Effective Date: 1 JULY 2024
Last Updated: 11th JULY 2024
At Digital Cap FX Ltd (“we,” “us,” “our”), we are committed to safeguarding the privacy of our customers and users. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our services, and how we comply with Canadian and Ontario privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial regulations such as Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA). By using our services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.
Last Updated: 11th JULY 2024
At Digital Cap FX Ltd (“we,” “us,” “our”), we are committed to safeguarding the privacy of our customers and users. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our services, and how we comply with Canadian and Ontario privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial regulations such as Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA). By using our services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.
- Information We Collect
- Personal Identification Information: Name, contact details (address, email, phone number), date of birth, and identification documents (passport, driver’s license, etc.).
- Financial Information: Bank account details, payment card information, transaction histories, and remittance records.
- Transactional Data: Information related to payments, recipients, amounts, and timestamps.
- Technical Data: IP address, device type, browser type, and other metadata from your interactions with our platform.
- Communication Records: Emails, customer support interactions, and any other communication for the purposes of troubleshooting or service improvement.
- How We Use Your Information
- Service Provision: To facilitate remittance services, including verifying your identity, processing payments, and ensuring the proper delivery of funds.
- Compliance with Legal Requirements: We collect information as required under laws, including anti-money laundering (AML) and counter-terrorist financing (CTF) regulations, to monitor, detect, and report suspicious activities to regulatory authorities such as FINTRAC.
- Data Analytics: To improve our website and services by analyzing user behavior and technical data.
- Marketing Communications (with Consent): With your explicit consent, we may send you promotional materials or newsletters. You can opt out of these communications at any time.
- Legal Basis for Processing Personal Data
- Contractual Necessity: The processing of your data is necessary for us to deliver the services you have requested.
- Legal Obligation: We are required to collect certain personal information to comply with financial regulations and AML laws.
- Legitimate Interests: We may process your information for legitimate business interests, such as improving services or ensuring security, where your rights are not overridden.
- Data Subject Rights
- Right to Access: You can request access to the personal data we hold about you and information on how it is being used.
- Right to Rectification: You have the right to request the correction of any inaccurate or incomplete personal information.
- Right to Erasure (“Right to be Forgotten”): You may request the deletion of your personal information under certain conditions, such as when the data is no longer needed for its original purpose or when you withdraw your consent.
- Right to Data Portability: You can request a copy of your personal information in a structured, commonly used, and machine-readable format, and where technically feasible, to have that information transmitted to another data controller.
- Right to Restrict Processing: You may request that we limit the processing of your personal data if you contest its accuracy or the lawfulness of its processing.
- Right to Object: You can object to the processing of your personal data for direct marketing purposes or when the processing is based on our legitimate interest.
- Right to Withdraw Consent: You have the right to withdraw your consent at any time, although this may affect your ability to use certain services.
- Data Storage and Security
- Data Centers: We store and process your personal information on secure servers located exclusively within Canada and the United States. These data centers are selected based on compliance with Canadian data protection laws and international best practices for data security.
- Encryption: We employ encryption technologies (both in transit and at rest) to safeguard your personal and financial data.
- Data Warehousing: Personal data is stored in secure data warehouses that comply with the highest industry standards, including ISO 27001 and SOC 2 certifications.
- Access Controls: Access to personal data is strictly limited to authorized personnel with role-based permissions. Only employees or third-party service providers who require access to perform specific functions (such as technical support or financial transaction processing) are granted access to personal information.
- Role-Based Access and Data Security Protocols
- Role-Based Access: Access to personal and financial data is controlled through a multi-layered permission system, ensuring that only authorized individuals can access sensitive information.
- Audits and Logs: Access to personal data is logged, and regular audits are conducted to ensure compliance with internal policies and external regulations.
- Third-Party Access: When third-party service providers are involved (e.g., payment processors or identity verification providers), they are bound by strict confidentiality agreements and undergo due diligence to ensure compliance with our privacy and security standards.
- Regular Security Reviews: We conduct routine security reviews, vulnerability assessments, and penetration tests to protect against unauthorized access and data breaches.
- Data Sharing and Disclosure
- Service Providers: We engage trusted third-party service providers to assist us in delivering our services. These providers are contractually obligated to protect your personal data and are only authorized to use it for the purposes of delivering the services they provide to us (e.g., payment processors, identity verification services).
- Regulatory Compliance: We may disclose personal information to regulatory bodies, law enforcement, or government authorities if required by law, including compliance with AML and CTF regulations.
- Business Transactions: In the event of a merger, acquisition, or sale of all or part of our business, your personal data may be transferred to the successor entity, subject to appropriate confidentiality and privacy protections.
- Data Retention
- Regulatory Requirements: Certain data must be retained to meet legal and regulatory requirements, such as AML and financial record-keeping obligations.
- Business Purposes: Data is retained to fulfill contractual obligations or for legitimate business purposes, such as resolving disputes, enforcing agreements, or ensuring continuity of service.
- Deletion or Anonymization: When your data is no longer required, we securely delete or anonymize it to prevent unauthorized access or disclosure.
- Data Transfers
- Changes to This Privacy Policy
- Contact Us