From the very start of Tokia exchange, we chose to self-regulate by applying KYC (Know Your Customer) and AML (Anti Money Laundering) guidelines. The objectives of these KYC guidelines is to prevent us from being used, intentionally or unintentionally, by criminal elements for money laundering activities. This helps us to manage the risks prudently.
1.3 The Customer is obliged to keep his personal data correct and up to date.
2. Categories of personal data and the purpose for using the personal data
2.1 When using Tokia’s services or interacting with Tokia the following personal data are processed:
(a) Contact data: e.g. when creating a new user account or communicating with Tokia (i.e. name, address, telephone number, email, birthdate, password in encrypted form) depending on the level of verification.
(b) Verification data: when an account is verified (i.e. screenshots of national identity documents, like passport, driving license ID card, and identification data from these documents, utility bill details for residence verification)
(c) Financial data: in the course of purchase and sale transactions (i.e. bank details payment service provider information, payment details, transaction-ID).
(d) Log data: during activities on the Website, (i.e. IP-address, transaction data, deposit and withdrawal address, computer or mobile device information, IP-address, operating system, browser type, device type, unique device identification number).
(e) Company details if a business account is requested (i.e. commercial register report, data of or concerning beneficial owners, records or additional information on recent, past or planned business activities, other data necessary to determine/validate the structure, the beneficial ownership or any power of attorney of the company).
(f) Details to and proof of funds: i.e. banking statements or any other details provided by banks or financial institutions, contracts of sales or contracts in general, or any other suitable data to prove or determine the origin of funds, if exceeding the daily/monthly or general limits on Tokia. In order to determine Customer’s purpose for using the above-mentioned services or trading volume additional information on recent, past or planned business or personal activities of business or private Customers or other data to determine the Customer’s intentions, if necessary, can be processed, as requested by Tokia or provided by the Customer.
(g) Personal data provided to the support team when the Customer submits a request to Tokia’s support team or any other member of the Tokia team.
2.2 The personal data are used for the purpose of performing the contract or in order to take steps at the request of the data subject prior to entering into a contract, verification of the Customer’s identity, prevention of fraud and misuse, risk management, payment processing and chargebacks, proof of purchase and selling, comparison during the course of business, to respond to Customer service and support requests, inform about important updates of Tokia’s services and terms, and analyse and improve the website’s quality and usage experience. The personal data listed above under 2.1 a), b), c), d), e), f) and g) are required for entering into and performance of the contract. If Customer fails to provide such data Tokia will not be able to provide its services to the Customer.
The basis for such processing is contract performance (Art 6 para 1 lit b GDPR), compliance with legal obligations to which Tokia is subject (Art 6 para 1 lit c GDPR), and Tokia’s legitimate interests in measures regarding prevention of fraud and misuse of its services (e.g. for illegal purposes) and risk management when operating its business and interacting with Customers (Art 6 para 1 lit f GDPR). Upon the Customer’s prior consent (Art 6 para 1 lit a GDPR) the personal data may be used for marketing, direct advertisement (see point 5 “Newsletters” below), and Website analysis and improvement (see point 4 “Cookies” below).
2.3 If Tokia will ask to provide any other personal data not described above, then such data and the purpose and legal basis for the collection and processing, will be communicated to the Customer at the point of collecting the personal data.
3. Recipients of personal data
3.1 The Customer agrees, that for the purpose of the identity verification, personal data will be forwarded to our third party KYC software provider (Finapass, UAB). Depending on the level of verification the following personal data may be transferred to the chosen verification provider first name, surname, address, birthdate, email address, telephone number. Without providing the personal data required for the respective level the verification is not possible.
3.2 For purposes of AML (anti-money-laundering) and CFT (Combating the Financing of Terrorism) Tokia conducts – based on its legitimate interest to prevent fraud and misuse of its services (Art 6 para 1 lit f GDPR) – an examination of politically exposed persons and sanctioned persons in the course of the Know-Your-Customer process for the level “Verified” only. Therefore, after completion of the video verification for level “Verified” Customer’s name and date of birth – and in case of opening a company account the company’s name and its companies register excerpt (including name, address and birth date of its owners, representative bodies, e.g. managing directors, and authorized proxies contained therein) – will be transferred to and checked by Comply Advantage, 9th Floor, Newcombe House, 45 Notting Hill Gate, London, W11 3LQ, against a register of politically exposed persons and sanctioned persons. Without the transfer and check of these data, it is not possible to open an account with Tokia. Based on this check Comply Advantage informs Tokia whether the Customer is politically exposed persons or sanctioned persons. For further information on the possible results and consequences of the due diligence process please see Tokia’s Terms and Conditions.
3.3 In case Customer uses the “Tokia support tool” provided by Freshdesk Inc, 1250 Bayhill Drive, Suite 315, or submitting a support request to “[email protected]” Customer’s personal data (e-mail address, name, IP-address and the additional data submitted directly by the Customer to handle the support request) are transferred to and processed by Freshdesk, Inc in the USA. Freshdesk, Inc is certified under the EU/US Privacy Shield. The USA is a country for which an adequate level of data protection has not been determined. Subject to local provisions Customer’s personal data may be accessed by authorities of such country in accordance with local laws and regulations.
3.4 Further, Tokia may share the personal data with
(a) our employees who need them to fulfill contractual and legal obligations and legitimate interests, its development partners Notus Technicus, UAB, Vilnius, Lithuania. A list of Tokia’s current group companies is available here:
- Tokia, LTD, 6 Thornes Office Park, Monckton Road, West Yorkshire, Wakefield, England, WF2 7AN
- Notus Technicus, UAB, Lvovo g. 105A, LT-08104 Vilnius
- Paysafe Financial Service Limited, Canada Square 27-25, E14 5LQ, London, United Kingdom
- Mistertango UAB, Perkūnkiemio g. 2, LT-12126 Vilnius
(c) affiliate marketing partners if Customer registers to the “Tokia Affiliate Program”. In the context of the registration Customer is informed about the affiliate partners to whom the personal data (first name, last name, company name, web URL, address, contact number, email address, and any other personal data directly transferred to the affiliate partner by the Customer) will be sent. Without the transfer of the information to the affiliate partner the participation in the affiliate program is not possible.
(d) to any competent law enforcement body, regulatory, government agency, court or other third party where disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
(f) to any other person with Customer’s consent to the disclosure.
4.1 During the use of the Website, personal data may be collected through automatic data collection methods, such as cookies. Cookies are small data files which are saved to the Customer’s computer or device and allow an analysis of the Customer’s usage behaviour on the Website. The personal data collected are computer or device information, including IP address, operating system, browser type, device type, unique device identification number, and data which represent the usage behaviour on the Website (e.g. the time spent on the Website, which pages were accessed or links clicked). These data are collected by Tokia to analyse and evaluate the effectiveness of Website and to improve its quality for a better Customer experience.
4.4 On behalf of Tokia, Google will use this information to evaluate the usage of the Website for reports about the Website activity and to fulfill further services towards the Website owners concerning the activity on the Website and internet. The Customer’s IP address acquired from Google Analytics, will not be merged with other data from Google.
4.6 The Customer can disable cookies to be saved with specific browser settings; thereby the Customer might not be able to use all the offered functions on the Website to their full extent. Furthermore, the Customer can disable the collected website-specific data (IP address) through cookies to send and processed by Google, by downloading and installing the following browser plugin (http://tools.google.com/dlpage/gaoptout).
5.1 Upon Customer’s consent his email address, name, last login date, register date will be passed on to Avenue 81, Inc.in order to receive per email newsletters and information from Tokia and regarding Tokia’s events, new products, services, and app features.
6 Data Retention
6.1 Tokia erases the Customer’s personal data in principal 1 year after termination of the contractual relationship or before if the data is not required for the purpose for which they were collected anymore. A longer retention may be necessary due to guarantee, warranty, statute of limitations (e.g. the limitation period for damages of 3 years or in specific cases the general limitation period of 30 years and statutory retention periods (e.g. under commercial or tax law) applicable to Tokia, or for the duration of any legal disputes in which the data are required as evidence or for as long as there are other legitimate interests in retention.
7. Data subject rights
7.1 In accordance with applicable law, the Customer has the right to access, correct, request deletion of his personal data, to object to the processing of his personal data, and to data portability of his personal data, to request restriction of the processing of his personal data. To exercise these rights the Customer can send an email to [email protected] or a letter to Tokia 6 Thornes Office Park, Monckton Road, West Yorkshire, Wakefield, England, WF2 7AN. Tokia does not use personal data for automated decisions within the meaning of Art 22 GDPR (i.e. decisions producing legal effects concerning data subjects, or otherwise significantly affecting them, based solely on automated processing of personal data, including profiling).
7.2 The Customer has the right to file a complaint to the competent data protection authority when he believes his data protection rights have been violated.
8. Declarations of consent
8.2 Further, by checking the respective separate box the Customer can consent that his email address name, last login date, register date will be sent to Avenue 81, Inc in order to receive marketing communication as described in point 5 above.
The Customer has the right to withdraw his consents at any time via mail to Tokia 6 Thornes Office Park, Monckton Road, West Yorkshire, Wakefield, England, WF2 7AN, or via E-Mail to [email protected]. The withdrawal of his consent does not affect the lawfulness of processing based on consent before its withdrawal.