TwitterMediumTwitter

Privacy Policy

Posted on and updated on

This Privacy Policy sets out the basis on which we protect the privacy of your communications and collect, process, use and store your Personal Data through your interaction with HOLD Platform Limited (HOLD/we/us/our). Please read it carefully, along with our Cookie Policy and Terms and Conditions.

If you have any questions, please contact us at support@hold.io.

About HOLD

HOLD is bound by the General Data Protection Regulation (Regulation EU 2016/679) and the Maltese Data Protection Act (Chapter 586 of the Laws of Malta). We protect your personal information and respect your privacy in accordance with best business practices and applicable laws at all times.

For the purposes of the Data Protection Regulation, the data controller is Hold Platform Limited of Level G, (Office 1/1005) Quantum House, 75 Abate Rigord Street, Ta' Xbiex, Malta with company registration number C85377.

Proposition

HOLD allows you to manage your funds of both state issued currencies (‘fiat currencies’) and digital assets (‘crypto currencies’). And allows you to spend your funds online and in-store with the HOLD card. This functionality is made available through the HOLD Mobile App (‘HOLD App/app’), once you have a user account.

HOLD also offers a website (the ‘Website’) at https://hold.io/ and https://hold.io/. The Website provides additional information about HOLD and our products and will enable its visitors to either subscribe to email updates about the new Mobile App (prior to launch) or download the new Mobile App (post launch).

Collected data

Only necessary data for our data usage is collected, which is:

Data usage and processing

Personal Data is processed by us pursuant to Article 6(1)(b) of the GDPR (‘Performance of Contract’) for the following purposes:

We may process Personal Data only with your lawful consent for the following purposes:

You have the right to withdraw your consent at any time by writing to support@hold.io. Withdrawal of your consent does not affect the lawfulness of the treatment of your data prior to its revocation. Your consent is also revoked in the same manner as provided.

Data Sharing

We share your personal data with third party service providers who are entrusted to perform certain data processing activities on our behalf. Whenever we engage our service providers, we do our utmost to ensure that these process your data in compliance with all data protection laws, and in a secure and confidential manner, following the best business practice standards.

We currently use the following service providers:

MailChimp

We use MailChimp to manage our marketing communications. Once you sign up for updates, they will hold your email address for this stated purpose alone.

Their privacy policy is available here.

SendGrid

We use SendGrid to send transactional and marketing emails. Once you sign up in our platform, they will hold your email address for this stated purpose alone.

Their privacy policy is available here.

Google Firebase

We use Google Firebase to send transactional and marketing push notifications. Once you interact with our apps, they will hold your device data for this stated purpose alone.

Their privacy policy is available here.

SurveyMonkey

We use SurveyMonkey to build our user surveys. Once you answer one of our surveys, they will hold your email address and your replies for this stated purpose alone.

Their privacy policy is available here.

Onfido

We use Onfido services to perform the required identity verification. Once you proceed with an identity verification process, Onfido will hold the shared documents and information for this stated purpose alone.

Their privacy policy is available here.

Segment

We use Segments services to capture user behaviour across the HOLD Website and Mobile App in order that HOLD can provide a better customer experience. This user behaviour data is then access via Mixpanel and other tools to analyse the data. Once you use the Website and Mobile App, Segment will track your usage for this stated purpose alone.

Their privacy policy is available here.

Mixpanel

We use Mixpanel services to analyse and manage users in order to improve the user experience. Once you use the Website or Mobile App, Mixpanel will receive your user behaviour data for this stated purpose alone.

Their privacy policy is available here.

IBAN.com

We use IBAN.com services to validate the IBANs users provide. Once you provide an IBAN in the Mobile App for a fiat withdrawal, IBAN.com may hold it for improvement of validations purposes.

Their privacy policy is available here.

Chainalysis

We use Chainalysis services to perform anti-money laundering and risk screening on cryptocurrency wallet addresses users provide. This screening occurs on both receiving wallet addresses and destination wallet addresses. Chainalysis stores this information and checks to see if there was any suspicious activity related to any funds that were transacted into the specified wallet address, contributing to the risk level assessment.

Their privacy policy is available here.

Contis

We use Contis’ services to provide VISA Debit cards to HOLD’s customers. This includes all card related features. Once you order a HOLD card, Contis will store the information required to issue a VISA card, namely your date of birth, your full name, your resident address and your identity verification results. Once you use your HOLD card, for top-ups, payments or ATM withdrawals, Contis will also store the information required, namely the date and time, amount and currency, merchant and location.

Their privacy policy is available here.

Intercom

We use Intercom to deliver customer support via email and in-app chat. When contacting HOLD via email or via in-app chat these messages feed into Inbox which has access to additional account level information to allow HOLD’s Customer Support team to provide you with the best experience possible. This account level information will include your email address, name and aggregated account activity information.

Their privacy policy is available here.

In addition to the circumstances described above, we may disclose your financial or personal information if required to do so by law, court order, as requested by other government or law enforcement authority, or when we have reason to believe that disclosing the information is necessary to identify, contact or bring legal action against someone who may be causing interference with our rights or properties, whether intentionally or otherwise, or when anyone else could be harmed by such activities.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions, and are subject to a duty of confidentiality.

While we take data protection precautions, no security measures are completely secure, and we cannot fully guarantee the security of user information.

Data Storage

All data we directly store is located on our secure servers located within the European Union.

Nevertheless, it may be transferred to, and stored at a destination outside the European Economic Area (EEA), if our service providers are based in countries which do not form part of the EEA. It may also be processed by employees located outside the EEA who work for us or for one of our suppliers.

All our non-EEA service providers’ servers are located in countries with sufficient personal data protection adequacy, as listed here.

Data Retention

We keep your Personal Data for as long as necessary for the relevant purposes of their processing, in alignment with the ‘Data Minimisation and Storage Limitation’ principles as defined in Article 5 of the GDPR.

We may retain your Personal Data for as long as your user account is active.

We may retain your Personal Data after the expiration of their relevant processing purposes in the following limited cases:

After the period of retention, your Personal Data is erased from our databases and systems in accordance with our Privacy Policy and provided that their retention is no longer required for the fulfillment of the purposes we have described above.

For more information about data retention terms in relation to specific Personal Data, please contact us at support@hold.io.

Your Rights

You are entitled to the following rights and remedies:

Please contact us at support@hold.io if you wish to exercise any of these rights.

Complaints

If your rights are infringed, it is your right to file a complaint with the Office of the Information and Data Protection Commissioner at the following website https://idpc.org.mt/en/Pages/contact/complaints.aspx (the ‘Supervisory Authority’).

We would appreciate the chance to deal with any concerns you may have before you approach a Supervisory Authority. Kindly contact us at support@hold.io with any concerns you may have, and we will do our utmost to address your concerns in a satisfactory manner.

We will respond to any of your requests within one (1) month from their receipt. Upon prior notice, this period may be extended by a further two (2) months if necessary, taking into account the complexity of the request and the number of any other pending requests. In case of rejection of your request, we will provide relevant justification.

If your request does not meet the requirements of applicable law, HOLD reserves the right either to: (a) impose a reasonable fee, taking into account the administrative costs of providing the information or communicating or executing the requested action, or (b) reject your request.

In the event of any violation of your Personal Data, which may place your rights and freedoms at a high risk, and provided that it does not fall under one of the exceptions expressly provided for by applicable law, we undertake to inform you without undue delay.

If there are any doubts as to the identity of the individual submitting the request, we reserve the right to request the provision of additional information necessary to confirm your identity.

Changes to the present Privacy Policy

This privacy policy may be amended over time, and changes made to it shall become effective promptly after being announced. The regular review of this Privacy Policy shall ensure that you will always be aware of the type of information we collect, how and for what purpose it is used by us, and under what circumstances (if any) we shall share it with other parties.

Print this page