Privacy notice

Last update: 18.01.2024

Introduction

The Privacy notice together with Rocken Terms and Conditions describes how we collect, process, use and disclose your personal data which you provide to us while using the Website www.rocken.com. When you register with Rocken, log in, make Payments using your Wallet, contact Customer Care, fill out any forms on the Website, or submit any data through the ticket system, we will collect, use and store your data in the same way as described in this Privacy notice.

Details of the Data Controller and the Data Protection Officer

The Data Controller is the company that determines the purpose and means of personal data processing.

The listed below companies may act as independent or joint Data Controllers depending on the Services provided to the Customer:

Payean Finance Inc., company number BC1333355, 1631 Dickson Avenue, Office 1113, Kelowna, British Columbia, Canada, V1Y0B.

PAYEAN, UAB, registration number 306061130, Gedimino, 44A-201, Vilnius, Lithuania.

You may contact our Data Protection Officer by e-mail [email protected].

What is personal data?

Personal data is considered as any information relating to an identified or identifiable natural person (data subject), directly or indirectly, by reference to an identifier, such as a name, an identification number, location data or an online identifier. In other words, personal data is any information about you that enables your identification.

The way we collect and use personal data is described in this Privacy notice.

Personal data we collect and process

We obtain certain personal data from you directly:

A. Information that you provide when you sign up
  • Name, surname;
  • Email, hashed password;
  • Occupation.
B. When you verify your account
  • Mobile phone number;
  • Identity document photo/scan and data, such as document type, issuing country, number, expiry date, MRZ, information embedded into document barcodes (may vary depending on the document), security features;
  • Facial image data, such as photos of the face (including selfie images) and photo or scan of the face on the identification document, videos, sound recordings;
  • Biometrical data such as facial features.
C. Address verification:
  • Copy of proof of address document (utility bill, bank statement, etc.);
  • Your device geolocation (based on your consent).
D. When we inquire about your transactions to prevent fraud and misuse of your account
  • Information required to prove the source of funds (for example, bank statements, verbal explanations, screenshots);
  • Information needed to indicate the purpose and economic sense of the challenged transaction;
  • The information you fill out on the questionnaire to show that you are doing this of your own free will and that you understand what you are doing.
E. When you communicate with us
  • Your contact email;
  • Content of your communication, messages and files you attach to your messages;
  • Unique ticket system identifier;
  • Technical data related to your messages (including date, time zone, environment, etc.).
F. Transaction information
  • Details of your Wallets, unique identifier in System;
  • Payments performed within your account (date, time, amount, currencies, participants associated with the transaction, messages sent and received with the payment, merchant information, payment methods used, technical usage data, and geolocation information);
  • Bank card details that you may connect to your Rocken account, such as cardholder name, expiry date, first 6 and last 4 digits of the card number.
G. Information from your device
  • The name of your internet service provider (IP address), environment, log-in information, browser type and settings, time zone, the operating system, the type of device you use, a unique device identifier, screen size, mobile network information, mobile operating system and type of mobile browser you are using, date, time and length of your visit.

We could receive your personal data from the third parties:

  • Information we may receive from affiliated companies;
  • Information from payment systems (Visa, Mastercard, UnionPay), payment service providers;
  • Information received from the card schemes, card program managers;
  • Information from public authorities and law enforcement agencies;
  • Information received via public sources (for example, company registers and enhanced due diligence services).

We only process your personal data where a lawful basis exists. We may rely on the following:

  • Performance of a contract we enter with you;
  • Our legal obligation;
  • Our legitimate interests, taking into consideration your rights, interests, and expectations;
  • Your consent.

A) Performance of a contract we enter with you

We process your personal data to provide you with the Services based on the Terms and Conditions that you accept when you register in the System.

We collect your data to set up and administer your Rocken account.

Furthermore, we also process your data to ensure secure access to your Rocken account when we send you a one-time password or other access codes.

We use your data to process transactions you make with your Rocken account, such as transferring funds, making Payments, adding money to a Wallet, or withdrawing funds.

We may send you important information about the system, login confirmation, suspicious authorization attempts and completed transactions notifications, as well as provide technical and customer support.

We process personal data to assist you in resolving issues related to the use of Rocken, when you contact customer support via ticket, email, or phone.

B) Our legal obligation

We process your personal data to comply with our legal obligations, in particular the requirements of anti-money laundering and terrorist financing legislation, to verify and confirm your identity as part of the KYC procedure.

We may use your data to assist any law enforcement authority with their investigation or disclose data required by a court order as we may be obliged to by law.

C) Our legitimate interests

We may use anonymized and aggregated data to analyse user behavior and how customers use Services, and evaluate the quality and convenience of our product, site operation and functionality.

Likewise, we may also use your data to notify you about changes to our policies or new features of Rocken.

We take a risk-based approach to assess both the profile of users and the transactions they make, as well as to detect and prevent fraudulent and other illegal activities. We collect, use, and store personal data for these purposes.

When you contact the Customer Care, we keep a record of the conversation. We do this to improve the quality of Services, protect our interests in case of disputes, evaluate the quality of the work of the Customer Care team staff, and train them.

D) Your consent

You may opt in to receive emails about Services, and allow us to measure the performance of marketing emails and analyse product use. You may withdraw your consent at any time.

To verify your account, we ask you to go through the liveness test to make sure that you are a living person and the documents submitted really belong to you. To achieve this, you will need to turn on the camera and turn your head so that the neural network can analyse the individual features of your face. Such analysis constitutes the processing of a special category of personal data, and can only be carried out based on your consent. The data collection and processing is carried out by a third party, acting as a data processor on our behalf. You can read more about this in the “Disclosure of personal data to third parties” section.

Automated decision-making

We use an automated risk assessment system to analyse the risk profile of the users and ongoing transactions to prevent illegal and fraudulent activities. Also, your personal data shall be processed by means of automated reading, verification of the authenticity and other automated processing of photos and scanned copies of documents and with further check against the data in multiple databases, including inter alia International politically exposed persons (PEPs) and Sanctions, Country Specific Sanctions Lists, Criminal Lists and Financial Lists. However, any significant decisions that may impact you will be taken by our employees based on a manual review.

Cookies

We use cookies on our website. You may read about it in our Cookies Policy.

How we keep your data secure

We are committed to make sure that your personal data is protected. We take a variety of security and organizational measures to ensure the safety of your data when you enter it on the site or otherwise provide it to us.

Furthermore, we use data encryption techniques and authentication procedures to prevent unauthorized access to our system and your data. Only authorized employees are granted physical access to the premises where data is processed and stored. The premises are being watched.

All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology. Card payment information encryption is compliant with PCI DSS.

We authorize access to your personal data only for those employees who need it based on their job requirements (for example, customer support staff). All employees who access personal data are bound by a non-disclosure agreement. We implement continual training for our employees in regard to ensuring the security and confidentiality of personal data.

We continuously improve our security procedures to comply with the best industry standards and maintain a high level of personal data protection.

Your personal data shall be processed only on the servers physically located within the European Union. Personal information of the Canadians shall be stored in Canada.

We recommend you also adhere to some simple rules that will help ensure your safety. Never use the same password for multiple accounts on different sites and always use a strong password with mixed case letters, numbers, and symbols. Do not tell anyone your Wallet password. Please remember that our employees never ask for user passwords. If someone pretending to be an Rocken employee asks you for your password or other login information, do not give it to them and notify us immediately by email to [email protected].

How long we keep your data

Your personal data will be retained as long as necessary for the specific purpose for which it was collected.

The data we collect for AML compliance and anti-fraud purposes will be kept for 8 years after you close the account in accordance with the laws of Lithuania. All data will be deleted when the statutory retention period is over and the purposes of using the collected information are achieved.

Disclosure of personal data to third parties

To provide Services, we may need to share your information with third parties, such as:

To whom we may share your data? Why do we share it? Third-party name

Financial and banking institutions, such as bank card issuers and bank card acquirers, payment networks (Visa, Mastercard, and UnionPay).

To perform payment transactions, you may initiate using our network and your bank card or bank account. Depending on the type of payment chosen by the customer, payer or buyer, we will share the information with the financial institutions that validate and process each means of payment for corresponding approval, validation, and settlement.

May vary depending on the payment method, region and requested service.

Third-party analytics providers.

To collect metrics and information of how you use our website («Usage Data»), to develop new features, improve existing features or inform sales and marketing strategies, based on our legitimate interest to improve Rocken. When we process Usage Data, any personal data is anonymized. Our website uses Google Analytics and Yandex.Metrika web analytics service. They set cookies and other tracking technologies (GTM pixels) to measure performance and collect metrics. On this website, IP anonymization is enabled. You may find more information about the cookies we use in our

Cookies Policy.

Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google"). For more information, you may read Google Privacy policy. Intertech Services AG- Werftestrasse 4, 6005 Luzern, Switzerland ("Yandex"). For more information, you may read Yandex Privacy policy. PostHog Inc, 2261 Market Street #4008, San Francisco, CA 94114 (PostHog). For more information you may read PostHog Privacy Policy.

Third-party ticket-system providers.

To facilitate our customer support service, and group the related requests sent by one user to the support service. They do not have access to the content of your emails, and they are contractually bound to protect and use your information on our behalf for the purposes it was disclosed.

Zendesk International Ltd., 55 Charlemont Place, Saint Kevin’s, Dublin, D02 F985 Ireland (“Zendesk”) - a ticket system provider. When you contact Rocken support via the ticket system, a unique identifier is assigned to you and an account with Zendesk is created. For more information, you may read Zendesk Privacy policy.

AML analytics and KYC service providers.

We use external service providers to comply with the high AML legislation standards and to prevent abuse of Services.

Crystal Blockchain B.V., Strawinskylaan 3051, 1077ZX Amsterdam, the Netherlands ("Crystal") - a cryptocurrency transaction analysis and monitoring provider. For more information, you may read Crystal Privacy policy. Sum and Substance Ltd, 30 St. Mary Axe, London, England, EC3A 8BF ("Sum&Substance") - a verification and KYC service provider. For more information, you may read Sumsub Privacy notice.

Email delivery service providers and online-based survey service providers.

We may inform you about new products and available options in Rocken that you may be interested in. The basis for such processing is your consent. You can withdraw it at any time in the settings in your personal account, or by clicking on the “unsubscribe” button in the received email. We constantly strive to improve our service, so you can share your experience with Rocken by completing an online survey.

ECOMZ HOLDING LIMITED, 6B Georgiou Karyou, office 6B, Dasoupoli, Strovolos, Nicosia, Cyprus ("Unisender") - a marketing email delivery service provider. Unisender may apply technologies allowing us to track when you receive and open emails sent by us. You may opt out from receiving emails by clicking unsubscribe button in the email. For more information, you may read Unisender Privacy notice. Motaev Marx Motaev GbR (MMM GbR), Vahrenwalder Str. 253, 30179 Hanover, Germany ("Questionstar") - a service used by Rocken to create online questionnaires and carry out web-based online surveys. For more information, you may read QuestionStar Privacy policy.

Other business partners, suppliers and affiliated companies (including but not limited to IT suppliers, delivery services, etc.).

For the purposes of the performance of the contract concluded with them in your interests.

Determined on a case by case basis and may vary depending on your region.

To third parties such as courts, law enforcement or governmental authorities, or authorized third parties as required and permitted by law if such disclosure is reasonably necessary.

We may disclose your information to comply with our legal obligations, to respond to requests relating to a criminal investigation, alleged or suspected illegal activities, or any other activities that may expose us or other users to legal liabilities, to enforce our site policies or to protect our or others’ rights, property or safety.

Determined on case-by-case basis.

Certain partners and service providers may change. This section shall be updated in a timely manner if such update is possible and reasonable.

Cross border transfer of data

Some of our partners and employees may be located outside Canada and the European Economic Area (EEA), so we may transfer data to the third countries. Such a transfer may only take place if appropriate guarantees are in place to ensure an adequate level of protection of the rights of the personal data subjects. Our partners and providers are required to provide an adequate level of data protection in accordance with the terms of the contract we enter into with them.

Our website may contain external links to third-party resources, such as the services of our partners. We can't control how the third parties use your information for their purposes, so please review the Privacy Policies of these websites.

Your rights

You have the right to exercise control over the way in which your personal data is processed:

Right to be informed. You are entitled to know how and why we process personal data. Therefore, we publish this Privacy notice and are always ready to answer any of your questions.

Right of access. You can ask us to confirm whether we are processing your personal data. You can ask for detailed information about how we collect, process, use, store and share your data.

Right to rectification. We strive to maintain the integrity of the data we store and keep it up to date. Therefore, you can always ask us to clarify and correct outdated or inaccurate information.

Right to erasure». You may request to delete your personal data. You may file a request by creating a ticket in a Help area or by sending an e-mail to [email protected]. Bear in mind that as a regulated entity, we are required by law to store some of your personal data, so we can’t remove all of your info from the system. The right to erasure will not apply to such processing. But we’ll delete information that’s no longer needed.

Restrict and object to processing. You may restrict or object to the processing of your personal data.

Right to data portability. You can ask us to transfer your data to another entity providing similar services, if it is technically possible to do so and unless it is not restricted by law. The data will be transmitted in a structured, commonly used and machine-readable format.

Right to withdraw consent. Where the processing is based on your consent, you may withdraw it at any time by changing your account settings or by sending an e-mail to [email protected]. You can opt out of receiving materials from us electronically by clicking the «unsubscribe» link in e-mails.

Right to complain. You may lodge a complaint if you feel like your rights have been violated. Please refer to Section 13 for further details.

We will reply to your request within 30 days once we receive it. If we expect that responding to you would take longer, we will let you know.

You may exercise your rights described above by sending an e-mail to [email protected]. Before we provide you with any confidential information, we must ensure that you are indeed the person you claim to be. For example, we will ask you to send a request from the mail associated with your Rocken account, or in rare cases to pass SumSub verification.

However, if the requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee considering the administrative costs of providing the information or communication or taking the action requested.

Kindly note that there may be legal reasons when we will not be able to fulfil your request.

Filing a complaint

If you believe that your rights have been violated, you may file a complaint to the Office of the Privacy Commissioner of Canada or State Data Protection Inspectorate. You may also file a complaint with the supervisory authority in your country of residence, place of work or place of the alleged violation. If you are in the EU, you can find the relevant supervisory authority on the European Data Protection Board website.

Changes to our Privacy notice

We may update our Privacy notice from time to time. In case of significant changes, we may notify you of them by e-mail.

Contact

You are welcome to send your questions and comments regarding our Privacy notice to our Data protection officer at [email protected].