DigitalCap FX

Menu

Privacy Policy

Effective Date: 1 JULY 2024
Last Updated:  11th JULY 2024

At Digital Cap FX Ltd (“we,” “us,” “our”), we are committed to safeguarding the privacy of our customers and users. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our services, and how we comply with Canadian and Ontario privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial regulations such as Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA). By using our services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

  1. Information We Collect
We collect personal information for various purposes to provide and improve our services:
  • Personal Identification Information: Name, contact details (address, email, phone number), date of birth, and identification documents (passport, driver’s license, etc.).
  • Financial Information: Bank account details, payment card information, transaction histories, and remittance records.
  • Transactional Data: Information related to payments, recipients, amounts, and timestamps.
  • Technical Data: IP address, device type, browser type, and other metadata from your interactions with our platform.
  • Communication Records: Emails, customer support interactions, and any other communication for the purposes of troubleshooting or service improvement.

  1. How We Use Your Information
We use your personal information for the following purposes:
  • Service Provision: To facilitate remittance services, including verifying your identity, processing payments, and ensuring the proper delivery of funds.
  • Compliance with Legal Requirements: We collect information as required under laws, including anti-money laundering (AML) and counter-terrorist financing (CTF) regulations, to monitor, detect, and report suspicious activities to regulatory authorities such as FINTRAC.
  • Data Analytics: To improve our website and services by analyzing user behavior and technical data.
  • Marketing Communications (with Consent): With your explicit consent, we may send you promotional materials or newsletters. You can opt out of these communications at any time.

  1. Legal Basis for Processing Personal Data
We collect and process personal information with your explicit consent or as otherwise permitted by law. In particular, the legal grounds for processing personal data include:
  • Contractual Necessity: The processing of your data is necessary for us to deliver the services you have requested.
  • Legal Obligation: We are required to collect certain personal information to comply with financial regulations and AML laws.
  • Legitimate Interests: We may process your information for legitimate business interests, such as improving services or ensuring security, where your rights are not overridden.

  1. Data Subject Rights
As a data subject, you have certain rights regarding your personal information, which we are committed to respecting:
  • Right to Access: You can request access to the personal data we hold about you and information on how it is being used.
  • Right to Rectification: You have the right to request the correction of any inaccurate or incomplete personal information.
  • Right to Erasure (“Right to be Forgotten”): You may request the deletion of your personal information under certain conditions, such as when the data is no longer needed for its original purpose or when you withdraw your consent.
  • Right to Data Portability: You can request a copy of your personal information in a structured, commonly used, and machine-readable format, and where technically feasible, to have that information transmitted to another data controller.
  • Right to Restrict Processing: You may request that we limit the processing of your personal data if you contest its accuracy or the lawfulness of its processing.
  • Right to Object: You can object to the processing of your personal data for direct marketing purposes or when the processing is based on our legitimate interest.
  • Right to Withdraw Consent: You have the right to withdraw your consent at any time, although this may affect your ability to use certain services.
To exercise any of these rights, please contact us using the information provided at the end of this policy.

  1. Data Storage and Security
We take extensive measures to ensure that your personal data is securely stored and processed:
  • Data Centers: We store and process your personal information on secure servers located exclusively within Canada and the United States. These data centers are selected based on compliance with Canadian data protection laws and international best practices for data security.
  • Encryption: We employ encryption technologies (both in transit and at rest) to safeguard your personal and financial data.
  • Data Warehousing: Personal data is stored in secure data warehouses that comply with the highest industry standards, including ISO 27001 and SOC 2 certifications.
  • Access Controls: Access to personal data is strictly limited to authorized personnel with role-based permissions. Only employees or third-party service providers who require access to perform specific functions (such as technical support or financial transaction processing) are granted access to personal information.

  1. Role-Based Access and Data Security Protocols
We adhere to the principle of least privilege, meaning that individuals within our organization and third-party service providers only have access to the data necessary for their role:
  • Role-Based Access: Access to personal and financial data is controlled through a multi-layered permission system, ensuring that only authorized individuals can access sensitive information.
  • Audits and Logs: Access to personal data is logged, and regular audits are conducted to ensure compliance with internal policies and external regulations.
  • Third-Party Access: When third-party service providers are involved (e.g., payment processors or identity verification providers), they are bound by strict confidentiality agreements and undergo due diligence to ensure compliance with our privacy and security standards.
  • Regular Security Reviews: We conduct routine security reviews, vulnerability assessments, and penetration tests to protect against unauthorized access and data breaches.

  1. Data Sharing and Disclosure
We do not sell or rent your personal information to third parties. We may share your data with third parties in the following circumstances:
  • Service Providers: We engage trusted third-party service providers to assist us in delivering our services. These providers are contractually obligated to protect your personal data and are only authorized to use it for the purposes of delivering the services they provide to us (e.g., payment processors, identity verification services).
  • Regulatory Compliance: We may disclose personal information to regulatory bodies, law enforcement, or government authorities if required by law, including compliance with AML and CTF regulations.
  • Business Transactions: In the event of a merger, acquisition, or sale of all or part of our business, your personal data may be transferred to the successor entity, subject to appropriate confidentiality and privacy protections.

  1. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Retention periods are determined by considering:
  • Regulatory Requirements: Certain data must be retained to meet legal and regulatory requirements, such as AML and financial record-keeping obligations.
  • Business Purposes: Data is retained to fulfill contractual obligations or for legitimate business purposes, such as resolving disputes, enforcing agreements, or ensuring continuity of service.
  • Deletion or Anonymization: When your data is no longer required, we securely delete or anonymize it to prevent unauthorized access or disclosure.

  1. Data Transfers
When your personal information is transferred to service providers located in jurisdictions outside of Canada, including the United States, we ensure that the data is afforded the same level of protection required under Canadian law. This is achieved through contractual clauses, encryption, and compliance with local data protection regulations.

  1. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in legal requirements, our business practices, or technological advancements. Any changes to the policy will be posted on our website, and the “Last Updated” date will be revised accordingly. We encourage you to review the Privacy Policy regularly to stay informed of any updates.

  1. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the protection of your personal data, please contact us: Digital Cap FX Ltd. Address: Unit 64 Oakville, Ontario, L6M0L6 Canada. Email: Privacy@digitalcapfx.com
Switch Language