting or ad hoc requests received by such authorities. | processing is necessary for compliance with a legal obligation to which the controller is subject | The scope of Personal Data depends on the requested information by the authority. It may includes: • Personal information • Sensitive personal data • Verification information • PEP information • Employment information • Financial information • Usage/Activity Information • Transaction Information • Other data requested by the Authority |
Claims, litigation or other proceedings | to protect our legitimate interests | processing is necessary for the purposes of the legitimate interests pursued by the controller | • Personal information • Sensitive personal data • Verification information • Financial information • PEP information • Employment information • Financial information • Other data required by specific proceedings |
Marketing messages, such as brochures, surveys, giving individual discounts and information about campaigns conducted by us And For any purpose not specified above, but for which you direct us to process your personal data | To prepare and send you marketing messages, such as brochures, surveys, giving individual discounts and information about campaigns conducted by us, etc. | the data subject has given consent to the processing of his or her personal data for one or more specific purposes | E-mail and any other information voluntarily provided by you on this occasion. With this Policy, we would like to inform you that you can withdraw the given consent at any time and we will stop processing the above personal data for the stated purposes and sending marketing messages by sending us your explicit refusal in writing to the following e – mail address : info@sofex.finance |
(4) Your data is not subject to transfers to countries outside the European Union (EU) and the European Economic Area (EEA). In exceptional cases, solely for the purposes described above, we may transfer your personal data to a third party located outside the EU or EEA, but in all cases the transfer of your personal data will be carried out in accordance with the requirements of Chapter V of GDPR .
(5) The Controller could use automated individual decision-making, including profiling, when processing your personal data in regards of AML checks executed through a specialized AML and KYC software. All customers can appeal such decisions by contacting our Privacy team at info@sofex.finance
IV. Cookies and Web Beacons
Like any other website, Sofex Capital uses “cookies”. These cookies are used to store information including visitors’ preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users’ experience by customizing our web page content based on visitors’ browser type and/or other information.
More information about them can be found in our Cookie Policy, available at info@sofex.finance
V. Recipients of your personal data
You may consult this list to find the Privacy Policy for each of the advertising partners of Sofex Finance.
Third-party ad servers or ad networks uses technologies like cookies, JavaScript, or Web Beacons that are used in their respective advertisements and links that appear on Sofex Finance, which are sent directly to users’ browser. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit.
Note that Sofex Finance has no access to or control over these cookies that are used by third-party advertisers.
Third Party Privacy Policies
• providers of IT services, hosting services for implementation and maintenance of the Services provided by us; Blockchain data platforms • service providers for the purposes of measuring and tracking user behavior on the sites, sending email messages, sharing content by users, etc. These companies may be or are (non-exhaustively):
- Google (with Google Analytics, Google Tag Manager, AdManager, AdX, AdSense, AdWords, Google Plus): https://privacy.google.com
- Facebook (with Facebook Tracking Pixel, Facebook Tools – Plug-in “like” button, Sign in with Facebook profile, etc.) : https://www.facebook.com/privacy/
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- Viber: https://www.viber.com/terms/viber-privacy-policy/
- Telegram: https://telegram.org/privacy/eu
- Whats app: https://www.whatsapp.com/legal/privacy-policy
• companies providing postal services and deliveries (couriers) for the purposes of communication between you and the Controller; • all state and investigative bodies having the right of access to the relevant information processed by the Controller; • subcontractors of the Controller who are processors of personal data, according to a contract concluded with the Controller and according to the instructions of the Controller, using only processors of personal data who provide sufficient guarantees for the implementation of appropriate technical and organizational measures for compliance with the GDPR ; • external consultants and auditors, disclosing only the amount of personal data that is necessary to assist and provide services, according to a contract concluded with the Controller; • recipients of your personal data may also be third parties in the event that the Controller has an obligation to disclose or share them, in order to comply with a legal obligation, in order to protect rights, property or safety or in connection with contractual and legitimate interests.
In case you want additional information about whether your personal data has been provided to specific recipients of personal data, you can send us a written inquiry to the following e – mail address: info@sofex.finance
VI. Storage periods
(1) General
1.1. The Controller processes your personal data for the terms established by the legislation in force in the country and by the regulatory supervisory authorities. After the expiration of the legally/regulatory terms, the Controller will delete your personal data. A limited number of entities have access to the information in order to ensure the security of your personal data.
1.2. Personal data for which there is no express legal/supervisory storage obligation will be deleted after the purposes for which it was collected and processed have been achieved.
(2) Time Limits
2.1. For the purposes of the execution of the contract concluded between you and Sofex Capital Ltd., your personal data is processed for the period of validity of the same. However, the Controller sets a longer storage period – 5 (five) years, which starts to run after the termination of the contract, in order to pursue legitimate goals for the purpose of protection when presenting a judicial or extrajudicial claim. The determination of the duration of the specified storage period is subject to the general rules of the statute of limitations according to the Bulgarian legislation.
2.2. In addition to the above, for the purposes of fulfilling our obligations under Measures Against Money Laundering Act, we are required to store your information for a period of 5 years from its initial collection.
2.3. For tax and accounting purposes, We will store your personal data for the prescribed period according to the applicable legislation.
2.4. For the purposes of sending marketing messages, brochures, surveys, giving individual discounts and information about campaigns conducted by us, we will store your personal data for as long as your express consent lasts.
2.5. For the purposes of using cookies, the data is stored for the period of validity for which the respective cookie is saved. You can control and/or delete cookies at any time through the settings of your browser.
VII. Data Protection Rights
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
- The right to access – You have the right to request copies of your personal data.
- The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
- The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- You have the right to appeal being subject to automated decision-making, including profiling.
- Right to legal or administrative protection by the competent supervisory authority in case your rights have been infringed.
You can exercise the above rights by sending us a written application using a template or in free text by e – mail info@sofex.finance. You can find the application form right after this Privacy Policy.
(3) In exercising your rights as a data subject, we do not require the payment of fees. However, we would like to inform you that in accordance with the law, we may in certain cases require the collection of such if your requests are clearly unfounded and/or excessive, in particular due to their repetition, or refuse to take action on your request.
(4) In the event that you choose to send a response to your application to a correspondence address and/or office of a shipping company/postal courier, you are responsible for paying all shipping costs.
(5) We would like to inform you that we will make reasonable efforts to comply with your request within 30 days of receiving it. If necessary, this term can be extended by another two months, depending on the complexity and number of requests.
(6) In certain cases, we may ask you for specific information that will enable us to verify your identity and to respect your right to access the information (or any of your other rights). This is an appropriate additional security measure to ensure that your personal information is not disclosed to persons who do not have the right to receive it.
VIII. Children’s Information
Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.
If you are younger than 18 years or reside in countries where we do not offer our Services, you will not be able to register and use our Services.
We do not allow anyone under the age of 18 to use our Services and we do not knowingly request or collect any information about persons under the age of 18. If you are under this age, please do not provide any personal information to Sofex Capital Ltd.
If a Client submitting personal information is suspected of being younger than 18 years of age, upon finding out, we shall immediately take steps to delete the individual’s information.
IX. Information for non-EU citizens
(1) The described legal regulation is based on Regulation (EU) 2016/679, which applies only to citizens of member states of the European Union and European Economic Area.
(2) However, the provision of our Services is not limited to users who are EU citizens. We would like to hereby inform you, in case you are a citizen of a non-EU country, that we will comply with this Privacy Policy and apply the same technical and organizational security measures to your personal data.
(3) Please note that some foreign jurisdictions require the express acceptance of this Privacy Policy in connection with the protection of your personal data. By accessing and using our Services, you signify acceptance to the terms of this Privacy Policy.
(4) For more information about the protection of your personal data and the applicable law for your country, you can contact us at the following e – mail address info@sofex.finance.
Sofex Capital Ltd., in its capacity as the Controller of personal data, reserves the right to change this Privacy Policy at any time. Changes will be communicated by placing a notice on this website.
This Privacy Policy enters into force from 20.11.2024.
Last update: 20.11.2024.
APPLICATION FOR EXERCISE OF RIGHTS AS A DATA SUBJECT UNDER REGULATION (EU) 2016/679
From ………………… ……………… ………………………
(first and last name)
Born on ………………, ID No/Passport No ………………
Your client No in our website ………………
contact phone number ……………………………………, e- email ……………
*Data for data subject representative:
………………… ……………… ………………………
(first and last name)
Power of Attorney ………………… ……………… ………………………
contact phone number ………………………, e- email ………………………
On the basis of Art. 12-Art. 22 of Regulation (EU) 2016/679, I declare my desire to exercise my rights regarding the protection of my personal data, processed by Sofex Capital Ltd., Company No 208046425
I wish to exercise the following rights:
Access request □
Rectification request □
Request for erasure (right to be forgotten) □
Request for restriction of processing □
Objection to processing □
Request for information about recipients of personal data in cases of correction or deletion of personal data or restriction of processing □
Request to exercise the right to portability of personal data □
Request not to be subject to a decision based solely on automated processing involving profiling □
Please describe in relation to which of your personal data you wish to exercise the right(s) noted above:
……………………………………………………………………………………………
……………………………………………………………………………………………
……………………………………………………………………………………………
How do you would like to receive our response?
☐ I want to receive the requested personal data at an email address ………………………………
☐ I want to receive the requested personal data at the address for correspondence: ……………………………………………………………………………………………
by shipping company/postal courier ………………………………………………………………
□ In another way ………………………………………………………………………………
Date: ………………
………………………… …………………………… ………………………………
/name, surname, signature/