Privacy Notice

Welcome to https://echofinance.io/ (the “Site”). We understand that privacy online is important to users of our Site, especially when conducting business. We are committed to protecting the privacy of our customers and other users of our Site.

This Privacy Notice describes the types of personal information that we collect, the purposes for which we collect it, the third parties with whom we share it, and how we protect its security. It also explains the rights that you, as individuals, have in respect to your personal data, and how to contact us about these matters.

We process any personal data that we collect in accordance with Data Protection Legislation and the provisions of this Privacy Notice.

This Privacy Notice should be read in conjunction with our Digital Analytics Policy / Cookies Policy .

Definitions

“Data Protection Legislation” means all applicable legislation relating to privacy or data protection, including, but not limited to, and to the extent applicable, the EU General Data Protection Regulation 2016/679 ("GDPR"), and the Isle of Man Data Protection Act 2018.

“You” or "your" may be our customers, or other users of our Site.

“We” or “us” means Echochain Limited.

“KYC” stands for Know Your Client which is a process of identifying and assessing customers and applicants for business in compliance with our legal obligations to do so under anti-money laundering laws.

“Anti-money laundering laws” is short for anti-money laundering and countering the financing of terrorism and proliferation laws.

What is personal data?

“Personal data” means information that can be used to identify you as a natural person.

Legal basis for using your personal data

We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following:

Performance of our contract with you

We need certain personal data to provide our services and cannot provide them without this personal data.

Legal obligations

In some cases, we have a legal responsibility to collect and store your personal data (for example, under anti-money laundering laws we must hold certain information about our customers, including KYC information, source of funds, and in certain circumstances source of wealth).

Legitimate interests

We sometimes collect and use your personal data because we have a legitimate reason to use it and this is reasonable when balanced against your human rights and freedoms.

Substantial public interest

Where we process your personal data, or your sensitive personal data (sometimes known as special category personal data), to adhere to government regulations or guidance, such as our obligation to prevent fraud or support you if you are or become a vulnerable customer.

Consent

Where you have agreed to us collecting your personal data, or sensitive personal data, for example when you tick a box to indicate you are happy for us to use your personal data in a certain way.

We explain more about how we use your personal data in the How we use your personal data section below.

What personal data we collect and process about you

We may collect and process your personal data where you provide that information to us, where we collect information from you automatically to the extent permitted by law, or where we have received your information from other sources. We will process information about you, and the business you conduct with us, in physical and electronic form.

Information you give us:

To open an account and access our services, we may ask you to provide us with some information about yourself. This information is either required by law (eg to verify your identity as part of KYC procedures in compliance with anti-money laundering laws), necessary to provide our services (eg your contact information), or is relevant for other specific purposes as set out below. We may not be able to provide our services to you if you do not provide this information.

Information is also provided by you when you access our Site, fill in forms, correspond with us, respond to any of our surveys, or interact with us on social media.

Types of personal data that you provide to us will include some or all of the following:

Full name, residential address and country, gender, date of birth, nationality, signature, photographs, email and other types of digital addresses
Your image in photographic or video form, and sensitive biometric data from facial scans of your image to verify your identity and to authenticate you as an authorised user
Government identifiers from government bodies and government issued identity documents such as passports, national identification numbers, tax reference numbers, driving licences
Other identification and eligibility documentation
Financial Information including bank account information, payment card information, source of funds, source of wealth, job title, place and industry in which you work, employer or business(es) owned, salary and net worth, countries related to each aspect of the financial information
Other communications from you in any form

Providing information about others:

If any information (including special categories of personal data) that you provide to us relates to any third party, by providing us with such information, you confirm that you have obtained any necessary permissions from such persons regarding the reasonable use of their information in accordance with this Privacy Notice or are otherwise permitted to give us this information on their behalf.

Information that we will collect automatically from your use of our products and services:

Information about your visit to our Site as a visitor or as a customer, including profile and usage data which encompasses technical information including your IP address, device, software, and connectivity information, using cookies and other internet tracking software. We process how you access and use our Site, the links you click, and the services you view. We may also collect information about your location, the device you use to access our Site, and your online behaviour
Information about the transactions you make when utilising our products and services including details of the payments into and out of your account

Information that we collect from third parties:

Compliance screening checks utilising digital compliance screening products available on the open market from commercial companies. This screening may include ongoing KYC checks and transactional behaviour in compliance with our legal obligations (including anti-money laundering laws, and international sanctions), and to detect and prevent fraud
We collect information and contact details from publicly available sources such as media stories, online registers and directories, and websites for enhanced KYC checks and marketing purposes. This includes information from social media
Transactional information such as blockchain data and retail merchant information which both include transaction details such as names and IDs, date and time, amounts, account and wallet details and addresses, contact information

Please see our Digital Analytics Policy for further details.

How we use your personal data

Our primary purpose in collecting and processing your personal data is to provide our services in a secure, efficient, and confidential manner. We also use your personal data to improve our services, for advertising, to comply with applicable laws and regulation, and to detect and prevent fraud.

Purpose of our use of your personal data	Our legal basis for using your personal data
*Providing our services:-* To confirm your eligibility for our services To decide whether or not to accept you as a customer and whether to provide specific products and services to you To meet our contractual obligations with you to provide our services (eg making transactions on your account) To provide information to you on your use of our services To provide you with customer support services and to help us address customer support issues. We will monitor and record all customer support communications in order to check your requirements, analyse them to develop and improve our services, and for training and quality purposes	Performance of the contract and agreements between you and us Legitimate interests (we need to be efficient about how we meet our obligations and we want to provide you with good products and services) Legal obligations
*Keeping our services up and running and maintaining the safety, security and integrity of our services:-* To check your identity for authentication purposes when you use our services to prevent unauthorised access. This may include facial scan data extracted from a photograph or video (known as ‘biometric data’ which falls into the category of sensitive or special personal data – see Sensitive Personal Data section below for further information) To keep our Site safe and secure To manage our Site (including troubleshooting, data analysis, testing, research, statistical and survey purposes), and to make sure that content is presented in the most effective way for you and your device in order to maintain the performance of our Site and services To tell you about changes to our products and services To allow you to take part in interactive features of our services To prepare business forecasts	Performance of the contract and agreements between you and us Legitimate interests (to be efficient about how we meet our obligations and keep to regulations that apply to us and to present content as effectively as possible for you) Consent (where required by law)
*Improving our products and services through research and innovation:-* To analyse your use of our Site and products and services, and your preferences for enhanced or new products and services, whether through use of our Site and services or through direct communications, in order to maintain and or improve your user experience	Legitimate interests (to understand how customers and visitors to our Site use our services so we can develop new products and improve the products we currently provide).
*Marketing and providing products and services that might interest you:-* To personalise your experience of our services and marketing messages about our products and services so that they are more relevant and interesting to you (where allowed by law). This may include analysing how you use our services and your transactions. You can object to profiling for direct marketing purposes (see Your Rights section below). To ask your opinion about our products and services Where your consent is required by law for us to send marketing messages to you, we will obtain your consent in advance. You can withdraw your consent or adjust your preferences at any time using the privacy settings on the Site or by tapping the ‘unsubscribe’ links in any marketing message we send you. Please note that you may receive generic information about our products and services on our Site.	Legitimate interests (to send direct marketing, ensure our direct marketing is relevant to your interests, develop our products and services, and to be efficient about how we meet our legal and contractual duties) Consent (where we’re legally required to get your consent to send you direct marketing about our products or services)
*Complying with our legal and regulatory obligations and protecting against fraud:-* To confirm your eligibility for our services, to decide whether or not to accept you as a customer and whether or not to provide specific products and services to you, and to continue to provide services to you, we will: check your identity as part of our KYC process This may include facial scan data extracted from a photograph or video (known as ‘biometric data’ which falls into the category of sensitive or special personal data – see Sensitive personal data section below for further information) collect, record, regularly review, and assess KYC information and full customer due diligence ( including your identity, circumstances, source of funds, where applicable source of wealth, and transactional information) To share with third parties such as government authorities including regulators, law enforcement authorities, and tax authorities To help detect and prevent financial and other crime including fraud	Legal obligations Consent (where required by law) Substantial public interests (if we process your sensitive personal data to comply with legal requirements that apply to us) Legitimate interests (to develop and improve how we deal with financial crime and meet our legal responsibilities, and to manage our and your risk)
*Enforcing our rights and protecting our business:-* To protect ourselves, including our rights, property, personnel or products To exercise our rights under our contract with you including debt recovery In connection with legal claims	Legitimate interests (eg to protect ourselves during a legal dispute and to manage our risk)

Purpose of our use of your personal data

Our legal basis for using your personal data

Providing our services:-

To confirm your eligibility for our services

To decide whether or not to accept you as a customer and whether to provide specific products and services to you

To meet our contractual obligations with you to provide our services (eg making transactions on your account)

To provide information to you on your use of our services

To provide you with customer support services and to help us address customer support issues. We will monitor and record all customer support communications in order to check your requirements, analyse them to develop and improve our services, and for training and quality purposes

Performance of the contract and agreements between you and us

Legitimate interests (we need to be efficient about how we meet our obligations and we want to provide you with good products and services)

Legal obligations

Keeping our services up and running and maintaining the safety, security and integrity of our services:-

To check your identity for authentication purposes when you use our services to prevent unauthorised access. This may include facial scan data extracted from a photograph or video (known as ‘biometric data’ which falls into the category of sensitive or special personal data – see Sensitive Personal Data section below for further information)

To keep our Site safe and secure

To manage our Site (including troubleshooting, data analysis, testing, research, statistical and survey purposes), and to make sure that content is presented in the most effective way for you and your device in order to maintain the performance of our Site and services

To tell you about changes to our products and services

To allow you to take part in interactive features of our services

To prepare business forecasts

Performance of the contract and agreements between you and us

Legitimate interests (to be efficient about how we meet our obligations and keep to regulations that apply to us and to present content as effectively as possible for you)

Consent (where required by law)

Improving our products and services through research and innovation:-

To analyse your use of our Site and products and services, and your preferences for enhanced or new products and services, whether through use of our Site and services or through direct communications, in order to maintain and or improve your user experience

Legitimate interests (to understand how customers and visitors to our Site use our services so we can develop new products and improve the products we currently provide).

Marketing and providing products and services that might interest you:-

To personalise your experience of our services and marketing messages about our products and services so that they are more relevant and interesting to you (where allowed by law). This may include analysing how you use our services and your transactions. You can object to profiling for direct marketing purposes (see Your Rights section below).

To ask your opinion about our products and services

Where your consent is required by law for us to send marketing messages to you, we will obtain your consent in advance. You can withdraw your consent or adjust your preferences at any time using the privacy settings on the Site or by tapping the ‘unsubscribe’ links in any marketing message we send you.

Please note that you may receive generic information about our products and services on our Site.

Legitimate interests (to send direct marketing, ensure our direct marketing is relevant to your interests, develop our products and services, and to be efficient about how we meet our legal and contractual duties)

Consent (where we’re legally required to get your consent to send you direct marketing about our products or services)

Complying with our legal and regulatory obligations and protecting against fraud:-

To confirm your eligibility for our services, to decide whether or not to accept you as a customer and whether or not to provide specific products and services to you, and to continue to provide services to you, we will:

check your identity as part of our KYC process

This may include facial scan data extracted from a photograph or video (known as ‘biometric data’ which falls into the category of sensitive or special personal data – see Sensitive personal data section below for further information)

collect, record, regularly review, and assess KYC information and full customer due diligence ( including your identity, circumstances, source of funds, where applicable source of wealth, and transactional information)

To share with third parties such as government authorities including regulators, law enforcement authorities, and tax authorities

To help detect and prevent financial and other crime including fraud

Legal obligations

Consent (where required by law)

Substantial public interests (if we process your sensitive personal data to comply with legal requirements that apply to us)

Legitimate interests (to develop and improve how we deal with financial crime and meet our legal responsibilities, and to manage our and your risk)

Enforcing our rights and protecting our business:-

To protect ourselves, including our rights, property, personnel or products

To exercise our rights under our contract with you including debt recovery

In connection with legal claims

Legitimate interests (eg to protect ourselves during a legal dispute and to manage our risk)

Automated decision making and profiling

We may make automated decisions about you. This means that we may use technology that can evaluate your personal circumstances and other factors to predict risks or outcomes. This is sometimes known as profiling. We do this for the efficient running of our services and to ensure decisions are fair, consistent and based on the right information.

Where we make an automated decision about you, you have the right to ask that it is manually reviewed by a person. You can find out more about this in the Your rights section below.

Sensitive Personal Data

Sensitive, or ‘Special Category’, personal data is information relating to an individual’s race, sex life or orientation, politics, religion or belief, health, trade union membership, and genetic and biometric information.

In certain circumstances, we will collect information that falls within this category. This is most likely to be biometric data when used to identify you for onboarding KYC purposes, ongoing customer due diligence, and user authentication purposes.

We seek to limit any sensitive personal data that we collect and, unless we have other specific lawful reasons to use this information (such as in an emergency situation), we will ask for your explicit consent to collect it.

Children

We do not allow anyone under the age of 18 to use our services and we do not knowingly request or collect any information about persons under the age of 18. If you are under the age of 18, please do not provide any personal information to us.

If a customer submitting personal information is suspected of being younger than 18 years of age, we will require that person to close his or her account, and will take steps to delete the individual’s information as soon as possible.

Sharing your personal data

Your personal data is kept confidential, however, we may share information about you with third parties (including in other countries which both have equivalent privacy laws and which have potentially less robust privacy laws). Where we share such information, we will ensure that, where applicable, any such disclosure is compliant with Data Protection Legislation.

We may share personal data with third parties as necessary for any of the following purposes:

Provision of our services in accordance with our terms and conditions and any other relevant contracts
To comply with applicable law or regulation
To protect the safety of our employees, the public or our property
To comply with a judicial proceeding, court order or legal process
In the event of a merger, asset sale, or other related transaction or
For the prevention or detection of crime (including fraud)

The recipients,or categories of recipients, of your information may be:

Those to whom you have consented that we do so
Our service providers, to the extent needed for them to provide services to us
Any revenue service or tax authority, if so entitled under applicable law and regulations, and international reporting obligations
Regulators and courts and other legal authorities, including law enforcement authorities in connection with their duties
Fraud prevention agencies, crime enforcement agencies and terrorism prevention agencies that will use it to detect, investigate and prevent fraud, money-laundering, terrorism, proliferation and other crimes
Anyone to whom we may transfer our rights and/or obligations and
Any other person or entity after a restructure or sale of Echochain Limited as long as that person or entity uses your information for the same purposes for which it was originally given to us or used by us (or both)

Where we do share your information with third parties, we will wherever possible require them to maintain appropriate security to protect your information from unauthorised access or processing.

Selling or Sharing: We do not sell your personal data to third parties or share it for purposes of cross-context behavioural advertising.

Links to external websites

Our Site contains links to external websites. Please note that when you click on one of these links, you are moving to another website. We encourage you to read the privacy statements of these linked sites as their privacy policies may differ from ours and we are not responsible for the privacy of those sites or the cookies that such third parties operate.

Security

We take the security of personal information and confidential documents extremely seriously. We comply with Data Protection Legislation and we have put in place appropriate safeguards to prevent unauthorised access or unlawful use of confidential information.

We restrict access to personal information to our employees, contractors, agents and service providers who need to know that information in order to process it for us. They are subject to strict contractual confidentiality obligations and they may be disciplined or their contract terminated if they fail to meet these obligations.

Your Rights

Under Data Protection Legislation you have various rights in respect of the personal information that we hold about you. You have the right to request access to, correct, and delete your personal data, and to ask for data portability. You may also object to our processing of your personal data or ask that we restrict the processing of your personal data in certain instances. In addition, when you consent to our processing of your personal data for a specified purpose, you may withdraw your consent at any time.

Please note that we reserve the right to retain certain information for our own record-keeping (for example, to ensure that you do not receive marketing communications that you have opted-out of receiving), where we are required to retain information to comply with legal or regulatory obligations, and to defend ourselves against any legal claims.

Right to know

You have the right to know the information provided in this Privacy Notice.

Right to access

You have the right to obtain confirmation that your personal data is processed and to obtain a copy of it as well as certain information related to its processing.

Right to rectify

You can request the rectification of your personal data which are inaccurate, and also add to it. You can also change your personal data in your account at any time.

Right to delete

You can, in some cases, have your personal data deleted. Please see the Storing your personal data section below for further detail.

Right to object

You can object, for reasons relating to your situation, to the processing of your personal data. For instance, you have the right to object where we rely on legitimate interest or where we process your data for direct marketing purposes.

Right to restrict processing

You have the right, in certain cases, to temporarily restrict the processing of your personal data by us, provided there are valid grounds for doing so. We may continue to process your personal data if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.

Right to contest to a decision based solely on automated processing

You have the right to require that decisions be reconsidered if they are made solely by automated means, without human involvement; we use automated tools to make sure that you are eligible to be our customer taking into account our interests and legal obligations; if these automated tools indicate that you do not meet our acceptance criteria, we will not onboard you as our customer. We also use profiling to target our marketing so that it is of interest and relevant to you.

Right to portability

In some cases, you can ask to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format, or, when this is possible, that we communicate your personal data on your behalf directly to another service provider.

Right to withdraw your consent

You have the right to withdraw your consent to processing requiring your consent at any time, including the right to opt-out of receiving marketing messages. Exercising this right does not affect the lawfulness of the processing based on the consent given before its withdrawal.

Right to Non-Discrimination

You have the right not to be discriminated against for exercising any of your data protection rights.

Right to lodge a complaint with the relevant data protection authority

We hope that we can satisfy any queries you may have about the way in which we process your personal data. However, if you have unresolved concerns, you also have the right to complain to the data protection authority in the location in which you live, or our location which is the Isle of Man.

Exercising your rights

You can exercise your rights by emailing [email protected] . Please provide your name, email address, country of residence, and details of your connection to us (for example, your account number), and tell us the type of request you would like to make (know, access, correct, erase, object to processing, intervention in automated decision making, portability, restrict processing, withdraw consent, opt out of marketing, non-discrimination).

If you wish to remove your information from our marketing circulation lists, which include receiving marketing emails, you can unsubscribe by scrolling to the bottom of the email and clicking the ‘unsubscribe’ link.

We will comply with your requests unless we have a lawful reason not to do so.

We may need you to provide satisfactory proof of your identity. This is to ensure that your personal data is disclosed only to you.

We will endeavour to respond to your request within one month, and will do in compliance with the applicable Data Protection Legislation.

If we deny all or part of your request, you may make an appeal to us within 30 days of our denial to [email protected] . Please provide your name, email address, country of residence, type of request, details of your request (including, where applicable, any case or reference number allocated) the reason you disagree with our decision, and what you would like us to do to resolve your appeal.

You also have the right to make a complaint to the data protection authority in the location in which you live.

Storing your personal data

We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it, or for one of the following reasons:

To enable us to comply with our legal obligations
To respond to any questions or complaints that we may receive
To show that we treated you fairly
To maintain records according to rules and regulations that apply to us
To assert or defend against legal claims
To co-operate with the courts or government authorities

For customers and those who apply to be customers, we will generally keep your data for six years from the date of termination of our services.

For other users of our Site, we will generally keep your information for 2 years.

We may keep your data for longer than six years if we cannot delete it for legal or technical reasons. We may also keep it for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes.

Information on our marketing lists is retained on an ongoing basis. After you unsubscribe or we determine to remove you from a list, it will be added to our ‘unsubscribed list’ so that we do not send you further marketing communications.

Contact us:

If you have any queries or concerns regarding the manner in which we deal with your personal information or your data privacy, please contact us using any of the forms/addresses below:

Data Protection Officer: [email protected]