Privacy Policy

Posted on March 16, 2018 and updated on January 27, 2020.

This Privacy Policy sets out the basis on which we protect the privacy of your communications and collect, process, use and store your Personal Data through your interaction with HOLD Platform Limited (HOLD/we/us/our). Please read it carefully, along with our Cookie Policy and Terms and Conditions.

If you have any questions, please contact us at support@hold.io.

About HOLD

HOLD is bound by the General Data Protection Regulation (Regulation EU 2016/679) and the Maltese Data Protection Act (Chapter 586 of the Laws of Malta). We protect your personal information and respect your privacy in accordance with best business practices and applicable laws at all times.

For the purposes of the Data Protection Regulation, the data controller is Hold Platform Limited of Level G, (Office 1/1005) Quantum House, 75 Abate Rigord Street, Ta' Xbiex, Malta with company registration number C85377.

Proposition

HOLD allows you to manage your funds of both state issued currencies (‘fiat currencies’) and digital assets (‘crypto currencies’). And allows you to spend your funds online and in-store with the HOLD card. This functionality is made available through the HOLD Mobile App (‘HOLD App/app’), once you have a user account.

HOLD also offers a website (the ‘Website’) at https://hold.io/ and https://hold.io/. The Website provides additional information about HOLD and our products and will enable its visitors to either subscribe to email updates about the new Mobile App (prior to launch) or download the new Mobile App (post launch).

Collected data

Only necessary data for our data usage is collected, which is:

• Data you provide us with – name; date of birth; place of birth; phone number; source of wealth; occupation; source of funds; reason for acquiring; selling and investing in cryptocurrencies; political exposure; nationality; country of residence; resident address; proof of your identification; proof of your residence; email address; bank details; cryptocurrency wallet addresses;
• Data we collect when you use the Website and the Mobile App – your device IDs, your IP address, geographical location, information about your visit and how you interact with us;
• Data we receive from third parties – We may process additional personal data on you, which we receive from our partner service providers, such as advertising networks, search engine providers, analytics and social networking sites, in order to help us understand visitor behaviour patterns, which we use to help us improve our services and platforms;
• Any other personally identifiable information directly provided by you during interaction with our social media channels.

(the ’Personal Data’)

Data usage and processing

Personal Data is processed by us pursuant to Article 6(1)(b) of the GDPR (‘Performance of Contract’) for the following purposes:

• Administration and development of the Website and the Mobile App;
• Enhancement of user experience, including the provision of personalized services available on the Website and the Mobile App and improvement of the Website and Mobile App;
• Development of new products, utilities and offerings;
• Detection, investigation and prevention of fraudulent transactions and other illegal activities and protection of your rights and rights of HOLD;
• Collection, processing and performing statistical and other research and analysis of information for enhancement of the Website and Mobile App;
• Verifying compliance with the Terms and Conditions of the Website and the Mobile App.

We may process Personal Data only with your lawful consent for the following purposes:

• Commercial communication, marketing and advertising of our services or third-party services via SMS, telephone, email, internet, fax, mail, social media and/or any other appropriate communication channels;
• Personalised market research and/or analysis purposes to better understand your needs, preferences, interests, experiences and/or habits as a consumer.

You have the right to withdraw your consent at any time by writing to support@hold.io. Withdrawal of your consent does not affect the lawfulness of the treatment of your data prior to its revocation. Your consent is also revoked in the same manner as provided.

Data sharing with partners

We may share your personal data with our partners, in order to provide you with certain services. Our partners are entrusted to perform certain data processing activities on our behalf. Whenever we engage with them, we do our utmost to ensure that they process your data in compliance with all data protection laws, and in a secure and confidential manner, following the best business practice standards.

We currently share data with the following partners:

To perform identity verification

We use a partner to verify the validity of your ID picture and selfie video. Once you proceed with an identity verification process, they will hold the shared documents and information for this stated purpose alone.

• Onfido - Their privacy policy is available here.

To provide VISA Debit cards

We use a partner to provide VISA Debit cards. This includes all card related features. Once you order a HOLD card, they will hold the information required to issue a VISA card, namely your date of birth, your full name, your resident address and your identity verification results. Once you use your HOLD card for top-ups, payments or ATM withdrawals, they will also hold the information required, namely the date and time, amount and currency, merchant and location.

• Contis - Their privacy policy is available here.

To protect against fraud

We use partners to validate and perform suspicious activity screenings on external wallet addresses and bank accounts. Once you transact with them, they will hold them for this purpose alone.

• Chainalysis - Their privacy policy is available here.
• IBAN.com - Their privacy policy is available here.

To send notifications

We use customer communication partners to send transactional and marketing emails or push notifications. Once you sign up on our platform, they will hold your email address or your device data for this stated purpose alone.

• ActiveCampaign - Their privacy policy is available here.
• Google Firebase - Their privacy policy is available here.
• SendGrid - Their privacy policy is available here.

To provide customer support

We use a partner to deliver customer support via email and in-app chat. Once you contact HOLD via email or via in-app chat, they will hold the messages exchange for this purpose alone. They also have access to additional account level information to allow HOLD’s Customer Support team to provide you with the best possible experience. This account level information will include your email address, name and aggregated account activity information.

• Intercom - Their privacy policy is available here.

To improve our services

We use product and user behaviour analytics partners to make sure the functionality and content from our Website and Mobile App is presented in the most effective way. Once you interact with our Website or Mobile App, they will hold your usage data for this stated purpose alone.

• Google Analytics - Their privacy policy is available here.
• Mixpanel - Their privacy policy is available here.
• Segment - Their privacy policy is available here.

To advertise our services

We use social media partners to advertise HOLD. Once you sign up on HOLD, they will hold your profile data to send (or not send) our adverts to you and people who have a similar profile to you (depending if the service being advertised is already in use or not).

• Facebook - Their privacy policy is available here.
• Twitter - Their privacy policy is available here.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions, and are subject to a duty of confidentiality.

While we take data protection precautions, no security measures are completely secure, and we cannot fully guarantee the security of user information.

Data storage

All data we directly store is located on our secure servers located within the European Union.

Nevertheless, it may be transferred to, and stored at a destination outside the European Economic Area (EEA), if our service providers are based in countries which do not form part of the EEA. It may also be processed by employees located outside the EEA who work for us or for one of our suppliers.

All our non-EEA service providers’ servers are located in countries with sufficient personal data protection adequacy, as listed here.

Data retention

We keep your Personal Data for as long as necessary for the relevant purposes of their processing, in alignment with the ‘Data Minimisation and Storage Limitation’ principles as defined in Article 5 of the GDPR.

We may retain your Personal Data for as long as your user account is active.

We may retain your Personal Data after the expiration of their relevant processing purposes in the following limited cases:

• In case that there is a legal obligation under a relevant statutory provision.
• For research or statistical purposes or for the proper organisation and operation of our business provided that anonymity or pseudonymization of your data takes place.
• In case of any claims against HOLD, for as long as necessary to defend our rights and legitimate interests before any competent court and any other public authority.

After the period of retention, your Personal Data is erased from our databases and systems in accordance with our Privacy Policy and provided that their retention is no longer required for the fulfillment of the purposes we have described above.

For more information about data retention terms in relation to specific Personal Data, please contact us at support@hold.io.

Your rights

You are entitled to the following rights and remedies:

• Access the data we hold about you and to get a copy of it;
• Rectify any data that is not accurate or not up-to-date;
• Ask us to erase your data (although for legal reasons we might not always be able to do it);
• Restrict us from processing your data, when you don’t want us to use it but it is still needed for legal reasons;
• Object to us using your data for direct marketing and in certain circumstances ‘legitimate interests’, research and statistical reasons;
• Transfer your personal data to you or another third party;
• Withdraw any consent you’ve previously given us on marketing and promotional material (although it will not affect the lawfulness of any processing carried out before you withdraw your consent).
• To object to the processing of your Personal Data in cases explicitly provided for by law.
• To object to a decision taken solely on the basis of automated processing, including profiling, which has an impact on you or significantly affects you.

Please contact us at support@hold.io if you wish to exercise any of these rights.

Complaints

If your rights are infringed, it is your right to file a complaint with the Office of the Information and Data Protection Commissioner at the following website https://idpc.org.mt/en/Pages/contact/complaints.aspx (the ‘Supervisory Authority’).

We would appreciate the chance to deal with any concerns you may have before you approach a Supervisory Authority. Kindly contact us at support@hold.io with any concerns you may have, and we will do our utmost to address your concerns in a satisfactory manner.

We will respond to any of your requests within one (1) month from their receipt. Upon prior notice, this period may be extended by a further two (2) months if necessary, taking into account the complexity of the request and the number of any other pending requests. In case of rejection of your request, we will provide relevant justification.

If your request does not meet the requirements of applicable law, HOLD reserves the right either to: (a) impose a reasonable fee, taking into account the administrative costs of providing the information or communicating or executing the requested action, or (b) reject your request.

In the event of any violation of your Personal Data, which may place your rights and freedoms at a high risk, and provided that it does not fall under one of the exceptions expressly provided for by applicable law, we undertake to inform you without undue delay.

If there are any doubts as to the identity of the individual submitting the request, we reserve the right to request the provision of additional information necessary to confirm your identity.

Changes to the present Privacy Policy

This privacy policy may be amended over time, and changes made to it shall become effective promptly after being announced. The regular review of this Privacy Policy shall ensure that you will always be aware of the type of information we collect, how and for what purpose it is used by us, and under what circumstances (if any) we shall share it with other parties.