1. General provisions
1.2. This Policy applies only to the information that is being processed by Aufort. Policy does not apply to the companies that Aufort does not control, or employees that Aufort does not manage. Information regarding the services that Aufort provides may contain links to third party websites. Any information Client provides to those sites will be covered by these site’s privacy policies.
1.3. This Policy explains:
1.3.1. what kind of Personal Data is being collected, how it is being used, disclosed, retained and deleted (each and all together referred to as "Processing");
1.3.3. Client’s rights regarding his / her Personal Data;
1.3.4. how Client’s Personal Data is being transferred within and outside of the European Economic Area;
1.3.5. how Aufort retains and deletes Client’s Personal Data;
1.3.6. how and why may Aufort disclose Client’s Personal Data to third parties.
1.4. Aufort has the right to make updates to this Policy. Aufort will notify Client of any changes to this Policy by email and / or by posting it on Aufort's online platform (hereinafter referred to as “Platform”) no later than 14 days before it becomes effective.
2. Information Aufort collects and its use
2.1. Aufort may collect and process Client’s personal identification information (hereinafter referred to as "Personal Information") or legal person information (hereinafter referred to as “Legal Information”) to provide the services, communication with Client, protect users from illegal activity, maintain legal and regulatory compliance and help to prevent, detect and investigate fraud, money laundering and other criminal activity or misuse of service provided by Aufort.
2.2. Aufort may collect and process Client’s Personal Information which may include the Client's first name, last name, personal or formal identification code, date of birth, nationality, country of residence, age, gender, home address, email address, telephone number, photo, and verification information (such as utility bill).
2.3. Aufort may collect and process Client’s Legal Information which may include information and documentation related to the company’s registration country, name, registration number, VAT number, address, members of the board, beneficial owners and their ownership percentage, phone number, email address, origin of funds, and extract from a company register or equivalent legal person register. Legal Information may also contain Personal Information.
2.4. Aufort may collect and process data about Client's use of Aufort’s Platform and services (hereinafter referred to as "Usage Information"). Usage Information is primarily information of the sort that web browsers, servers, and services like Google Analytics typically make available, such as the browser type, language preference, referring site, and the time of each visit. Other non-identifying information that Aufort might have access to includes how Client uses the service, Client’s location, cookies set by Aufort’s site, etc. Although Usage Information is primarily non-personally-identifying information, Client can sometimes be recognized from it, either alone or when combined or linked with Personal Information.
2.5. Usage Information may include:
2.5.1. data that Aufort collects mainly for behavior statistics, business intelligence, and email campaigns, i.e. analytics information which may contain Client’s email address, IP address and country;
2.5.2. data that Aufort collects mainly for technical, security, fraud prevention and / or for error tracking reasons and that may occasionally contain usage data. Aufort also logs certain events from Client’s actions on Aufort’s site.
2.6. Aufort may collect and process Client’s financial and employment information. Financial Information may include information related to Client’s income, other revenues, and bank account(s) information. Employment information may include information and documentation related to the Client's employer, position, and / or description of the job.
2.7. Aufort may collect and process any information that Client generates throughout the use of Aufort’s services that includes all Client’s messages, requests, and interactions with Aufort’s customer support. This information may include Client’s email address, phone number, IP address, first name, last name, and any type of file exchanges (photos, audio, and video files).
2.8. Aufort may collect and process information that Client provides to Aufort to subscribe his / her email to newsletter list or text messages list (each and all together referred to as "Notification Information"). Notification Information may include the Client's first name, last name, email address, phone number and date of birth. Notification Information may be processed mainly for sales and marketing purposes.
2.9. Aufort may collect and process data relating to the buy, sell and withdrawal transactions that Client conducts through the Aufort’s Platform. Client’s history of orders may include order number, order date, order sum, order status, content of the order, and payment method.
2.10. Aufort may collect and process Client’s data when necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or outside the court procedure. Aufort may also collect and process information containing Personal Data when legal compliance or the protection of Client’s vital interests or those of another natural person necessitates it.
2.11. Concerning the activities described above, Aufort may conduct profiling based on Client’s interactions with and content that Client provides to Aufort’s service, and / or information obtained from processors. If Aufort detects any illegal, harmful, or dangerous activities, Aufort may restrict or suspend Client’s access to the services.
2.12 The legal bases for all the information Processing above are compliance with legal obligations that Aufort is subject to, namely to comply with anti-money laundering and anti-terrorist financing laws, and the the performance of a contract between Client and Aufort, legitimate interests of Aufort and / or those of third-parties, to provide the services, monitor service quality, to serve customers better and improve Aufort’s Platform and services, ensure the security of Aufort’s users and services, communicate with Client, to perform direct marketing and to protect users from illegal activity, maintaining legal and regulatory compliance and to help Aufort to prevent, detect and investigate fraud, money laundering, criminal activity or other misuse of the services.
2.13. Aufort stores Client’s information primarily within the European Economic Area. However, some features and requirements of the service may involve transferring Client’s information to third-party service providers outside the European Economic Area. When service providers operate outside the jurisdiction of Regulation (EU) 2016/679, standard data protection clauses adopted by the European Commission or the Privacy Shield Framework will cover the data transfers.
3. Sharing Client’s information
3.1. Aufort will not rent or sell Client’s information to third parties outside Aufort and its group companies (including any parent, subsidiaries and affiliates) without Client’s consent.
3.2. Aufort may disclose Client’s data with its auditors, lawyers, accountants, consultants and other advisors as it is reasonably necessary for obtaining professional advice, improving the service and / or managing legal disputes and risks.
3.3. Aufort may use external service providers (hereinafter referred to as "Processor") in certain situations for Processing Personal Data on behalf of Aufort, for example:
3.3.1. Aufort may use a Processor for Processing personal identification data for verifying the identity of Aufort users by using ID document verification and facial biometrics technologies.
3.3.2. Aufort may use a Processor to send emails and text messages to Client.
3.3.4. Aufort may use a Processor for Processing Usage Information.
3.4. The Processor may collect Client’s first name, last name, nationality, date of birth, gender, personal identification number, number and copy of identification document (national identity card, passport, driver’s license), date of issue and expiry, email address, home address, phone number, and IP address. In addition, the Processor may collect photos or videos of the Client to perform a facial or liveness check. All data collecting and Processing is in accordance with the General Data Protection Regulation (GDPR).
4. Data retention and deletion
4.1. Personal information that Aufort processes for any reason shall not be kept for longer than is necessary. Clients may request the deletion of their data anytime.
4.2. Aufort retains and deletes Client’s data if:
4.2.1. Client has not made any transactions and if he / she requests Aufort to delete all his / her Personal Information. All data will be deleted within 30 days from the confirmation of the data deletion request.
4.2.2. Client has made any transactions and if he / she requests Aufort to delete all his / her Personal Information. All data will be deleted after six years from the confirmation of the data deletion request.
4.3. Generally Processor does not store Notification Information but Processor may retain activity logs for a short period of time (maximum 12 months). If our Processors store some of the Notification Information, Aufort will remove Client’s personally identifiable Notification Information 30 days after the confirmation of data deletion.
4.4. Aufort may retain Client’s data when necessary for legal reasons or to protect Client’s vital interests or the vital interests of another natural person.
5. Rights in respect of Client’s information
5.1. Client has a right to:
5.1.1. request a copy of his / her information;
5.1.2. request to correct inaccuracies relating to his / her information. Client can also correct or update some of his / her data through the Client's user account;
5.1.3. request to delete certain information;
5.1.4. object to Processing;
5.1.5. to data portability;
5.1.6. withdraw consent.
5.2. Should Client wish to make a request in respect of his /her Personal Information please contact email@example.com.
6.1. Cookies are tiny files saved to Client’s web browser to improve Client’s experience and to enable certain features, such as authentication. This page describes what information cookies gather, how Aufort uses it, and why there is sometimes a need to store these cookies. It is also explained how Client can prevent these cookies from being stored. However, this may downgrade or ‘break’ certain elements of the site’s functionality.
6.2. There are two types of cookies: “persistent” and “session” cookies. “Persistent” cookie is by a web browser and will remain valid until its set expiration date (unless the user deletes it before the expiration date). “Session” cookie expires at the end of the user session, i.e., when the user closes the web browser. Typically, cookies do not contain any information personally identifying users. Still, it is possible to link stored Personal Data obtained from cookies.
6.5. When Client submits data through a form such as those found on contact pages or comment forms, cookies may be set to remember Client’s user details for future correspondence. To provide Client with a great experience on the site, Aufort provides the functionality to set Client’s preferences for how this site runs when Client uses it. To remember Client preferences, Aufort needs to set cookies so that this information can be called whenever Client interacts with a page that is affected by Client’s preferences.
6.7. Aufort uses Google Analytics to analyze the use of Aufort’s Platform. Google Analytics gathers information about website use through cookies. The information gathered relating to Aufort’s Platform is used to create reports about the use of Aufort’s Platform and how Aufort might improve Client’s experience. These cookies may track things such as how long a Client spends on the site and the pages that Client visits.
6.8. Client can prevent the setting of cookies by adjusting the settings on the Client's browser. Disabling cookies may result in some functionality and features of Aufort’s site being disabled.
SMI Group OÜ / Data Protection Officer
Viru väljak 2