PrivacyPolicy

Odvartis Founded Ltd is a financial technology company registered in England and Wales, with our registered office at 71 Queen Victoria Street, London EC4V 4AY, United Kingdom. We act as the data controller for the personal information we collect through our Services.

This Privacy Policy applies to all users of our Services, including visitors to our website, registered account holders, and individuals who interact with us through other means. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our platform and, where appropriate, by email. We encourage you to review this Privacy Policy periodically.

We collect information in several ways:

2.1 Information You Provide Directly

• Account Information: Name, email address, phone number, date of birth, nationality, and residential address when you create an account.
• Identity Verification: Government-issued identification documents, passport, driver's license, proof of address, selfie/biometric data, and other documentation required for KYC/AML compliance.
• Financial Information: Bank account details, payment card information, transaction history, source of funds documentation, and tax identification numbers.
• Communications: Messages, emails, support tickets, and other communications you send to us.
• Survey and Feedback: Responses to surveys, questionnaires, and feedback forms.

2.2 Information Collected Automatically

• Device Information: IP address, device type, operating system, browser type and version, device identifiers, and mobile network information.
• Usage Data: Pages visited, features used, time spent on pages, click patterns, search queries, and navigation paths.
• Location Data: Approximate geographic location based on IP address, and precise location if you enable location services.
• Transaction Data: Details of transactions you conduct through our Services, including amounts, dates, times, and counterparties.

2.3 Information from Third Parties

• Identity Verification Services: Information from third-party identity verification providers to confirm your identity.
• Credit Reference Agencies: Credit history and financial information where relevant to our services.
• Sanctions and PEP Screening: Information from databases to comply with anti-money laundering requirements.
• Blockchain Data: Publicly available blockchain transaction data associated with your wallet addresses.
• Social Media: Information from social media platforms if you choose to connect your accounts.

We use the information we collect for the following purposes:

3.1 Providing and Improving Our Services

• Creating and managing your account;
• Processing transactions and payments;
• Providing customer support and responding to inquiries;
• Personalizing your experience and providing tailored content;
• Analyzing usage patterns to improve our Services;
• Developing new features and products.

3.2 Security and Compliance

• Verifying your identity and preventing fraud;
• Complying with KYC, AML, and CTF regulations;
• Monitoring for suspicious or unauthorized activity;
• Enforcing our Terms of Service and other policies;
• Protecting the security and integrity of our platform;
• Complying with legal obligations and regulatory requirements.

3.3 Communications

• Sending transactional notifications and account updates;
• Providing important service announcements and security alerts;
• Sending marketing communications (with your consent);
• Conducting surveys and collecting feedback.

We may share your information in the following circumstances:

4.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including:

• Payment processors and banking partners;
• Identity verification and fraud prevention services;
• Cloud hosting and data storage providers;
• Customer support and communication platforms;
• Analytics and marketing service providers.

These providers are contractually obligated to protect your information and may only use it to provide services to us.

4.2 Legal and Regulatory Disclosure

We may disclose your information:

• To comply with applicable laws, regulations, or legal processes;
• In response to lawful requests from public authorities, including law enforcement;
• To regulatory bodies and financial authorities as required;
• To protect our rights, privacy, safety, or property;
• To investigate potential violations of our Terms of Service.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

Under the UK GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to perform our contract with you, including providing our Services and processing transactions.
• Legal Obligation: Processing necessary to comply with legal and regulatory requirements, including KYC/AML obligations, tax reporting, and responding to legal requests.
• Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, improving our Services, and marketing (where it does not override your rights).
• Consent: Processing based on your explicit consent, which you may withdraw at any time.
• Vital Interests: Processing necessary to protect vital interests of you or another person.

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements.

The retention period depends on the type of data and the purpose of processing:

• Account Information: Retained for the duration of your account and for a minimum of 5 years after account closure to comply with regulatory requirements.
• Transaction Records: Retained for a minimum of 7 years as required by financial regulations.
• KYC/AML Documentation: Retained for a minimum of 5 years after the end of the business relationship, or longer if required by law.
• Communications: Retained for as long as necessary to resolve any issues and for our legitimate business purposes.
• Marketing Data: Retained until you withdraw consent or opt out.

When we no longer need your personal information, we will securely delete or anonymize it in accordance with applicable laws and our data retention policies.

We implement comprehensive technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Our security measures include:

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
• Access Controls: Strict access controls and authentication mechanisms, including multi-factor authentication for sensitive operations.
• Infrastructure Security: Our systems are hosted in SOC 2 Type II certified data centers with 24/7 monitoring.
• Regular Audits: We conduct regular security audits, penetration testing, and vulnerability assessments.
• Employee Training: All employees receive regular training on data protection and security practices.
• Incident Response: We maintain incident response procedures to address any security breaches promptly.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

Under applicable data protection laws, including the UK GDPR, you have the following rights regarding your personal information:

To exercise any of these rights, please contact us using the details provided in Section 14. We will respond to your request within one month, although this may be extended by a further two months for complex requests. We may need to verify your identity before processing your request.

Please note that some rights are not absolute and may be limited by legal obligations. For example, we may not be able to delete information required for regulatory compliance.

We use cookies and similar tracking technologies to collect information about your browsing activities and to improve your experience on our platform.

Types of Cookies We Use

• Essential Cookies: Required for the operation of our Services. They enable core functionality such as security, authentication, and session management.
• Performance Cookies: Help us understand how visitors interact with our Services by collecting anonymous statistical information.
• Functionality Cookies: Allow us to remember your preferences and provide enhanced features.
• Marketing Cookies: Used to track visitors across websites and display relevant advertisements (only with your consent).

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, blocking essential cookies may affect the functionality of our Services. You can also manage your cookie preferences through our cookie consent banner.

Other Tracking Technologies

We may also use web beacons, pixel tags, and similar technologies to track user activity and gather usage data. These technologies work in conjunction with cookies and help us understand how you interact with our Services.

Your personal information may be transferred to, stored, and processed in countries outside of the United Kingdom or the European Economic Area (EEA), including countries that may not provide the same level of data protection.

When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

• Adequacy Decisions: Transfers to countries recognized by the UK or EU as providing adequate data protection.
• Standard Contractual Clauses: Data processing agreements incorporating standard contractual clauses approved by the UK Information Commissioner's Office or European Commission.
• Binding Corporate Rules: Where applicable, transfers within our corporate group governed by approved binding corporate rules.
• Other Safeguards: Other legally recognized transfer mechanisms, such as certification schemes or codes of conduct.

You may request information about the safeguards we use for international transfers by contacting us.

Our Services are not intended for individuals under the age of 18 (or the age of legal majority in your jurisdiction). We do not knowingly collect personal information from children.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us immediately.

Our Services may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices.

We encourage you to review the privacy policies of any third-party services you access through our platform. Your interactions with third-party services are governed by their respective privacy policies and terms of service.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes:

• We will update the “Last Updated” date at the top of this page;
• For material changes, we will provide prominent notice on our platform;
• Where required by law, we will obtain your consent before implementing changes;
• We may also notify you by email if you have provided one.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):