Privacy
1. Scope
This Annex 4 Data protection contains Grizit’s terms in respect of processing of data (hereafter "Privacy Terms"). Capitalized terms used in this Annex have the meaning set forth in Annex 1. These Privacy Terms apply to You as customers and any visitor of the Website and relates to any processing of your personal data that takes place through the Website or through communications or exchanges with Grizit (whether within or outside the context of the Services). We reserve the right to amend these Privacy Terms and will notify you thereof. Article 2.5 of the Terms of Use also applies to such changes .The processing of personal data on Grizit or via communications with Grizit is also subject to the provisions of the General Data Protection Regulation (GDPR) https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=NL The definitions used shall have the meaning as defined in the GDPR.
2. Entity responsible for processing your personal data.
Grizit is, when it collects and processes your personal data, the controller for the processing of this data.
3. Data being processed.
The following information may be collected, processed and stored by Grizit:
A) Directly identifying information may be processed by Grizit, if You have yourself provided Grizit with this information (for example by communicating with Grizit). You are not obliged to provide Grizit this information or to agree with the processing thereof. However, in certain cases such communication will need to take place to ensure proper service provision or to comply with applicable law.
In this context Grizit :
A.1 will process information required for the performance of the contract
* Your surname and first name, address, nationality
* Your email address
* Your phone number
* VAT number
* Financial information
A.2 may process personal information required by law in the context of our know your customer obligations
In case You are a natural person:
* Your surname;
* Your first name;
* Your date of birth;
* Your place of birth;
* Your address;
* Your nationality;
* A copy of your identity card or passport.
In case You are a legal person the following personal information may be processed in the context of identifying the legal person to the extent You would qualify as one of the concerned persons:
* For each member of the board of directors, the above listed personal data for natural persons;
* For each ultimate beneficiary person(s), the above listed personal data for natural persons.
A.3 will process information voluntarily provided by You and used by Provider to increase security and verify your identity;
* A scan of your utility bill
* A selfie
B) Grizit may process certain information when You visit the Website or internet based Services, namely:
B.1 information concerning the pages You have consulted on the Website and the activities you have performed via the Website;
B.2 identification information You have given us voluntarily (for example by registering on the Website, or subscribing to newsletters);
B.3 certain non-directly identifying data, such as the type of browser You are using, the operating system You are using or your IP address or the technologies with which you have accessed our Website.
4. Purposes of the processing.
Grizit can process your personal data for (one of) the following purposes, based on one or more legal grounds:
* To ensure the provision of the Services ordered by you The information under A.1, A.2 and A.3 will be used to provide the Services ordered by You and in particular to create your account and your Wallet, to verify your identity and your status as contract party in the course of your use of the Wallet (in particular in case of recovery of your private key or to reset your login or pincode) or for performing our Services in the context of Transactions (and amongst others when you contact our service desk);. Grizit processes this data based on the legitimate interest it has in providing the Services in compliance with the agreement.
* To comply with know your customer obligations imposed by law The information under A.2 may be processed with a view to performing know your customer obligations imposed by law and any related reporting obligations. Grizit processes this data based on the legitimate interest it has in complying with law.
* To ensure the technical and functional management of the Website and the provision of the ordered Services The information under B) may be processed to ensure the good functioning of the Website and the Services and to enhance their use. Grizit processes this data based on the legitimate interest it has in providing a good functioning Website and Services.
* To inform You about our events, about developments related to subjects that might be of interest to You and about our services, or for direct marketing purposes. Grizit processes the data under A) and B.2) based on your explicit consent and Grizit's legitimate interest to keep its clients informed of its activities and services.
* To answer your questions and job inquiries Grizit processes the data under A) or B.2 based on your explicit consent, your contractual relationship with us or your request to take steps prior to entering into a contract.
5. Third party access to your personal data
Grizit may rely on the services provided by third parties to perform certain (processing) activities. Grizit uses in the context of its Services servers that are rented by a third party and that are located at the premises of this third party. This third party has no access to the data hosted on these services. Grizit may provide your data as mentioned under A.2 to a subcontractor who will provide to Grizit the services of performing the know-your-customer verifications based on Grizit’s instructions. You hereby agree to the provisions of your data mentioned under A.2 to such subcontractor for the purpose mentioned. Grizit may, upon your request and with your consent, transfer your personal data under 4.A) to third parties in the context of the integration of your Wallet with other IT-applications. In this case you will be requested via appropriate technical means to provide your consent with such transfer and You will conclude directly with such third party into the required data processing agreements. Grizit will enter into the necessary processing agreements with these third parties (if required) and will use its best efforts to ensure that they contain similar provisions on data protection as contained in this Privacy Policy and that they guarantee the same level of security and confidentiality of your personal data. Grizit does not provide any personal data to other third parties, except if required by law or by an order of a competent court of regulatory authority to do so.
6. Protection and storing of your personal data
Grizit undertakes to implement the security measures, which can reasonably be expected in order to protect your personal data from destruction, loss, modification or any other unauthorized processing. In particular Grizit will amongst others implement the following security measures:
A) Technical security measures
* User data is stored on a server with no public IP address. Only specific servers are able to contact this server in a separate private network;
* SSH connection to public servers can only be done from the (virtual) private network at Grizit;
* User passwords are always hashed (not stored in plain text);
* User data is stored in a database with access control; and
* All user data (which is inside the database) is encrypted at rest.
B) Operational security measures
* Access to user data is restricted to certain team members and can be revoked at any time.
Grizit will not store any of your personal data any longer than is necessary for the specific purposes for which it is stored, taking into account Grizit’s contractual and legal obligations with regard to this data and Grizit’s mission to correctly answer customer questions and to provide the Services in compliance with the Agreement.
7. Exercise of personal rights related to your personal data
You have the following rights in respect of your personal data being processed by Grizit:
* the right to request free access to the personal data processed;
* the right to request the correction or removal of your data;
* the right to request a restriction of the processing;
* the right to request the portability of your data; and
* the right to object to the processing of your personal data (in the case of direct marketing without any substantiation).
In case the processing of your personal data is based on your consent, You have the right to revoke this consent at any time. However, such a revocation does not affect the lawfulness of any processing prior to this revocation. If You intend to use any of your above-mentioned rights, please do so by directing your request to moc.tizirg%40ofni or by a letter to Grizit (see address below). We cannot handle your request without proof of your identity and the applicable legislation may impose conditions on exercising the above rights. Grizit will request a copy of your identification document as proof that You are indeed concerned by the personal data and thus entitled to rights mentioned above. Grizit will use its best efforts to respond to your request without undue delay after receipt of your request. You should bear in mind that Grizit will not always be obliged to comply with your request for access, correction, removal or transfer. This is because of our legal obligations, for the establishment, exercise or substantiation of a legal claim or the legitimate exercise of the right of freedom of expression and / or information. You also have the right to file a complaint with the Data Protection Authority. Such a complaint can be filed either by post directed at Rue de la Presse 35, 1000 Brussels or through an e-mail to eb.noissimmocycavirp%40noissimmoc