Privacy Policy
Please read carefully our Privacy Policy (hereinafter referred to as the Privacy Policy) to learn what data we collect and what purposes we use it for.
This Privacy Policy applies to all information which can be obtained about the User while using finstore.by Investment Online Platform (hereinafter referred to as the Platform) by DFS Limited Liability Company, registered in the Republic of Belarus under number 192824270, located at: 6 Skryganova St., room 601, 220073, Minsk, Republic of Belarus (hereinafter referred to as the Company).
By using the Platform and providing personal information through it, the User confirms his/her acceptance of the terms and conditions of this Privacy Policy, the Rules of Platform Use, the Procedure for Cooperation with Clients, the Procedure for Cooperation with ICO Customer, the Rules for Token Creation, Offering, and Exchange and the Terms and Conditions of Processing the User's Personal Data. The User consents to the disclosure, collection and use of information for the purposes and in such a manner as described in the Privacy Policy, the Rules of Platform Use, the Procedure for Cooperation with Clients, the Procedure for Cooperation with ICO Customer, the Rules for Token Creation, Offering, and Exchange.
The personal data permitted to be collected and processed under this Privacy Policy may include the following information:
- information about the User, when registering and completion of identification and verification procedures: surname, given name, patronymic, login, contact phone number, email address, digital portrait, place of residence, date of issue of passport or other identification document of the User, and other data required for registration and completion of identification and verification procedures;
- information about the User's payment methods used to work with the Platform;
- records obtained as a result of video and audio communication with the User (email and chats correspondence);
- information about the transactions carried out by the User;
- standard information, which is automatically transmitted to the Platform in the process of its use by the User, including IP-address, information about the type of browser (or other program by means of which the Platform is accessed), operating system, provider, country, user login/logoff pages, date/time of visiting the Platform, addresses of requested pages, as well as information from cookies. The above information does not personally identify the User, it is not confidential and, therefore, does not relate to the personal data of the User;
- other information about the User, the collection and/or provision of which is defined in the Rules of Platform Use, the Procedure for Cooperation with Clients, the Procedure for Cooperation with ICO Customer, the Rules for Token Creation, Offering, and Exchange;
The Company shall implement technical and organizational and legal measures to ensure protection of the User's personal information from illegal or accidental access, deletion, modification, blocking, copying, distribution, as well as from other illegal actions.
By using the Platform, the User entrusts us with his/her personal information. We are doing everything possible to ensure its safety.
The Company undertakes to use the information about users responsibly: not to sell, distribute or lease it for commercial purposes to individuals or organizations in accordance with this Privacy Policy.
The User undertakes to ensure the security of the data provided by them when registering on the Platform for the reliable use of the Platform.
The personal information about the User is not transferred to any third parties, except for the cases directly stipulated in this Privacy Policy, namely:
- the User has expressed his/her consent to such actions;
- the transfer is required as part of the User's use of the Platform or for the provision of a service to the User;
- the transfer is stipulated by the laws of the Republic of Belarus within the procedure established by the laws;
- to ensure the ability to protect the rights and legitimate interests of the Company or third parties in cases where the user violates the Rules of Platform Use, the Procedure for Cooperation with Clients, the Procedure for Cooperation with ICO Customer, the Rules for Token Creation, Offering, and Exchange.
The User understands and agrees that if he/she has authorized the disclosure of his/her personal information to third parties, the Company cannot control the use of the disclosed personal information of the User by third parties.
The Company may use the User's personal information for the following purposes:
- identification and verification of the User;
- providing the user with personalized features of the Platform;
- communication with the User, including for the purpose of sending notices, information and advertising messages relating to and/or related to the use of the Platform by the User, as well as for the purposes of processing requests and appeals from the User;
- improvement of the quality of the Platform, its usability, development of new features and capabilities;
- conducting statistical and other studies, based on impersonal data.
The personal data may be combined with information that the User provides in other ways (orally, in writing, by fax, etc.).
By accepting the terms and conditions of this Privacy Policy, the User agrees that when the User specifies his/her telephone number or email address in the registration window, the Company will have the right to send information to the User by means of SMS (through messengers and/or mobile operator) and/or emails about services, novelties and terms and conditions of use of the Platform, as well as other information, including promotional materials.
The User is entitled to refuse to receive such information by cancelling the subscription or by writing an email to the Company's email address.
The User shall be obliged to:
- Provide information about the personal data required to use the Platform;
- Update and supplement the provided personal data in case of any data modifications.
The User may, at any time, request access to his/her personal information, change (update, complete, delete) the personal information that he/she has provided or a part thereof (except for the information automatically received from the User).
The rights of the User to change and/or delete their personal information may be restricted in accordance with the requirements of the laws. These restrictions may include the obligation of the Company to retain the information that has been changed or deleted by the User for a period of time prescribed by the laws and to transfer such information to a public authority in accordance with the statutorily prescribed procedure.
The Company retains the data provided by the User as long as it is necessary to fulfill the relevant purposes for which the User has provided the Company with the data, or as required by the laws.
The User has the following rights with regard to its personal data, which are handled by the Company in accordance with the terms of this Privacy Policy:
1. The right to impose restrictions on the handling of the User's personal data.
This right can be exercised by the User in the following cases:
- if the accuracy (correctness) of the personal data is challenged by the User in accordance with clause 3 below. In this case, restrictions on the handling of personal data may be set for the period necessary for the Company to verify the accuracy (correctness) of the User's personal data; or
- if the handling of the personal data is unlawful, and the User objects to its deletion (destruction) and requires that restrictions are to be imposed on the handling of the personal data for a specified period; or
- if the Company does not need the relevant personal data for the purpose(s) claimed by the Company to handle it, but such personal data is necessary for the User to submit a claim, complaint and/or a lawsuit or defense against it, and the User objects to its deletion (destruction) by the Company and demands that restrictions on its handling for a specified period are to be imposed.
The right to impose restrictions on the handling of the User's personal data may be exercised by the User by sending a corresponding message to the Company's email address. The message must necessarily indicate the basis for the restrictions on the handling of the personal data referred to in the previous paragraph and the period for which the restrictions should be imposed if the basis for their imposition is the case referred to in clause b or c of the previous paragraph. The Company shall be entitled not to consider a message referred to in this paragraph if it does not contain the mandatory data referred to in this paragraph. The Company undertakes to consider the message which meets the requirements of this paragraph and inform the User about the results of its consideration by email within 30 calendar days from the date of receiving the message from the client.
The User understands that the handling of certain personal data is a necessary requirement for granting the User access to the Platform in accordance with the laws, acts of the Supervisory Board of the Hi-Tech Park. If the User imposes restrictions on the handling of such personal data to the extent that such restrictions does not allow the Company to meet the legal requirements provided in this paragraph, the acts of the Supervisory Board of the Hi-Tech Park, the User's access to the Platform will be suspended for the duration of the restrictions on the handling of the relevant personal data of this User.
2. The right to receive the User's personal data stored by the Company in a structured form in typewritten text.
The User is entitled to send a request to the Company to receive the User's personal data stored by the Company in a structured form of typewritten text to the Company's email address. The Company undertakes to consider the relevant request and send the User the personal data specified in this paragraph by email within 30 calendar days from the date of receipt of the request from the client. If the User submits requests to the Company specified in this paragraph more than twice in six months, the Company may charge the User for the provision of personal data specified in this paragraph in the amount of the expenses incurred by the Company in satisfying the third and subsequent requests of the User received within six months.
3. The right to request correction of errors (inaccuracies) in the User's personal data.
If there are errors (inaccuracies) in the User's personal data handled by the Company, the User has the right to send a request to the Company's email address to correct these errors (inaccuracies). The request must necessarily indicate in which data and what error (inaccuracy) is contained, as well as which data is correct. If a request under this paragraph does not contain the mandatory data required above, the Company shall be entitled not to consider this request. The Company undertakes to consider the request which meets the requirements of this paragraph and inform the User about the results of its consideration by email within 30 calendar days from the date of receiving the request from the client.
The User understands and agrees that due to the fact that certain personal data of the User is stored in the register of transactions blocks (blockchain), such personal data in which an error (inaccuracy) has been made will continue to exist in the register of transactions blocks (blockchain): the Company is not able to correct an error (inaccuracy) in the relevant personal data. However, the Company undertakes to take all necessary measures to prevent the Company from further processing of personal data in which an error (inaccuracy) has been made, and will handle personal data in the light of the information about the correct personal data provided by the User in the request mentioned in the previous paragraph.
4. The right to request deletion (destruction) of the User's personal data stored by the Company.
This right can be exercised by the User in the following cases:
- if the User has not given his/her consent to the handling of his/her personal data by the Company; or
- if there is no need to handle the personal data for the purpose(s) claimed by the Company; or
- if the relevant period for handling the User's personal data has expired; or
- if the User has withdrawn his/her consent to the handling of his/her personal data.
In order to exercise the right granted in this clause, the User has to send a corresponding request to the email address of the Company. The request must necessarily indicate which personal data of the User should be deleted (destroyed), based on which grounds specified in the previous paragraph, as well as to provide the Company with evidence (justification) for the existence of such grounds. If a request under this paragraph does not contain the mandatory data required above, the Company shall be entitled not to consider this request. The Company undertakes to consider the request and inform the User about the results of its consideration by email within 30 calendar days from the date of receiving the request from the client.
The User understands that the handling of certain personal data is a necessary requirement for granting the User access to the Platform in accordance with the laws, acts of the Supervisory Board of the Hi-Tech Park. In case the User sends a request for the deletion (destruction) of such personal data, if such deletion (destruction) does not allow the Company to comply with the requirements of the laws provided in this paragraph, the acts of the Supervisory Board of the Hi-Tech Park, the User's access to the Platform will be terminated.
The User understands and agrees that due to the fact that certain personal data of the User is stored in the register of transactions blocks (blockchain), such personal data will continue to exist in the register of transactions blocks (blockchain): the Company is not able to delete (destroy) the relevant personal data. However, the Company undertakes to take all necessary measures to prevent the Company from further processing of such personal data after fulfilling a reasonable request of the User specified in the previous paragraph.
5. The right to demand that third parties, to whom the User's personal data has been transferred, should be notified of the facts of correction of errors (inaccuracies) and of their deletion (destruction).
In order to exercise the right granted in this clause, the User has to send a corresponding request to the email address of the Company. The request must necessarily indicate which personal data of the User has been corrected (contains inaccuracies) and/or which personal data of the User has been deleted (destroyed). If a request under this paragraph does not contain the mandatory data required above, the Company shall be entitled not to consider this request. The Company undertakes to consider the request which meets the requirements of this paragraph and inform the User about the results of its consideration by email within 30 calendar days from the date of receiving the request from the client.
6. The right to object to the handling of the User's personal data.
This right may be exercised by the User if his/her rights, legal interests and/or freedoms in a particular case are more important than the legal grounds (purposes) for handling personal data that the Company has.
In order to exercise the right granted in this clause, the User has to send a corresponding request to the email address of the Company. The request must necessarily indicate the personal data that the User objects to the handling of, and which specific rights, legal interests and/or freedoms of the User and under which circumstances are more important than the legal grounds (purposes) for handling the personal data of the User that the Company has. If a request under this paragraph does not contain the mandatory data required above, the Company shall be entitled not to consider this request. The Company undertakes to consider the request which meets the requirements of this paragraph and inform the User about the results of its consideration by email within 30 calendar days from the date of receiving the request from the client.
As a result of the User's exercise of the right to object to the handling of the User's personal data, the Company is obliged to stop handling the relevant personal data if the request specified in the previous paragraph is justified in the opinion of the Company. In this case, the Company is not obliged to delete (destroy) it.
The User understands that the handling of certain personal data is a necessary requirement for granting the User access to the Platform in accordance with the laws, acts of the Supervisory Board of the Hi-Tech Park. In case the User exercises the right to object to the handling of such personal data by the Company, if the termination of handling such personal data does not allow the Company to meet the legal requirements provided in this paragraph, the acts of the Supervisory Board of the Hi-Tech Park, the User's access to the Platform will be suspended for the duration of the User's objection.
7. The right not to be subjected to a decision made only on the basis of automated handling of the User's personal data.
The User shall have the right not to be subjected to a decision made only on the basis of automated handling of the User's personal data which is essential for the establishment, modification or termination of the User's civil rights and/or obligations, or otherwise materially affects the User.
If there are conditions stipulated in the previous paragraph, the User has the right to send a request to the Company's email address with a request for interference of a person in the process of automated handling of the User's personal data. In doing so, the User has to specify in the request mentioned in this paragraph, with a view to establishing, changing or terminating which civil rights and/or obligations the automated handling of the User's personal data is important or how it otherwise significantly affects the User. If a request under this paragraph does not contain the mandatory data required above, the Company shall be entitled not to consider this request. The Company undertakes to consider the request which meets the requirements of this paragraph and inform the User about the results of its consideration by email within 30 calendar days from the date of receiving the request from the client.
8. The right to obtain transparent information about the exercise of the above rights.
If after reading this Privacy Policy the User has any questions about the procedure for exercising the above rights, the User is entitled to send an appeal to the Company with a request for clarification of this procedure. The appeal provided by this paragraph is subject to referral and consideration in accordance with the laws of the Republic of Belarus on citizen appeals.
In case of disagreement with the terms of this Privacy Policy, the User shall stop using the Platform.
The Company is entitled to introduce changes to this Privacy Policy without the User's consent.
The new Privacy Policy shall come into effect from the moment it has been posted on the Platform, at finstore.by, unless otherwise provided for in the new edition of the Privacy Policy.
We look forward to receiving your feedback, questions, suggestions, and comments on our Privacy Policy, which you can send to the following email address.