Privacy policy

The privacy of customer’s personal data is imperative to Settlo. The information stated below outlines the rules in accordance to which Settlo processes the personal data of any individual using the website www.settlo.cy (the “Website”) and any other offered services.

Definitions and interpretation

"Settlo" means that Urtocy OÜ (with the registry code 16081058 and address Sepapaja tn 6, Tallinn, Harju county 15551, Estonia) (the "Company") provides the Website’s services and processes customer's personal information so that to provide the service;

"Customer" means any natural or legal person using the Website or any services provided through the Website;

"GDPR" means the General Data Protection Regulation (EU) 2016/679 of the European Parliament is a regulation in EU law on data protection, its privacy and movement within the European Union (EU), European Economic Area (EEA) as well as the areas outside the EU and EEA;

"Policy" means this privacy policy;

"Personal Data" means any information that can be associated with an identified or identifiable natural person (the "Data Subject"); an identifiable natural person is one who can be identified, by direct or indirect means, specifically by using Data Subject name, an identification number, location data, an online identifier or any other factors that are specific to the physical, physiological, mental, genetic, economic, cultural or social identity of that natural person;

"Processing/Processed," means any operation/s that are performed on Personal Data or on sets of Personal Data, regardless of it being conducted or not by automated means, such as collection, storage, structuring, recording, organization, retrieval, adaptation or modification, use, consultation, dissemination or otherwise making available, disclosure by transmission, alignment or combination, erasure, restriction, or destruction;

"Controller" means a person who alone or together with others, concludes the purposes and means of the Processing of Personal Data;

"Processor" means a person who Processes Personal Data on behalf of the Controller. During the provision of Service, the Website may act as Processor by Processing Personal Data on behalf of its Customer or Customer's legal entity. This Policy nevertheless, does not regulate the Website’s actions as Processor;

"Control" means ownership of more than fifty percent of voting rights in a company or the power to govern the financial as well as operating policies or the power to appoint the management of a company;

"Service" means any services provided by the Website or its mobile apps;

"European Economic Area" means EEA;

"European Union" means EU;

"EU-US Privacy Shield" means the framework entered by and between the US Department of Commerce and the European Commission in order to comply with data protection requirements when transferring personal data from European Union to United States and other way round;¹

"Cookies" means small text files that a website or its service provider transmits to the Customer's computer hard drive through its website browser allowing the necessary systems to memorize Customer's browser, catch and retain certain information and/or preferences. This requires Customer’s consent;

"Affiliate" means any company that directly or indirectly controls the Website; or any company that is directly or indirectly controlled by the Website; or any company that is controlled, directly or indirectly, by the ultimate parent company of the Website.

Policy applicability

The Policy extends to Personal Data Processing where the Website has a role of a Controller. Any Personal Data Processing administered on behalf of the Customer or his legal entity would be contingent on additional data processing contract that is signed by and between the Website and a legal individual controlled by the Customer.

Personal data that is collected

The Website Processes the following facts relating to the Customer:

1. Personal details, - full legal name (including all names and surnames), date of birth, gender, contact postal address, email address, mobile phone number;
2. Device data, - information concerning the device on which the Customer is using the Website/app, including the device's name, model, the IP address and any other identifier;
3. Preference data, - Customer's preferences on the Website/app;
4. Customer support data, - correspondence between the Website and the Customer (inquiries submitted via the Website, email, social media or chat);
5. Usage data, - the data about Customer's interaction on the Website.

Sources of personal data gathering

1. Most of Customer’s Personal Data that is Processed by the Website is gathered directly from the Customer;
2. The Website may gather Customer's Personal Data from third party source/s regardless of it being solely private or public, including, but not limited to, the databases of politically exposed people and/or people that are subject to domestic or international financial sanctions.

Purpose for customer's personal data gathering and processing

Personal Data gathered by the Website is Processed in accordance with the law and as described herein:

1. Contractual reasons, - the Website may have to process Customer's Personal Data so that to enter into a contractual Service agreement with the Customer and to supply the Service to Customer;
2. Compliance reasons, - the Website may have process Customer's Personal Data so that to carry out responsibilities under applicable laws, including, but not limited to: anti-money laundering and fraud combating rules, international financial sanctions, lawful inquiries and orders of public authorities with whom the Website is obligated to collaborate;
3. Analytical reasons,- the Website may have process Customer's Personal Data so that to administer, examine and improve the Service, the website in itself or the app;
4. Marketing reasons, - providing there is an explicit Customer consent, the Website may have to process Customer's Personal Data so that to send relevant promotional information to the Customer (about the Website’s services and related offerings from third parties that collaborate with the Website);
5. Personalization reasons, - the Website may have to process Customer's Personal Data so that to personalize the Service and the content supplied to the Customer;
6. Communication reasons, - the Website may have to process Customer's Personal Data so that to contact the Customer for administrative purposes, including, but not limited to, customer Service or legal issues concerning the Service supplied, the updates and notifications about the Service;

The Website shall not use Customer's Personal Data for any other reason inconsistent with the points outlined above or as required, allowed and authorized by law.

The Customer is not obliged to provide the Personal Data described herein to the Website. Nevertheless, Personal Data may be needed in order to comply with the legal requirements or simply provide the Service to the Customer/s, for instance data necessary for the verification of the Customer. Failure to provide the necessary data may result in unfavorable result, for example the Website's inability to comply with legal duties. Should the Customer have any doubts or require further clarification regarding the provision of Personal Data and/or failure to provide such, the individual should reach out to appropriate contact per Section 13 of this Policy.

Legal basis for customer's personal data processing

1. Processing is needed due to the performance or entry into a contractual agreement between Customer and the Website (reference to GDPR article 6 (1) (b), the Website is Processing Personal Data for Contractual Purpose under contract entered into between the Website and Customer);
2. Processing is needed due compliance with a legal obligation to which the Website is subject (reference to GDPR article 6 (1) (c), the Website is Processing Personal Data for Compliance Purpose under legal obligations to which the Website is subject to;
3. Processing is needed due to the purposes of the legitimate concerns pursued by the Website (reference to GDPR article 6 (1) (f), the Website is Processing Personal Data for Analytical or Personalization Purpose under legitimate interest;
4. Customer has given a consent to the Processing of his Personal Data (reference to GDPR article 6 (1) (a), the Website is Processing Personal Data for Marketing Purpose under Customer's consent.

Transfer of personal data

The Website may be asked to transfer Customer's Personal Data to third parties, such as:

1. legal and regulatory authorities (e.g. commercial register);
2. server hosts, hosting the Website's servers;
3. identification service providers, helping the Website check Customer's identity and obtain Verification Data;
4. communication service providers, facilitating e-mails, calls, SMS messages and other correspondence between the Website and the Customer;
5. customer support and customer management service providers;
6. marketing service provider;
7. the Website's partner bank, providing banking services to the Customer, the legal entity controlled by the Customer or any other financial service provider;
8. the Website's Affiliate.
9. other parties involved with the supply of the Website's Service, including, but not limited to, agents, auditors, accountants, lawyers, IT system suppliers and support.

The Website ensures that the above-mentioned data recipients protect the confidentiality and security of Personal Data and only processes the Personal Data in order to supply the Website’s Service or as required and in compliance with applicable law. The data recipients may be located in countries outside of the EEA or EU whose data processing laws may differ and the security of the Personal Data (i.e. protection against misuse, unauthorized access, disclosure, modification and/or destruction) may not have the same level of protection as in the EU due European laws not extending to the third country. To illustrate, in the event the Website transfers Customer's Personal Data to the US, the Website shall ensure that the recipient of the Personal Data is certified as per EU-US Privacy Shield entered by and between the US Department of Commerce and the European Commission. Further to this, in the event the Personal Data is transferred outside of the EEA, the Website shall ensure the usage of the necessary measures. Should the customer wish to receive a copy of the assurances in the latter two instances, please use the contact details as specified in Section 13 of this Policy.

Security

The Website undertakes to use appropriate legal, organizational, and technical steps so that to protect Personal Data in accordance to privacy and data security laws. The Website also undertakes to use the security measures in order to safeguard Personal Data from involuntary or unauthorized Processing, disclosure and/or destruction.

Upon transferring Personal Data to third parties, the Website will use below mentioned measures:

1. The Website will enter into a data processing agreement with the third party in question;
2. Thereafter the Website will ensure that the third party implements appropriate technical and organizational measures that would assure Processing of Customer's Personal Data per terms of this Policy and applicable law;
3. The Website undertakes to check:
   1. the third party is established in a jurisdiction that is recognized by the European Commission (as the one providing the acceptable level of protection); and
   2. the Processing of Customer's Personal Data is subject to other acceptable security measures as outlined in the GDPR.

Integrity and retention of personal data

1. The Website has the right to retain Personal Data as it is required or allowed by applicable law, such right is limited to a reasonable period of time during which the usage of Personal Data should have served its purpose;
2. The Website undertakes to take feasible efforts to ensure that the Personal Data is only used for its intended use, is accurate, and complete as necessary to carry out the intended purposes.

Customer's rights in terms of personal data gathering

1. Request information, - the Website has supplied all information which the Customer has right to receive in this Policy. The valid version of the Policy is accessible on the Website;
2. Right to access, - the Customer has the right to request the Website to supply a duplicate of Customer's Personal Data which the Website processes;
3. Right to rectification, - the Customer has the right to request the Website to modify Personal Data in case the data is erroneous or incomplete;
4. Right to erasure, - the Customer has the right to have the Personal Data deleted. This is so, unless the Website has to continue Processing Customer's Personal Data as it is required by law or other lawful reasons, or a contractual agreement between the Customer and the Website;
5. Right to restriction, - the Customer has the right to request the Website to limit the Processing of its Personal Data should the data be erroneous, incomplete or in the event the Personal Data is Processed unlawfully;
6. Right to data portability, - the Customer has the right to request the Website to supply the Customer or, in case it is technically possible, a third party, his Personal Data, which the Customer has given to the Website and which is Processed in the light of Customer's consent or a contractual agreement between the Customer and the Website.
7. Right to object, - the Customer has the right to be against the Processing his Personal Data should there be a reason to think that the Website has no legal basis for Processing of such Personal Data;
8. Right to withdraw agreement for Processing of Personal Data, - the Customer is allowed to cancel the consent granted for Processing of Personal Data any time. The elimination of the latter does not affect the lawfulness of the Processing conducted before the withdrawal;
9. Right to file complaints, - the Customer has the right to file discontent concerning the Processing of his Personal Data.

In order to use any of the above-mentioned rights the Customer is asked to submit a written application to the Website per contact details outlined in Section 13. In response, the Website has the right to refuse the application, however such the declination must be explained.

Subject to article 12(3) of GDPR, the Website is obligated to reply to the application within one month. Nevertheless, the Website will do its best to respond to Customer's application within seven business days.

Cookies and tracking technologies

The Website uses automatically or otherwise collected information through cookies and identical technologies. The following types of cookies are used:

1. first-party cookies, - are stored to the Customer's device by the Website. These cookies permit the website owners to gather analytical data, recognize language settings and perform other valuable functions that results in favorable user experience;
2. third-party cookies, - are stored to the Customer's device by other service suppliers on the Website. The Website may use third-party analytical tools in order to measure traffic and usage trends relating to Website’s service. Analytical service suppliers examine the usage of the Website/app and associated services so that to improve their function.

Cookies are used for the following purposes:

1. to store authentication information and protect Personal Data from third parties;
2. to personalize the Website’s Service, memorize Customer's choices, understand and record Customer's preferences for future visits;
3. to measure Customer's entries, submissions and status in any promotional or other activities on the Service;
4. to monitor and evaluate the effectiveness of the Service;
5. to collect stock data about site traffic and site interactions so that to offer better site experiences and tools in the future.

The Customer may erase or block cookies through the browser settings at any time. Nevertheless, some cookies are essential for the functionality of the Website Services and the actual usage of the Website. As such, it is recommended to keep Website related cookies in order to achieve positive user experience.

Right to amend this policy

The Website has the right to modify this Policy one-sidedly. Upon amending the Policy, the Website will inform the Customer about the terms via email. In the event, the updated terms refer to the Processing of Customer's Personal Data for a new reason requiring Customer's consent, - the Website undertakes not to Process Personal Data for such new reason without receiving the necessary approval.

Contact information

In the event the Customers have any questions concerning the Policy or Processing of Personal Data, all inquiries, requests, or complaints should be sent via our contact page.

Confirmation

By accepting this Policy, the Customer acknowledges that he/her is fully acquainted with the Policy, understands the contents of it and is in full agreement with its terms.