1. Introduction
1.1 Purpose of the Privacy Policy
- This document delineates the privacy practices of Korrency Exchange Inc. ("Korrency"), detailing our approach to the collection, use, disclosure, and safeguarding of your personal information. This Privacy Policy is designed to inform you about your privacy rights and how the law protects you while you use our services.
1.2 Overview of Services Provided by Korrency
- Korrency offers a comprehensive suite of financial services focused on facilitating seamless international money transfers and efficient currency exchange. Our platform enables peer-to-peer transactions that allow users to manage and exchange currencies across borders with ease and security.
1.3 Importance of Privacy and Data Protection
- At Korrency, we regard the privacy and security of your personal data as a critical priority. We are committed to protecting the integrity and confidentiality of the information you entrust to us, complying rigorously with privacy laws and regulations such as the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable global standards. Our Privacy Policy embodies our dedication to uphold your privacy rights and maintain transparency about how we handle your personal information.
1.4. Scope of the Policy
- This Privacy Policy applies to all users of Korrency's services, including mobile applications and websites. It outlines how we collect, use, disclose, and protect personal information across all platforms. By using our services, you agree to the terms outlined in this Privacy Policy.
1.5. Changes to the Privacy Policy
- We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. We will notify you of any significant changes by posting the new Privacy Policy on our website and app, and, where appropriate, by other means such as email notifications. We encourage you to review this policy periodically to stay informed about how we are protecting your information. Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the revised policy.
2.Definitions and Interpretations
2.1 In this Privacy Policy, the following terms are used with specific meanings:
2.1.1 Personal Data:
- Refers to any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains. This may include, but is not limited to, your name, address, email address, phone number, or any other data that can be reasonably linked to such information by Korrency.
2.1.2 Personal Identification Data:
- Specific subset of Personal Data that includes any government-issued identification numbers, passport details, driver's license numbers, and any other data used explicitly for verifying the identity of users in compliance with Know Your Customer (KYC) regulations.
2.1.3 Personal Identification Data:
- Transactions that occur directly between users on the Korrency platform without intermediation by a traditional financial institution. This includes the transfer of funds, exchange of currencies, and any related communications between users within the platform.
2.1.4 Service:
- Encompasses all applications, services, and products provided by Korrency, accessible via our website or mobile device applications.
2.1.5 Cookies:
- Small data files that are placed on your device (e.g., computer, smartphone) by a website or mobile app. Cookies contain information that can later be read by a web server in the domain that issued the cookie to you. They are used to make websites work more efficiently, as well as to provide reporting information and assist with service or advertising personalization.
2.1.6: Account:
- A unique account created for you to access our services or parts of our services.
2.1.7: Service Provider:
- Refers to any natural or legal person who processes data on behalf of Korrency. These third-party companies or individuals are engaged by Korrency to facilitate the service, to provide the service on behalf of Korrency, to perform services related to the service, or to assist Korrency in analyzing how the service is used.
2.1.8: Usage Data:
- Automatically collected data either generated by the use of the service or from the service infrastructure itself (for example, the duration of a page visit).
2.1.9: Affiliate:
- An entity that controls, is controlled by, or is under common control with another entity, where "control" might mean ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.
2.1.10: Country:
- Refers to Ontario, Canada, where Korrency is based and from which the services are provided.
2.1.11: Device:
- Any device that can access the service such as a computer, a cellphone, or a digital tablet.
2.1.11: You
- The individual accessing or using the service, or the company, or other legal entity on behalf of which such individual is accessing or using the service, as applicable.
3. Information Collection
3.1: Types of Data Collected
3.1.1: Personal Data
To provide and enhance our services, we may require you to provide us with certain identifiable information, including but not limited to:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City
- Transaction details necessary for your financial activities on our platform
3.1.2. Personal Identification Data:
As part of our KYC (Know Your Customer) compliance, we collect detailed identification information to verify the identity of our users. This data includes:
- Government-issued ID numbers (such as social security numbers or national identification numbers)
- Passport details
- Driver's license numbers
- Any other documentation necessary for identity verification purposes
3.1.3. Biometric Data
- As part of our KYC (Know Your Customer) compliance, we collect biometric data, including face data, to authenticate user identities, enhance security measures, and ensure compliance with KYC regulations.
3.1.4. Usage Data
- We automatically collect data when you use our services. This may include information like your device's Internet Protocol address (IP address), browser type, browser version, our service pages that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.
3.1.5. Technical Data
- This includes your IP address, browser type, operating system, device information, and usage data.
3.1.6. Location Information
- We may collect and process information about your location to comply with regulatory requirements and to provide location- based services.
3.2: Methods of Data Collection
We collect Personal Data through various means including:
- Information you provide directly via our application or website forms.
- Automatically, as you navigate through the site (Usage Data collected through cookies and similar technologies).
- Biometric data collected through device cameras and sensors, with explicit user consent
- From third parties, such as credit bureaus or identity verification services.
4. Use of Collected Information
We use the collected data for various purposes to enhance and provide our services effectively:
4.1. How Korrency Uses the Collected Data
- Personal Identification Data: Korrency employs Personal Identification Data primarily to verify the identities of our users. This is critical in managing Peer-to-Peer (P2P) transactions, where trust and security are paramount. Verification processes help prevent fraud, money laundering, and other malicious activities by ensuring that all transactions are conducted between verified parties. Additionally, these data help Korrency adhere to legal standards and regulatory requirements, particularly under Know Your Customer (KYC) and Anti-Money Laundering (AML) laws.
- Biometric Data: Authenticate user identities, enhance security measures, and ensure compliance with KYC regulations. Biometric data is processed to verify the user's identity during registration and transactions to prevent fraud and ensure secure access.
- Service Provision: To administer and maintain our services, including monitoring the usage of our platform to ensure smooth operation and user satisfaction.
- Account Management: To manage registrations as users of the service, which allows access to different functionalities available to registered users.
- Communication: To contact you via email, telephone calls, or other equivalent forms of electronic communication related to updates, informative communications related to the functionalities, or services you have requested or inquired about.
- Transaction Processing: To process your transactions efficiently and ensure they are executed securely and accurately.
- Personalization: To tailor our services to your preferences and provide a more personalized experience by understanding your usage patterns and preferences.
- Security and Fraud Prevention: To enhance the security of our services, detect and prevent fraud, unauthorized transactions, claims, and other liabilities, and to manage risk exposure.
- Compliance with Legal Obligations: To comply with legal obligations, such as anti-money laundering (AML) and know your customer (KYC) regulations, and to protect your vital interests or the interests of others.
4.2. Legal Bases for Processing
We process your personal information under the following legal bases:
- Consent: We may rely on your freely-given consent to process certain personal data when legally required. You have the right to withdraw this consent at any time.
- Contract Performance: Processing of data necessary for the performance of a contract with you or to take steps at your request before entering into such a contract.
- Legal Requirements: Processing necessary to comply with our legal obligations, protect your vital interests, or in some cases, the public interest.
- Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services, understanding how our services are used, and enhancing user experience, provided these interests are not overridden by your data protection rights.
3.1.3. Biometric Data
- As part of our KYC (Know Your Customer) compliance, we collect biometric data, including face data, to authenticate user identities, enhance security measures, and ensure compliance with KYC regulations.
3.1.4. Usage Data
- We automatically collect data when you use our services. This may include information like your device's Internet Protocol address (IP address), browser type, browser version, our service pages that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.
3.1.5. Technical Data
- This includes your IP address, browser type, operating system, device information, and usage data.
3.1.6. Location Information
- We may collect and process information about your location to comply with regulatory requirements and to provide location- based services.
3.2: Methods of Data Collection
We collect Personal Data through various means including:
- Information you provide directly via our application or website forms.
- Automatically, as you navigate through the site (Usage Data collected through cookies and similar technologies).
- Biometric data collected through device cameras and sensors, with explicit user consent
- From third parties, such as credit bureaus or identity verification services.
5. Data Sharing and Disclosure
5.1: Circumstances Under Which Data Might Be Shared
- Service Providers: We share your information with third-party service providers who perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
- Affiliates: Your information may be shared within our corporate family of companies that are related by common ownership or control for internal administrative purposes and service enhancement.
- Business Transfers: In the event of a merger, acquisition, bankruptcy, or other sale of all or a portion of our assets, personal data held by us about our users may be one of the assets transferred to third parties in these types of transactions. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
- Biometric Data: We securely store and share biometric data only with third-party service providers for KYC verification. We do not share biometric data with other third parties unless required by law or with explicit user consent.
- Compliance with Laws: We may disclose your personal data to comply with any applicable law, regulation, legal process, or governmental request, including to meet national security or law enforcement requirements.
- Protection of Rights: We may disclose your personal data to enforce our terms and conditions, protect the rights, privacy, safety, or property of Korrency, you, or others, and respond to legal claims or proceedings.
- Consent: We may share your data with third parties when we have your consent to do so.
5.2: Measures to Ensure the Security of Data When Shared
We procWe require all third parties with whom we share your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions, and we use contracts and other measures to ensure they provide an adequate level of data protection.ess your personal information under the following legal bases:
- Data Protection Agreements: We enter into data protection agreements with all third-party service providers to ensure they adhere to robust data protection standards and practices.
- Biometric Data: Shared only with contracted service providers who adhere to stringent data protection and security standards.
- Data Encryption:We use encryption technologies to protect your data during transmission and storage.
- Access Controls: We implement strict access controls to limit access to your data to only those employees and third parties who need it to perform their job duties or provide services to you.
- Regular Audits: We conduct regular audits and assessments of our third-party service providers to ensure compliance with our data protection standards.
- Anonymization and Pseudonymization: Where possible, we anonymize or pseudonymize your data before sharing it with third parties to enhance privacy protection.
- Incident Response: We have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
6. User Rights and Control
6.1: Description of Users' Privacy Rights Under Canadian Law
Korrency respects the privacy rights granted to individuals under Canadian law, particularly under the Personal Information Protection and Electronic Documents Act (PIPEDA). Users of Korrency services have several rights concerning their personal data, including:
- Access: Users have the right to access their personal data held by Korrency. This allows individuals to verify the accuracy and the legality of the processing.
- Rectification: If any personal data is found to be inaccurate or incomplete, users have the right to have it corrected.
- Deletion: Users can request the deletion of their personal data when it is no longer necessary for the purposes for which it was collected, or if they withdraw their consent (if applicable).
- Restriction: Users have the right to restrict the processing of their personal data under certain circumstances, such as during the verification of the accuracy of the data or in cases of unlawful data processing.
- Portability: This right allows users to obtain a copy of their personal data in a structured, commonly used, and machine-readable format, and to have this data transmitted to another organization, where technically feasible.
- Consent Withdrawal: Users have the right to withdraw their consent to the processing of their personal data at any time, where consent was the basis for processing.
6.2: How Users Can Exercise Their Rights
To exercise these rights, users can contact Korrency's Data Protection Officer (DPO) via the contact details provided in our policy. Requests to access, correct, delete, or transfer personal data will be handled within a reasonable timeframe. Korrency will provide information on the actions taken in response to a request within 30 days of receiving the request. This period may be extended for particularly complex requests in accordance with applicable law.
- Verification: Users should provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative. Its also helpful to provide details about the information or action you are requesting to speed up the process.
- Response Time: We aim to respond to all requests within 30 days. If more time is needed due to the complexity of the request, we will inform you of the extension period and provide an explanation.
- Complaints: Korrency is committed to ensuring that the rights of all users are upheld with respect to their personal information. If a user feels that their rights have been infringed, they also have the right to lodge a complaint with the appropriate data protection authority.
8. Data Security
8.1. Security Measures in Place to Protect Data
Korrency takes the security of your personal data very seriously. We implement a variety of security measures to ensure the confidentiality, integrity, and availability of your data, including:
- Encryption: Personal data sent to and from our services is encrypted in transit using secure protocols.
- Access Controls: We restrict access to personal data to employees, contractors, and agents who need to know this information in order to process it. They are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
- Regular Audits: Our systems are regularly reviewed and tested to ensure we maintain the highest standards of security.
- Multi-Factor Authentication (MFA): We employ multi-factor authentication to add an extra layer of security to user accounts.
- Firewalls and Intrusion Detection Systems: Our network is protected by firewalls and monitored for any signs of unauthorized access or suspicious activity.
8.2. Policies on Data Breach Notification
In the unlikely event of a data breach, Korrency is committed to notifying relevant authorities and affected individuals in accordance with applicable legal requirements. We will take immediate steps to limit the damage by:
- Assessing the Risks: Evaluating the nature and scope of the breach and the potential risks to the rights and freedoms of individuals.
- Notifying Authorities: Informing the appropriate supervisory authority within 72 hours if the breach could potentially pose a risk to the rights and freedoms of individuals.
- Communicating with Affected Individuals: Notifying affected individuals without undue delay if the breach could result in a high risk to their personal rights and freedoms.
- Mitigating the Impact: Implementing measures to contain and mitigate the impact of the breach, such as changing passwords, enhancing security protocols, and monitoring affected systems.
- Documentation: Maintaining a detailed record of any personal data breaches, regardless of their effect, to address vulnerabilities and strengthen data protection measures in the future.
9. Data Retention
9.1. Criteria for Determining the Retention Period for Personal Data
Korrency retains personal data only as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. Specific retention periods may vary depending on the context of the personal data we collect and the purposes for which it is processed. We evaluate the necessity to retain personal data according to the following criteria:
- The duration of our ongoing relationship with you, including maintaining your account with us or the frequency of your use of our services.
- Whether there is a legal or business necessity to retain the data, such as compliance with legal obligations under applicable laws or for resolving disputes.
- Biometric data is retained only for as long as necessary to fulfill KYC requirements and comply with legal obligations. It is securely deleted once it is no longer needed for these purposes.
- The statute of limitations under applicable law(s).
9.2. How Data is Securely Disposed of When No Longer Needed
When personal data is no longer necessary for the purposes for which it is processed, no longer required by law, or past the retention period set out in our policies, Korrency takes appropriate measures to securely delete or anonymize such data. Our data disposal procedures are designed to:
- Prevent unauthorized access to or recovery of personal data.
- Ensure that data disposal is carried out using methods that respect the privacy of individuals, such as shredding documents and securely wiping electronic data.
- Comply with environmental standards and regulations regarding electronic waste.
10. Children's Privacy
10.1. Statement Regarding the Age Limitation
Korrency does not knowingly collect personal data from children under the age of 18. Our services are not directed to individuals under 18, and we request that these individuals do not provide personal data through our services.
10.2. Process for Handling Data Collected from Children
In the event that we discover that a child under the age of 18 has provided us with personal data, we will take steps to delete such information from our servers as quickly as possible. If you believe that we might have any information from or about a child under 18, please contact us at the provided contact information in our Privacy Policy. We commit to protecting the privacy and safety of minors in all our data collection practices.
11. Marketing Communications
11.1. Consent to Marketing:
At Korrency, we occasionally send updates and promotional offers to our users about our products and services that we believe may be of interest. We engage in such communications only with your explicit consent, which you may provide at the time of signing up for our services or at a later date.
11.2. Managing Your Preferences:
You have full control over receiving marketing communications from us. If you decide at any time that you no longer wish to receive such communications, you can opt out by:
- Following the unsubscribe instructions included in each marketing email
- Adjusting your user preferences in your account settings.
- Contacting us directly to remove your contact information from our marketing lists.
11.3. Important Administrative Messages:
Please note that when you opt out of receiving marketing communications, you will still receive administrative communications from us, such as order confirmations, system updates, and notices regarding changes to our terms or policies. These communications are necessary to ensure the ongoing provision of our services to you, and as such, there is no option to opt out from receiving them.
11.4. No Third-Party Direct Marketing:
We respect your privacy and do not sell or share your personal information with third parties for their direct marketing purposes without your explicit consent.
11.5: SMS and Email Consent
By using Korrency's services, you consent to receive SMS and email notifications, which may include promotional offers, updates on our services, and transactional messages related to your account activity. These communications are intended to keep you informed about features, improvements, and opportunities relevant to your use of Korrency.You have the right to opt out of receiving marketing-related communications at any time. To do so, you may follow the unsubscribe instructions included in any marketing email or adjust your communication preferences in your account settings. Alternatively, you may contact us directly to request removal from marketing lists.Please note that opting out of marketing communications does not impact your ability to receive important administrative messages, such as security alerts, transaction confirmations, and updates related to your account or service terms. These communications are essential to your continued use of our services and, as such, cannot be opted out of.
12. Access to Your Contact List
12.1. Purpose of Access:
Korrency may access your contact list on your mobile device only with your express permission. This feature is designed to enhance your experience by enabling you to easily identify and interact with friends and family who are also using Korrency. It allows you to send money directly to their Korrency accounts by searching for their phone number, email address, or username.
12.2. How We Use Your Contacts:
With your explicit consent, we use the information from your contact list to:
- Help you quickly find and interact with your contacts on Korrency.
- Inform you about which of your contacts are using Korrency, facilitating easier and free transactions within the network.
12.3. Consent and Control:
Access to your contact list occurs strictly based on your explicit consent. You will be prompted to grant permission, and you can choose to deny or revoke this permission at any time through your device settings.
12.4. Privacy and Security:
4. Privacy and Security: We respect the privacy of your contacts. The information accessed will not be used for any other purposes such as marketing or promotional communications, nor will we send messages to your contacts without further consent. All data is processed in accordance with Korrency's Privacy Policy and applicable data protection laws to ensure the security and confidentiality of your personal information.
13. International Data Transfers
13.1. Information on Cross-Border Data Transfers
Korrency operates globally, and we may transfer your personal information to countries other than the one in which the information was originally collected. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your personal information to other countries, we will protect that information as described in this Privacy Policy or as disclosed to you at the time the data is collected.
13.2. Safeguards in Place for International Transfers
To ensure the security of your data during international transfers, Korrency employs robust safeguards, including the use of Standard Contractual Clauses approved by the European Commission, obtaining your consent for specific transfers, or relying on the adequacy decisions of certain countries. These measures are designed to provide a level of security for data transferred outside of Canada that is consistent with and respectful of existing data protection laws.
- Prevent unauthorized access to or recovery of personal data.
- Ensure that data disposal is carried out using methods that respect the privacy of individuals, such as shredding documents and securely wiping electronic data.
- Comply with environmental standards and regulations regarding electronic waste.
14. Third-Party Websites
14.1. Disclaimer about Third-Party Links on Korrency's Service
Our service may contain links to websites operated by third parties. These third-party websites are not under Korrency's control, and we are not responsible for the privacy practices or the content of such websites. We provide these links only for your convenience, and the inclusion of such links does not imply endorsement of the material on these sites or any association with their operators. We strongly encourage you to become familiar with the privacy practices of these third-party sites before providing them with personal information.
15. Changes to the Privacy Policy
15.1. How Changes to the Policy Will Be Communicated to Users
Korrency reserves the right to update or modify this Privacy Policy at any time and from time to time without prior notice. However, we will inform you of any significant changes by posting a notice on our website, through email notifications, or through other appropriate communication channels. We encourage you to review this policy periodically to stay informed about how we are protecting the personal information we collect. Your continued use of the service after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.
16. Compliance and Cooperation with Regulatory Authorities
16.1. Overview of Compliance with Privacy Laws
Korrency is committed to complying with all applicable privacy laws and regulations, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and other regional and international data protection laws that apply to our operations. We have implemented policies and procedures designed to ensure that your personal data is collected, used, and disclosed in compliance with the relevant legal frameworks.
16.2. Cooperation with Data Protection Authorities
Korrency cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of Korrency or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, unethical or legally actionable activity.
17. Contact Information
17.1. How to Contact Korrency About Privacy Concerns
If you have any questions or concerns about this Privacy Policy or our data practices, or if you need to update, correct or delete your personal information, please contact us at any time. Our dedicated team is available to address any issues or concerns you may have regarding your privacy and data protection at Korrency.
17.2. Contact details:
- Email: dataprivacy@korrency.com
- Postal Address:
Privacy Officer,
Korrency Exchange Inc.,
7030 Woodbine Ave., Suite 500,
Markham, Ontario L3R 6G2, Canada
18. Effective Date
18.1. When the Privacy Policy Becomes Effective
This Privacy Policy is effective as of April 12, 2024. We encourage you to review this policy periodically. Any changes or updates will be effective immediately upon posting to our website, and your use of our services following these changes means that you accept the revised Privacy Policy.
.svg)
.svg)
