RELEASED: 10th November 2023
We at Archway respect and protect the privacy of visitors to our website and our clients. This Privacy Policy describes our information handling practices when You access our Services, which include our content on the website located at https://archway.finance, or any other websites, pages, features, or content we own or operate (collectively, the "Site(s)") or when You use or mobile app or third party applications relying on such an API, and related services.
Please take a moment to read this Privacy Policy carefully. If You have any questions about this Policy, please submit Your request via our contact details listed below.
We may modify this Privacy Policy from time to time which will be indicated by changing the date at the top of this page. If we make any material changes, we will notify You by email (sent to the email address specified in Your account), by means of a notice on our Services prior to the change becoming effective, or as otherwise required by law. Your consent to the changed Privacy Policy is a prerequisite for the continuation of Your usage of our Services.
I. What personal information we collect
Personal information is data that identifies an individual or relates to an identifiable individual. This includes information You provide to us, information which is collected about You automatically, and information we obtain from third parties. The personal information collected under this Privacy Policy and the definition of personal information are based on the applicable laws and regulations - Bulgarian and EU for the protection of personal information. The definition of personal information may also depend on the applicable law based on Your physical location. In this case, You should contact the Data protection officer of the company (DPO) and request the protection of additional data. The company will protect all data that the applicable law deems as personal information.
Information You provide to us. To establish an account and access our Services, we'll ask You to provide us with some important information about Yourself. This information is either required by law (e.g. to verify Your identity), necessary to provide the requested Services (e.g. you will need to provide Your bank account number or wallet details), or is relevant for certain specified purposes, described in greater detail below. As we add new features and Services, You may be asked to provide additional information.
If You choose not to share certain information with us, we may not be able to serve you as effectively or offer You our Services. We also may collect information on an anonymized basis, for statistical purposes, to improve the platform. Any information You provide to us that is not required is voluntary.
We may collect the following types of information from You:
1) For creating Your account:
- Email and phone number.
2) For person verification:
- Personal identification information: full name, date of birth, nationality, gender, signature, utility bills, photographs, phone number, home address, and/or email.
- Formal identification information: government issued identity document such as Passport, Driver's License, National Identity Card, State ID Card, Tax ID number, passport number, driver's license details, national identity card details, visa information, and/or any other information deemed necessary to comply with our legal obligations under financial, anti-money laundering or counter-terrorism financing laws and regulations.
- Institutional information: employer identification number (or comparable number issued by a government), proof of legal formation (e.g. Articles of Incorporation), personal identification information for all material beneficial owners.
- Employment information: office location, job title, and/or description of role.
- Correspondence: survey responses, information provided to our support team or user research team.
- Audio, electronic, visual and similar information, such as call and video recordings.
3) For completing transactions:
- Financial information: bank account information, payment card primary account number (PAN), transaction history, trading data, and/or tax identification.
- Transaction information: information about the transactions You make on our Services, such as the name of the recipient, Your name, the amount, and/or timestamp.
- Invoice information: VAT number, tax information, address, activity.
4) For technical purposes:
- Online identifiers: geo location/tracking details, browser details, operating system, personal IP addresses.
- Usage data: authentication data, security questions, click-stream data, public social networking posts, and other data collected via cookies and similar technologies. Please read our Cookie Policy for more information.
- Blockchain data.
5) Anonymized and aggregated data.
Anonymization is a data processing technique that modifies personal information so that it cannot be associated with a specific individual. Except for this section, none of the other provisions of this Privacy Policy applies to anonymized or aggregated client data (i.e. information about our clients that we combine together so that it no longer identifies or references an individual client).
Archway may use anonymized or aggregate client data for any business purpose, including to better understand customer needs and behaviors, improve our Services, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third parties.
The types of data we may anonymize include, transaction data, click-stream data, performance metrics, and fraud indicators.
II. How we use Your personal information
Our primary purpose in collecting personal information is to provide You with a secure, smooth, efficient, legally compliant and customized experience. We generally use personal information to create, develop, operate, deliver, and improve our Services, content and advertising; and for loss prevention, anti-fraud and other criminal purposes. We may use this information in the following ways:
1) To maintain legal and regulatory compliance.
The provided Services are subject to laws and regulations requiring us to collect, use, and store our personal information in certain ways. If You do not provide personal information required by law, we will have to close Your account.
2) To enforce our terms in our user agreement and other agreements.
In addition, we may need to collect fees based on Your use of our Services. We collect information about Your account usage and closely monitor Your interactions with our Services. We may use any of Your personal information collected for these purposes. The consequences of not processing Your personal information for such purposes is the termination of Your account.
3) To detect and prevent fraud and/or funds loss.
We process Your personal information in order to help detect, prevent, and mitigate fraud and abuse of our services and to protect You and other clients against account compromise or funds loss.
4) To check sanction lists.
We process Your personal information to make a sanctions list scan, pursuant to the Bulgarian, EU or any other applicable law. To check the source of funds, the main activities for the purpose of preventing any criminal activities.
5) To provide our Services.
We process Your personal information to provide the Services to You. We cannot provide You with Services without such information. We use this information to prevent any cyberattacks against our software and to prevent data leakage. Third parties such as identity verification services may also access and/or collect Your personal information when providing identity verification and/or fraud prevention services.
6) To provide Service communications.
We send administrative or account-related information to You to keep You updated about our Services, inform You of relevant security issues or updates, or provide other transaction-related information. Without such communications, You may not be aware of important developments relating to Your account that may affect how You can use our Services. You may not opt-out of receiving critical service communications, such as emails or mobile notifications sent for legal or security purposes.
7) To provide customer service.
We process Your personal information when You contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. Without processing Your personal information for such purposes, we cannot respond to Your requests and ensure Your uninterrupted use of the Services.
8) To ensure quality control.
We process Your personal information for quality control and staff training to make sure we continue to provide You with accurate information. If we do not process personal information for quality control purposes, You may experience issues on the Services such as inaccurate transaction records or other interruptions.
9) To ensure network and information security.
We process Your personal information in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about Your use of our Services. Without processing Your personal information, we may not be able to ensure the security of our Services.
10) For research and development purposes.
We process Your personal information to better understand the way You use and interact with our Services. In addition, we use such information to customize, measure, and improve our Services and the content and layout of our website and applications, and to develop new services. Without such processing, we cannot ensure Your continued enjoyment of our Services.
11) To enhance Your experience.
We process Your personal information to provide a personalized experience, and implement the preferences You request. For example, You may choose to provide us with access to certain personal information stored by third parties. Without such processing, we may not be able to ensure Your continued enjoyment of part or all of our Services.
12) To facilitate corporate acquisitions, mergers, or transactions.
We may process any information regarding Your account and use of our Services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions.
13) To engage in marketing activities.
Based on Your communication preferences, we may send You marketing communications (e.g. emails or mobile notifications) to inform You about our events or our partner events, but also to inform You of a new version of any of our policies. Our marketing will be conducted in accordance with Your advertising marketing preferences and as permitted by applicable laws and regulations.
14) For any purpose that You provide Your consent.
We will not use Your personal information for purposes other than those purposes we have disclosed to You, without Your permission. From time to time, and as required under the applicable law, we may request Your permission to allow us to share your personal information with third parties. In such instances, You may opt out of having Your personal information shared with third parties, or allowing us to use Your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained Your authorization. If you choose to limit the use of Your personal information, certain features of our Services may not be available to you.
III. With whom we share the information and for what purpose
We do not rent or sell any personal information. We may share personal information with the following recipients:
1) Our third-party vendors engaged in providing services in connection with the Services like data warehouses, data analytics, safety and security personnel and IT service providers and others;
2) Public authorities in their line of work;
3) Our subsidiaries and affiliated companies;
4) Auditors or advisers of our business processes; and
5) Any potential purchasers or investors in the company.
We may share personal information with our recipients for any of the following purposes: (i) storing or processing personal information on our behalf (e.g., identity verification service providers, sanction scanning providers); (ii) assisting us with our business operations (e.g., bank institutions for making transactions); and (iii) performing research, technical diagnostics, personalization and analytics that will enable us to improve the Services.
We may also disclose personal information, or any information You submitted via the Services if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal procedure or governmental request; (ii) enforce our policies (including our agreements), including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) establish or exercise our rights to defend against legal claims;(v) prevent harm to the rights, property or safety of us, our affiliates, our users, yourself or any third-party; (vi) for the purpose of collaborating with law enforcement agencies; (vii) to comply with sanctions against individuals or countries; and (viii) in case we find it necessary in order to enforce intellectual property or other legal rights.
IV. Third-party tracking technologies
We work with third-party service providers. You could find information about them here. The third-party service will collect information such as how often users access the Services, what pages they visit when they do so, etc. We will use the information we get from these tools only to improve our Services. In this case we will collect the IP address assigned to You on the date You visit sites, rather than Your name or other identifying information. We do not combine the information collected through this method with personally identifiable information.
V. International transfer
To facilitate our global operations, Archway may transfer, store, and process Your personal information within our affiliates, third-party partners, and service providers based throughout the world. We will protect Your personal information in accordance with this Privacy Policy wherever it is processed and will take appropriate contractual or other steps to protect the relevant personal information in accordance with applicable laws. We contractually obligate recipients of Your personal information to agree to at least the same level of privacy safeguards as required under applicable data protection laws. In these instances, we will transfer Your data only based on standard data protection clauses adopted by the European Commission.
We rely primarily on the European Commission’s Standard Contractual Clauses to facilitate the international and onward transfer of personal information collected in the European Economic Area (“EEA”) to the extent the recipients of the European personal information are located in a country that is part of the EU. We may also rely on an adequacy decision of the European Commission confirming an adequate level of data protection in the jurisdiction of the party receiving the information, or derogations in specific situations.
Archway is responsible for the processing of personal information it receives and subsequently transfers to a third party acting as an agent on its behalf. Before we share Your information with any third party, we will enter into a written agreement that the third party provides at least the same level of protection for the personal information as required under applicable data protection laws.
VI. For how long we retain the information
We store Your personal information securely throughout the life of Your Archway account. We will only retain Your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable laws and regulations, we may keep records containing Users’ personal information, account opening documents, communications and anything else as required by applicable laws and regulations.
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion or by Your own asking, only if the applicable law allows the removal of this information.
Archway may store data in global hosting providers with servers across various regions and we shall take all reasonable steps to ensure that all personal data is destroyed or permanently deleted when no longer required for the purpose of the company, and prepare a disposal schedule for inactive data after 24 months.
If any of the provided personal information is changed, You are obliged to inform us immediately of the change. If You do not do so, Archway does not bear any responsibility for any trouble this may cause You. On the other hand, if Archway in any way was harmed by the negligence of the mentioned obligations, we may seek compensation by any legal actions.
VII. Your privacy rights
Depending on applicable law where You reside, You may be able to assert certain rights related to Your personal information identified below. If any of the rights listed below are not provided under the law where You are situated, Archway has absolute discretion in providing You with those rights.
Your rights to personal information are not absolute. Depending upon the applicable law, access to Your rights under the applicable law may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another's privacy; (c) to protect our rights and properties; (d) where the request is frivolous or vexatious, or for other reasons.
1) Access to Your personal information so You can check the accuracy of the collected information. You can contact us by sending an email to our DPO at: dpo@archway.finance, who is going to produce Your personal data for comparison with Your real data. If there is a difference with the collected data, it will be updated with Your real personal information.
2) Portability. You may request that we provide You a copy of Your personal information held by us. This information will be provided without undue delay subject to a potential fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. In certain circumstances, You may request to receive Your personal information in a structured, commonly used and machine-readable format, and to have us transfer Your personal information directly to another data controller.
3) Rectification of incomplete or inaccurate personal information. You may request us to rectify or update any of Your personal information held by Archway that is inaccurate. You may do this at any time by sending us an email at dpo@archway.finance.
4) Erasure. You may request to erase Your personal information, subject to applicable law. If you close Your Archway account, we will mark Your account in our database as "Closed," but will keep certain account information, including Your request to erase, in our database for a period of time as described above. This is necessary to deter fraud, by ensuring that persons who try to commit fraud will not be able to avoid detection simply by closing their account and opening a new account, and to comply with Archway’s legal obligations. However, if You close Your account, Your personal information will not be used by us for any further purposes, nor shared with third parties, except as necessary to prevent fraud and assist law enforcement, as required by law, or in accordance with this Privacy Policy.
5) Withdraw consent. To the extent the processing of Your personal information is based on Your consent, You may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of Archway's processing based on consent before Your withdrawal.
6) Restriction of processing. In some jurisdictions, applicable law may give You the right to restrict or object to us processing or transferring Your personal information under certain circumstances. We may continue to process Your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
7) Marketing communications. You can opt-out of receiving marketing communications from Archway. Direct marketing includes any communications to You that are only based on advertising or promoting our products and services. We will only contact You by electronic means (email or SMS) based on our legitimate interests, as permitted by applicable law, or Your consent. If you do not want us to send you marketing communications, please go to your account settings to opt-out or submit a request via dpo@archway.finance.
Please note that these rights are not absolute and may be subject to our own legitimate interests and regulatory requirements.
VIII. How to contact us and make a privacy request
If You wish to exercise any of these rights mentioned above, or any questions or concerns You can contact us at: dpo@archway.finance. When handling Your request, we will ask for additional information to confirm Your identity (which may include personal information). However, please note that if You choose not to allow us to process Your personal information, we may be prevented from providing our Services.
Archway implements various security measures to ensure that Your personal data is stored safely and is not compromised in any way. At the same time, Archway can not in good faith guarantee that data breach is not possible since no security measure can provide absolute protection. It is advised for users to take their own safety measures such as 2-factor authentication or other measures not provided by us. If You suspect that Your account information or Your personal data has been compromised, You should contact our DPO as soon as possible.
IX. How to lodge a complaint
If You are not satisfied with our response or believe we are collecting or processing Your personal information not in accordance with the laws, You can file a complaint to the applicable data protection authority.
Archway is a company registered in the Republic of Bulgaria and complies to the Bulgarian and EU regulations. You can contact the national data protection authorities in Bulgaria as follows:
Authority: Commission for Personal Data Protection
Address: 2, Prof. Tsvetan Lazarov blvd., 1592 Sofia, Bulgaria
Tel. +359 2 915 3580 +359 2 915 3548
Fax +359 2 915 3525
Email: kzld@cpdp.bg
Website: https://www.cpdp.bg/
Member: Mr Ventsislav Karadjov - Chairman of the Commission for Personal Data Protection
YOU ACKNOWLEDGE THAT YOU HAVE READ THIS POLICY, UNDERSTAND IT AND ARE BOUND BY ITS TERMS AND CONDITIONS.