- 2. ScopeThis Addendum for GDPR shall apply to the processing, including the collection, use, retention, disclosure, by the Company of personal data (i.e. information relating to an identified or identifiable natural person) (“Personal Data”) concerning persons in the European Union (“you”).
- 3. Description of the Company’s activitiesThe Company’s commercial activity consists in providing you with cryptocurrency exchange services that you can deposit, trade, and withdraw various types of cryptocurrency through a platform provided by LINE TECH PLUS.
- 4. Definitions & interpretationIn this Addendum for GDPR, unless the context otherwise requires:
- a reference to a document is a reference to that document as modified or replaced from time to time.
- a reference to a person shall include any company, corporation or any corporate body wherever incorporated.
- words importing the singular shall be treated as importing the plural and vice-versa.
- unless expressly stated otherwise, any heading, caption or section title contained in this Addendum for GDPR is inserted only as a matter of convenience and in no way defines or explains any section or provision hereof.
- 5. Data controller & data protection officerThe Company, LINE TECH PLUS PTE. LTD., incorporated under the laws of Singapore, whose registered office is in Singapore, is the legal entity responsible for the collection and processing of your Personal Data.
As regards the processing of Personal Data concerning persons within the European Union, the Company has designated the following representative in the European Union:
Representative: LINE BitOne Exchange S.A.
Contact details: firstname.lastname@example.org
The representative is mandated by the Company to be the recipient on behalf of the Company of all issues related to processing of Personal Data concerning persons within the European Union.
- 6. Categories of Personal Data collected and processed
- 6.2 Categories of Personal Data collected from other sourcesThe Company does not collect Personal Data relating to you from other sources. If it does so, the Company will inform you in advance.
- 6.3 Possible consequences of a refusal to provide your Personal Data or to consent to the transfer of your Personal Data
- A number of the personal data we collect from you are required to enable us to fulfil our contractual duties to you or to others. Other items may simply be needed to ensure that our relationship can run smoothly.
- Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue providing the Company Services.
- Your refusal to give your express consent to the transfer of your Personal Data outside the European Union as detailed below in such a case where we will then be unable to provide you with the Company Services.
- 8. Legal bases allowing to collect and process your Personal DataThe collection and processing of your Personal Data by the Company in relation to the Company Services is lawful as:
- it is necessary for the performance of a contract to which you are party or in order to take steps, at your request, prior to entering into such contract.
- you have, if expressly set forth, given your consent to the processing of your Personal Data for certain purposes outlined in the consent request.
- it is necessary for the purposes of the Company’s legitimate interests which are not overridden by your interests or fundamental rights and freedoms. The Company’s legitimate purposes consist in particular in the promotion of its economic activities and in the effective provision of the Company Services, as those will allow the Company to generate profits and to attract new customers.
- 9. Conditions applicable to your consentPlease note that you have at any time the right to withdraw your consent and we will cease to carry out that particular activity unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition. The withdrawal of your consent shall however not affect the lawfulness of processing based on your consent before its withdrawal.
- 10. Age limitThe Company Services shall only be used by persons that are over 18 years old.
- 11. Keeping your Personal Data up-to-dateYou shall ensure that all your Personal Data processed by the Company are accurate, complete, true, correct and up to date. Your failure to do so may result in you being unable to use the Company Services. The Company shall not be liable for keeping and processing inaccurate information in case that you did not respect your obligation to keep your Personal Data up-to-date.
- 12. Your data protection rights
- 12.1 GeneralTo exercise your data protection rights outlined in this section, you can contact the Company by sending an email to email@example.com
- request the restriction of processing; or
- request erasure.
Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Please be aware that your data protection rights are not absolute and it remains that, in accordance with applicable data protection laws, your rights may be withheld. In such event, the Company will provide you with the reasons for not complying with your request.
The Company shall process your request as soon as reasonably practicable and the Company will provide you with information on actions taken without undue delay and in any event within one month of receipt of your request. This period may be extended by a further two months where necessary, taking into account the complexity and number of your request. In this event the Company will inform you of any such extension within one month of the receipt of your request, together with the reasons for the delay.
In the event that the Company decides not to comply with your request or has not processed your request within the aforesaid timeframe, you can lodge a complaint with the national supervisory authority (see below) and you can seek a judicial remedy against the Company’s decision.
- 12.2 Your right to access, rectification, restriction of processing and erasure of your Personal Data & your right to data portabilityYou have, if applicable and within the limits of applicable data protection laws, the ability to request access to your Personal Data as processed by the Company and to seek the rectification or erasure of your Personal Data or to request the restriction of their processing.
You have, within the limits of applicable data protection laws, the right to receive the Personal Data you have submitted to the Company in a structured, commonly used and machine-readable format and to transmit such Personal Data to another controller without hindrance. The Company will, where applicable and technically feasible, transmit your Personal Data directly to the data controller of your choice.
- 12.3 Your right to objectIf applicable in accordance with applicable data protection legislation, you have the right to object, on grounds relating to your particular situation, at any time, to the processing of your Personal Data by the Company, unless:
- there exist compelling legitimate grounds for such processing which override your interests, rights and freedoms; or
- the processing is necessary for the establishment, exercise or defence of legal claims.
Notwithstanding the foregoing, please be aware that you have the right to object at any time to processing of your Personal Data for direct marketing purposes. In this event, you may opt-out of such processing by sending an email to firstname.lastname@example.org
- 12.1 GeneralTo exercise your data protection rights outlined in this section, you can contact the Company by sending an email to email@example.com
- 13. International transfers of Personal DataThe Company will transfer your Personal Data to third countries of its choice, in particular Korea and Japan.
Please be aware that Korea and Japan have not been certified by the European Commission as ensuring an adequate level of protection under European data protection law for your Personal Data.
Considering the absence of an adequate level of protection for your Personal Data in Korea and Japan, the Company deploys the following safeguards:
- Standard Contractual Clauses: Company provides Standard Contractual Clauses approved by European Union to meet GDPR requirements for your Personal Data that operate in South Korea and Japan.
The Company’s service providers, which are contractually bound to the Company, shall be allowed to process your Personal Data on the Company’s behalf.
- 14.2 Categories of recipients of your Personal DataThe Company may disclose and/or share your Personal Data to the following categories of recipients:
- LINE group entities;
- Tax, audit, or other authorities, when we believe that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
- Third party service providers who perform functions on our behalf (including technical support functions and IT consultants carrying out testing and development work on our business technology systems);
- Third party outsourced IT providers where we have an appropriate data processing agreement (or similar protections) in place; and
- If a LINE entity merges with or is acquired by another business or company in the future, we may share your personal data with the new owners of the business or company (and provide you with notice of this disclosure).
- 15. Security of Personal DataThe Company protects your Personal Data by using appropriate administrative, technical and organisational security measures to reduce the risks of loss, theft, misuse, unauthorised access, disclosure, destruction and alteration of your Personal Data. These security measures include:
- The Company stores critical Personal Data with encryption;
- The Company encrypts with SSL, HTTPS, and TLS;
- The Company regularly scans Company Website and App to detect vulnerabilities and security issues and implements additional security measures to identified security issues immediately;
- The Company regularly perform internal and external penetration testing to validate security level;
- The Company operates 24×7 CSIRT (Computer Security Incident Response Team) to monitor security events;
- The Company operates Risk Management team, monitoring any suspicious, fraudulent activities of Company Services;
- The Company conducts security awareness training to employees on a yearly basis;
- The Company has security policy for securing the confidentiality, integrity, and availability of Personal Data; and
- Access to Personal Data is granted with approval and based on “need-to-know” policy;
The Company’s security measures will be reviewed regularly in light of relevant legal and technical developments. Please be, however, aware that today no processing, transmission or storage of data, including Personal Data – even in high security environments and notwithstanding any appropriate security measure – ensures an absolute protection and can for example be subject to hacks and/or attacks.
If you have reason to believe that your Personal Data is no longer secure, you shall immediately notify such risk to the Company by contacting us at firstname.lastname@example.org
- 16. External WebsitesOccasionally, the Company Services may provide references or links to, or facilitate access to other websites or other online services, including applications (hereinafter “External Websites or Apps”).
The Company does not control such External Websites or Apps or any of their content.
The Company shall in no way be responsible or liable for such External Websites or Apps to which the Company makes reference or provides a link thereto, whether directly or indirectly. The Company shall in particular be in no way responsible or liable for External Websites’ or App’s content, any information displayed thereon, policies, privacy standards, failures, promotions, products, any practice, services or actions and/or any damages, losses, failures or problems caused by, related to, or arising from those sites.
Please be aware that the inclusion of a link or any other reference within the Company Services does not imply endorsement of an External Website or App by the Company and it remains that such External Websites or Apps have separate and independent privacy policies. The Company consequently encourages you to review the policies, rules, terms, privacy practices and regulations of each site that you visit.
The Company seeks to protect the integrity of the Company Services and thus welcomes any feedback about External Websites or Apps referred to within the Company Services.
- 17. Storage of your Personal DataWithout prejudice to the Company’s right to further process your Personal Data for purposes that are not incompatible with the initial purpose, and subject to the Company’s own legal and regulatory obligations, the Company retains your Personal Data only for as long as necessary to fulfil the purposes described in the Policies, or as required by the laws of Singapore.
After the storage of your Personal Data is no longer necessary, including for our record keeping obligations, the Company shall proceed to the erasure of your Personal Data in a secure manner.
- 18. Updates to this Addendum for GDPRThe present Addendum for GDPR has been made available to you prior to your use of Company Services.
The Company reserves the right to revise, change, modify, update, supplement, add or remove portions of the Addendum for GDPR, at any time, in an exercise of its sole discretion. When the Company makes such changes to the Addendum for GDPR, the Company will notify such changes to you by making the amended Addendum for GDPR available on the Company Website and the Company App (“amended Addendum for GDPR”). It is your responsibility to review the amended Addendum for GDPR.
Your continued use of The Company subsequent to the notification of such changes, or the absence of any objection thereto within thirty days from the date the amended Addendum for GDPR have been made available on the Company Website and the Company App, constitutes your acceptance of the amended Addendum for GDPR.
- 19. Merger/Corporate AcquisitionIf the Company merges with another company or entity, of whatsoever form, or is partially or entirely acquired by such company or entity, the acquiring company or entity shall have access to all your Personal Data in the Company’s possession. Without prejudice to the right to update the present Addendum for GDPR, the acquiring company or entity shall be bound by this Addendum for GDPR.
- 20. Questions or complaintsIf you have questions or concerns about this Addendum for GDPR or seek additional information about the processing activities carried out by the Company when providing the Company Services, you can contact us using the contact details below:
If you do not feel satisfied with the response given or actions taken, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or of the place of the alleged violation.
- 21. Applicable law & jurisdictionThe provision of the Company Services to persons in the European Union shall be governed by and construed in accordance with the laws of Singapore, without regard to conflict of law principles. This shall be without prejudice to the protection of the mandatory provisions of the law of another Member State of the European Union that would be applicable in the absence of the present paragraph.
Any disputes arising from the provision of the Company Services to persons in the European Union shall be submitted to the jurisdiction of the Singapore courts.