Privacy

This Privacy Notice, as amended or otherwise changed from time to time (the “Privacy Notice”), explains the manner in which Changer.ae Limited (“Changer.ae”, “We”, “Us”, “Our”) collects, uses, maintains, and discloses personal information through the provision of Our services (the “Services”). With respect to the Platform, Changer.ae Limited is the Data Controller of your personal information.

Unless the context otherwise requires, all capitalized terms used but not defined herein shall have the meanings set forth in the legally binding agreement between Changer.ae and you which sets out the terms upon which We will grant you access to and rights to use Our Services (the “Agreement”).

1. Changer.ae Limited is authorised by the Abu Dhabi Global Market Financial Services Regulatory Authority as a licensed entity providing custody in relation to Virtual Assets.

2. Changer.ae’s registered address is: Al Khatem Tower, 10th Floor, Abu Dhabi Global Market Square, Al Maryah Island, Abu Dhabi, United Arab Emirates (Registration number 13101).

3. Our responsibility as Data Controller
   As Data Controller, we must ensure that the personal information we process is: (a) Processed fairly, lawfully, and securely;
   (b) for specified, explicit, and legitimate purposes in accordance with the Data Subject’s rights and not further processed in a way incompatible with those purposes or rights; and that it is
   (c) adequate, relevant, and not excessive in relation to the purposes for which they were collected or further processed;
   (d) accurate and, where necessary, kept up to date; and
   (e) kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data were collected or for which they are further processed.

4. We are also required to ensure that Personal Data that are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified.

5. Data Protection Officer (“DPO”)
   You may contact Our DPO by email at dp@changer.ae.

6. ADGM Supervisory Authority
   We are registered as a Data Controller with The Office of Data Protection for
   https://www.adgm.com/operating-in-adgm/office-of-data-protection/overview

We may update this Privacy Notice at our sole discretion. The date of the last revision of this Notice appears at the end of this page. We encourage you to periodically review this page for the latest information on our Privacy Notice and practices. Regardless of changes to our Privacy Notice, we will never use the information you submit under our current Privacy Notice in a new way without first notifying you and giving you the option to opt-out. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

3.1 We may collect, use, store, and transfer different kinds of personal information about you, which we have grouped together as follows:

• Identity data includes first name, last name, username or similar identifier, marital status, date of birth and gender, place of citizenship, country of and proof of residence, proof of ID (passport/driver’s license). Second nationality and passport, (if applicable). Face Data (Selfie) to confirm ID and Liveness videos and photos through truedepth API which are also part of our regulatory requirements during onboarding/registration.
• Contact data includes email address, telephone numbers, and residential address.
• Bank account information and/or credit card details and source of funds.
• Your status as a politically exposed person.
• Financial data includes bank details or wallet address, CRS / FATCA details, and information on annual income, net worth, virtual currency accounts, stored value accounts, amounts associated with accounts, external account details, source of funds, and related documentation.
• Investment data includes investment objectives, investment experience, and prior investments.
• Transaction data includes details about payments to and from you and other details of products and services you have purchased from us.
• Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, referring/exit pages, operating system, date/time stamp, clickstream data, and other technology on the devices you use to access the Platform.
• Profile data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
• Usage data includes information about how you use our Platform, products, and services, including the Platform. We retain information on your behalf, such as transactional data including records for trades, deposits, and withdrawals for you and the counterparty to the transaction, and other session data linked to your Account.
• Marketing and communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

3.2 We use cookies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website.

3.3 Some information is collected from third parties:

We may obtain personal information about you from other sources, including through third-party services such as sanctions screening services and other organizations to supplement information provided by you. This supplemental information allows us to verify information that you have provided to us and to enhance our ability to provide you with information about our business, products, and Services.

3.4 If you fail to provide personal information:

Where we need to collect personal information by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to close your account, but we will notify you if this is the case at the time.

4.1 In general, Personal Data you submit to us is used either to respond to requests that you make or to aid us in serving you better. In addition, you will need to give us Personal Data about yourself or other individuals in order to create and secure an Account and access our Services, and you may give us Personal Data about yourself or other individuals to help us provide you with or improve the Services you have asked us for.

4.2 We use your Personal Data in the following ways:
4.2.1 Facilitate the creation of and secure your Account.
4.2.2 Identify you and perform identity verification through a service provider.
4.2.3 Carry out and comply with anti-money laundering requirements.
4.2.4 Perform our obligations under contracts that we enter into with you or contracts that are for your benefit.
4.2.5 Allow you to use and access our products, Services, and Platform.
4.2.6 Manage, process, collect, and transfer payments, fees, and charges, and to collect and recover payments owed to us.
4.2.7 Ensure good management of our payments, fees, and charges and collection and recovery of payments owed to us.
4.2.8 Provide improved administration of our Platform and Services.
4.2.9 Improve the quality of experience when you interact with our Platform and Services.
4.2.10 Send you a welcome email to verify ownership of the email address provided when your Account was created.
4.2.11 Send you administrative email notifications, such as account activity, transaction processing, security, or support and maintenance advisories.
4.2.12 Identify, prevent, and report potentially suspicious, fraudulent, or illegal activities.
4.2.13 Notify you about important changes to the Agreement.
4.2.14 Respond to your inquiries or other requests.

4.3 Data collected automatically will be used to administer or improve our Services and for other lawful purposes.

4.4 We use IP addresses to make our Platform and Services more useful to you and to perform identity verification.

4.5 We use information from log files to analyze trends, administer the Platform, track users’ movements around the Platform, gather demographic information about our user base as a whole, and better tailor our Services to our users’ needs. Except as noted in this Privacy Notice, we do not link this automatically collected data to personal information.

4.6 We may create aggregated or de-identified records from Personal Data by excluding information (such as your name) that makes the data personally identifiable to you. We use this to analyze request and usage patterns so that we may enhance the content of our Services and improve Platform navigation. We reserve the right to use aggregated and other de-identified information for any purpose and disclose it to third parties in our sole discretion.

We may update this Privacy Notice at our sole discretion. The date of the last revision of this Notice appears at the end of this page.
We encourage you to periodically review this page for the latest information on our Privacy Notice and practices. Regardless of changes to our
Privacy Notice, we will never use the information you submit under our current Privacy Notice in a new way without first notifying you and giving you the option to opt-out. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

We may update this Privacy Notice at our sole discretion. The date of the last revision of this Notice appears at the end of this page.
We encourage you to periodically review this page for the latest information on our Privacy Notice and practices. Regardless of changes to our
Privacy Notice, we will never use the information you submit under our current Privacy Notice in a new way without first notifying you and giving you the option to opt-out. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

We may update this Privacy Notice at our sole discretion. The date of the last revision of this Notice appears at the end of this page.
We encourage you to periodically review this page for the latest information on our Privacy Notice and practices. Regardless of changes to our
Privacy Notice, we will never use the information you submit under our current Privacy Notice in a new way without first notifying you and giving you the option to opt-out. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

8.1 Where necessary we share your personal information within our affiliated group of companies, some of which are based outside the ADGM, various locations globally, personal information. 
‍
8.2 In addition, many of our external third parties are also based outside of ADGM so their processing of your personal information will involve a transfer of data outside of ADGM. 

8.3 To the extent permitted by applicable data protection law, the Personal Data that we collect from you may be transferred to, and stored at, a destination outside of the jurisdiction in which it was originally collected (“Relevant Location”). It may also be stored and processed by other companies and/or third parties in other countries, which may include destinations outside of the Relevant Location.
 
8.4 Where your Personal Data is transferred outside of the Relevant Location, we will ensure that it is protected in a manner that is consistent with how your Personal Data will be protected by us in the Relevant Location. This can be done in a number of ways, for instance:

‍
8.4.1  the country that we send the data to might be approved by the data protection authority in the Relevant Location as offering an adequate level of protection for your Personal Data; or

8.4.2  the recipient might have signed up to a contract based on “model contractual clauses” approved by the data protection authority in the Relevant Location, obliging them to protect your Personal Data.
‍
 
8.5  In other circumstances the law may permit us to otherwise transfer your Personal Data outside the Relevant Location. In all cases, however, we will ensure that any transfer of your Personal Data is compliant with data protection law.

8.6  You can obtain more details about the protection given to your Personal Data when it is transferred outside the Relevant Jurisdiction by contacting us via Our DPO dp@changer.ae or Our support team support@changer.ae.

You can update your information by contacting Us via Our DPO dp@changer.ae or Our support team support@changer.ae and making a request.

10.1    We retain Personal Data for as long We need it for the purposes set out in this Privacy Notice. This period will vary depending on the nature of the information and your interactions with Our Platform and Our Services. We will retain your information for as long as your Account has not been closed or as needed to provide you access to your Account. 
10.2  If you unsubscribe from Our marketing communications, We will keep a record of your email address to ensure We do not send you marketing emails in future. 
10.3  Once your Account has been closed We will retain and use your information as necessary to comply with Our legal obligations, resolve disputes, and enforce the Agreement. For example, We keep a record of transactions on Our Platform for up to seven years, to protect Us from legal claims, and We will retain information associated with your Account for up to 7 seven years after it has been closed unless there are other legal needs to retain it.

11.1  We collect web browser Information in order to enhance your experience on Our Platform and track how the Services are being used. Cookies are small data files that are stored on your computer’s hard drive, and in addition to using cookies to provide you with a better user experience, We use cookies to identify and prevent fraudulent activity. The information collected can include, but is not limited to, your IP address, referral URLs, the type of device you use, your operating system, the type of browser you use, geographic location, and other session data. Cookies are not permanent and will expire after a short time period of inactivity. You may opt to deactivate your cookies, but it is important to note that you may not be able to access or use some features of Our Platform. Please note that We are not responsible or can be held liable for any loss resulting from your decision or inability to use such features. 
‍
11.2  We may also use third party service providers to collect information regarding visit, or behaviour and visitor demographics on Our Services.
 
11.3  Our Services may include public blockchain technology, publicly accessible blogs, forums, social media pages, and private messaging features. As such information will be public, the Personal Data provided by you may be viewed and used by third parties for any number of purposes. In addition, social media buttons such as Twitter (that might include widgets such as the “share this” button or other interactive mini-programs) may be on Our Platform. These features may collect your IP address, which page you are visiting on Our Platform, and may set a cookie to enable the feature to function properly. These social media features are either hosted by a third party or hosted directly on Our Platform. Your interactions with these features apart from your visit to Our Platform are governed by the privacy policy of the company providing it.
  
11.4  We may use third party application program interfaces (APIs) and software development kits (SDKs) as part of the functionality of Our Services. APIs and SDKs may allow third parties including analytics and advertising partners to collect your Personal Data for various purposes including to provide analytics services and content that is more relevant to you. For more information about Our use of APIs and SDKs, please contact Us. 
11.5  Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. At this time, We do not respond to DNT signals.

12.1 We take the protection of your Personal Data seriously, and We apply appropriate physical, technological and organisational safeguards and security measures. We use industry-standard data encryption technology and have implemented restrictions related to the storage of and the ability to access your Personal Data. Our servers and business operations are entirely located in ADGM.
12.2 Where Processing is carried out by any Third Party on our behalf, We require from that Third Party sufficient guarantees in respect of the technical security measures and organisational measures governing the Processing to be carried out, and We ensure compliance with those measures.
12.3 Please note that no transmission over the Internet or method of electronic storage can be guaranteed to be 100% secure.

13.1 Depending on your country, you may have rights under applicable data protection law in relation to your personal information. The various rights are not absolute, and each is subject to certain exceptions or qualifications. We will grant your request only to the extent that it follows from our assessment of your request that we are allowed and required to do so under applicable data protection laws. Nothing in this privacy policy is intended to provide you with rights beyond or in addition to your rights as a data subject under applicable Data Protection Law. Personal information. These rights may include: 
‍
13.1.1  the right to obtain information regarding the Processing of your Personal Data and access to the Personal Data which we hold about you; 
‍
13.1.2  the right to withdraw your consent to the Processing of your Personal Data at any time. Please note, however, that we may still be entitled to Process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation;

1.3.1.3  in some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to Personal Data which you have provided directly to us; 

1.3.1.4 the right to request that we rectify your Personal Data if it is inaccurate or incomplete; 

1.3.1.5 the right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data, but we are legally entitled to retain it; 

1.3.1.6  the right to object to, or request that we restrict, our Processing of your Personal Data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our Processing of your Personal Data but we are legally entitled to refuse that request; and

1.3.1.7  the right to object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you; and/or

1.3.1.8  the right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.

13.2 Where applicable, you can exercise your rights by contacting us using the details listed in section 17 below.

We may need to request specific information from you to help Us confirm your identity and ensure your rights to access your Personal Data (or to exercise any of your other rights).This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up Our response.

We try to respond to all legitimate requests within one month. Occasionally it may take Us longer than a month if your request is particularly complex or you have made a number of requests. In this case, We will notify you and keep you updated.

We do not knowingly solicit or collect information from anyone under 18. If We become aware that a person under the age of 18 has provided Us with Personal Data, We will delete it immediately.

17.1  Any questions about this Privacy Policy, the collection, use and disclosure of Personal Data by Us or access to your Personal Data as required by law (to be disclosed should be directed to dp@changer.ae. 
17.2  In the event that you wish to make a complaint about how we Process your Personal Data, please contact us in the first instance at support@changer.ae and we will attempt to handle your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the country in which you live or work where you think we have violated Data Protection Law.