Privacy Policy
Privacy Policy – Leverix
v1.0 effective as of 01.05.2023.
1 § Glossary of terms.
The terms used in the Privacy Policy mean:
- Controller – The controller of personal data in accordance with the RODO, which is Leverix;
- Data Processor – SumSub
- SumSub – Sum and Substance Ltd with registered office at 30 St. Mary Axe, London, England, EC3A 8BF, Company Registration Number: 09688671, Data Protection Registration Number: ZA222205;
- Leverix – Leverix Digital Finance UAB with its registered office at Eišiškių Sodų 18-oji g. 11, LT-02194 Vilnius, registered under Company ID 306068819;
- Personal Data – personal data of Users within the meaning of the RODO provided in connection with the use of the Service;
- Processing of personal data – any operation performed on personal data within the meaning of the RODO;
- RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (OJ EU 2016 item L119);
- Services – provided by Leverix, provided electronically, and consisting of the provision of payment services in the capacity of a small payment institution, and within the scope of which payment services may be provided within the meaning of Article 3 of the Payment Services Act of 19 August 2011 (Journal of Laws of 2011, No. 199, item 1175, as amended), all for the purpose of enabling the use of the Services provided by the Merchant
- Service – The Internet Service made available through the leverix.com domain and subdomains;
- User – natural or legal persons who have accepted the Terms of Service and entered into an agreement with Leverix for the provision of the Service.
§ 2 General provisions.
The Service performs functions to obtain information about Users and their behaviour as a result:
- the input of data into forms by users;
- storing data in terminal equipment cookies (so-called “cookies”);
- collect so-called web server logs and other information generated (including spontaneous) in connection with or as a result of the operation and use of the Service;
- recording and collecting personal data in the form of a recording of the User’s image obtained via video communicator (e.g. skype), including in accordance with the provisions of the Terms of Service and AML Policy.
§ 3 Data collection principles.
- The use of the Services involves the need for Users to provide Personal Data, as failure to provide all Personal Data requested by Leverix may result in Leverix’s inability to provide the Services.
- The Service collects information that the User provides.
- Data collected from Users is not shared with third parties unless;
- The user will agree;
- this is justified by law – including at the request of authorised bodies implementing applicable law;
- this is necessary in order to provide the Services, i.e. in particular from a technical point of view, payment processing services or other entities with which Leverix may cooperate in the provision of the Service.
- Personal Data is processed for the duration of the Service Agreement.
§ 4 Scope of Personal Data and its processing.
- The Administrator may require the User to provide Personal Data. In particular in the case of:
- natural person: identity document identification and in addition name, surname, nationality, residential address, country of birth, information on tax residency and politically exposed position, telephone number, date of birth and national tax identification number
- in the case of an institutional user: to provide a copy or a scan of an extract from the relevant commercial register, as well as the data referred to in paragraph 1(a) concerning the person authorised to represent the institutional user and concerning all the beneficial owners of the user.
- In order to verify the data, the User may be required to show Leverix an identity document, as well as documents confirming the validity of the address indicated. The presentation of these documents may take place, in particular, using such channels of communication for remote communication – provided for in the AML Policy and in compliance with specific procedures – such as e-mail, or video messaging (e.g. Google Meet, Skype, Telegram Video).
- Personal data is processed in accordance with the RODO.
- The basis for data processing is the User’s consent and the legal provisions authorising the processing of personal data.
- Personal data will not be made available to other entities without the User’s knowledge, with the exception of entities authorised by law.
- The User has the right to access, modify and delete his/her personal data, provided that this does not violate the law. This right can be exercised from the panel prepared for the User.
- The administrator may refuse to exercise the rights indicated in points 5 and 6 if:
- this follows from the legislation,
- this information is the subject of ongoing proceedings
- is necessary to clarify the circumstances of the User’s breach of the Terms and Conditions.
§ 5 User and his/her rights.
- You have the right to access and correct your Personal Data.
- The user is entitled to request:
- additions,
- updates,
- rectification of personal data,
- to temporarily or permanently suspend their processing or to delete them if they are incomplete, out of date, incorrect or have been unlawfully collected or are no longer required for the purpose for which they were collected.
- The User is obliged to take steps to update the Personal Data via the User Panel if there is a change to this data.
- The User may obtain clarification from the Administrator and has the right to lodge an enquiry, objection or complaint with a supervisory authority if the provisions of this Privacy Policy are not understandable to the User.
- No automated decision-making will occur on the basis of the Personal Data processed. The data will not be used for profiling
§ 6 Detailed information on cookies.
- The website uses cookies.
- Cookies (so-called “cookies”) are IT data, in particular text files, which are stored on the User’s terminal equipment and are intended for the use of the Website. Cookies usually contain the name of the website they come from, the time they are stored on the User’s terminal equipment and a unique number.
- Cookies are used for the following purposes:
- to compile statistics which help us to understand how visitors use the websites, so that we can improve their structure and content;
- maintaining a User session (after logging in), thanks to which a User does not have to re-enter his/her login and password on each sub-page of the Website;
- to define a profile of the user in order to display tailored material to the user on advertising networks, in particular the Google network.
- The entity placing cookies on the User’s terminal equipment and accessing them is Leverix.
- Restrictions on the use of cookies may affect some of the functionality available on the Website.
- Cookies placed on the User’s terminal device and used can be:
- also by Leverix collaborators.
- used by advertising networks, in particular the Google network, to display advertisements tailored to the User’s use of the Website.
- The user can view and edit information resulting from cookies using the following tool: https://www.google.com/ads/preferences/.
- Users who do not wish to receive cookies should change their browser settings.
§ 7 Server layer – User information.
- Information on User activities is subject to logging at the server layer, which is used in particular for the administration of the Website and may also be used for evidential purposes in connection with criminal offences or for the assertion of civil law claims.
- Resources are identified by URLs and can be recorded in particular:
- time of arrival of the request, time of sending of the response,
- information on errors which occurred during the execution of HTTP, HTTPS requests
- the URL of a page previously visited (referer link),
- information about the user’s browser,
- IP address information.
- The above data may be associated with specific Users.
§ 8 Personal data processor
- The Administrator declares that Sum and Substance is the provider of the IT system on which the data referred to in § 7, as well as the information showing the history of operations performed by the User, are stored.
- Sum and Substance is a Data Processor and has obtained the Data Controller’s consent to access information about the Services provided to the extent that this is necessary for the performance of the agreement to provide the ICT system.
- The Processor undertakes to process the personal data entrusted to it in accordance with this Privacy Policy and with other generally applicable laws that protect the rights of data subjects.
- The Processor has stated that it applies technical and organisational security measures to ensure the security of the personal data processed and respects the rights of the data subjects.
§ 9 Final provisions.
The User may at any time contact the Administrator for information via the following address: [email protected]