Last updated: 23rd July 2020
Zerafa.io Ltd (“us”, “we”, or “our”) is a limited liability company incorporated under the laws of Malta on the 16th October 2018 with company registration number C 88830 having its registered office at 215/1, Old Bakery Street, Valletta VLT 1451, Malta, and is authorised by the Malta Financial Services Authority (“MFSA”) to carry the function of a VFA Agent in terms of article 14 of the Virtual Financial Assets Act, Cap 590 of the Laws of Malta.
Zerafa.io Ltd operates the website www.zerafa.io and is the Data Controller for the website. Zerafa.io Ltd is committed to protect the privacy of individuals who visit the website and who make use of its services.
This page informs you of our policies regarding the collection, use, and disclosure of Personal Data (as defined below) in connection with your relationship with us as our clients, acting for a client, or being generally interested in our services, including this website, in terms of the Data Protection Act, Cap 440 of the Laws of Malta and Regulation EU 2016/679 of the European Parliament and of The Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).
We use your Personal Data for providing and improving our services. By using our services and this website, you agree to the collection and use of data in accordance with this policy.
- Data Collection and Use
While using our services or browsing our website, we may ask you to provide us with Personal Data that can be used to contact or identify you. Personal Data refers to any information relating to you as an identified or identifiable natural person, which may include, but is not limited to, your email address, name, and phone number (“Personal Data”). Personal Data does not include data from which you can no longer be identified, such as anonymised aggregate data.
We are committed to collect, process, handle, and store your Personal Data in accordance with the principles laid down in the GDPR. In this regard, your Personal Data will be:
- Processed lawfully, fairly, and in a transparent manner;
- Collected for specified, explicit, and legitimate purposes;
- Not further processed in a manner that is incompatible with those purposes, unless it is for archiving purposes in the public interest;
- Not kept longer than necessary for the achievement of those purposes, unless for the public interest;
- Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;
- Accurate and kept up to date, and we will take every reasonable step to ensure that any inaccurate Personal Data is erased or rectified without delay;
- Processed in a manner that ensures appropriate security and confidentiality.
We will collect, process, handle or store your Personal Data only if:
- You have given consent for one or more specific purposes;
- It is necessary for the performance of a contract or prior to the entering into a contract to which you are a party;
- It is necessary for our compliance with a legal obligation;
- It is necessary in order to protect your vital interests or the vital interests of another natural person;
- It is necessary for the performance of a task carried out in the public interest;
- It is necessary for the purposes of the legitimate interests pursued by us, except where such interests are overridden by your interests or your fundamental rights and freedoms which require protection of your Personal Data.
- Subject to the Consent and the Rights of Data Subjects
The collection, processing, handling, and storing of your Personal Data will always be subject to the consent and all the rights you are entitled to, as outlined in subsequent sections, including the necessary minimum information which must be communicated to you. You may at all times, subject to certain exemptions, withdraw your consent or request the erasure or rectification of your Personal Data. In such cases, we shall irrevocably destroy or rectify your Personal Data.
- Storage of Personal Data
We are committed to store your Personal Data in the most secure manner using effective and modern software which shall be kept updated. The storage of your Personal Data shall be made in accordance to the principles and procedures applicable to the processing of Personal Data, laid down in the previous Section of this Policy. This Policy requires that your Personal Data is kept confidential by limiting the access to your Personal Data to you or to persons who actually require such access for legitimate reasons and with the appropriate security measures in place to avoid unauthorised access or sharing of your Personal Data. We shall have in place all necessary procedures to ensure that any erasure of your Personal Data is done safely and securely with no possibility of recovery of such data. We shall also implement back-up and disaster recovery solutions for unintentional loss of your Personal Data.
The security of your Personal Data is important to us, but remember that no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
- Data Minimisation
We are committed to process and store your Personal Data only as long as such storage is required and for legitimate purposes. Therefore, this Policy requires the erasure, within reasonable time, of your Personal Data which is no longer required or the purpose for which data was stored is no longer relevant.
- Data Processing
We collect your Personal Data when you:
- Access our website;
- Post a query or complaint through our website;
- Request our service; and
- Appoint us as your VFA Agent and receive our services.
Compliance with Laws
We may require your Personal Data in order for us to remain compliant with any law or regulation, or to satisfy a legal or statutory obligation. We will disclose your Personal Data with any employee of Zerafa.io Ltd or any other person we deem fit where required to do so by law or by court order or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our service. The Personal Data which we may process in this regard includes, but is not limited to, your name, address, identification number, date of birth, country of birth, email address, and phone number.
We may use your Personal Data to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.
We collect information that your browser sends whenever you visit our website (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (IP) address, browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, and other statistics.
In addition, we may use third party services such as Google Analytics that collect, monitor and analyse this type of information to increase our website’s functionality. These third-party service providers have their own privacy policies addressing how they use such information. You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page. Google also recommends installing the Google Analytics Opt-out Browser Add-on for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive.
We may employ third party companies and individuals to facilitate our services, to provide services on our behalf, to perform related services, or to assist us in analysing how our service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obliged not to disclose or use it for any other purpose.
- International Transfer
Your Personal Data may be transferred to, and maintained on, computers located outside of your country where the data protection laws may differ than those from your jurisdiction.
If you are located outside Malta and choose to provide information to us, please note that we transfer the information, including Personal Data, to Malta and process it there.
- Notification of Breach
In the case that the security or confidentiality of your Personal Data is breached, we shall inform the competent supervisory authorities within 72 hours of such breach, and we shall also inform you without undue delay of such breach if we deem such breach to constitute a high risk to your rights and freedoms. In notifying you of such breach, we shall communicate in plain language:
- The name and contact details of the Data Protection Officer or other contact point where more information can be obtained;
- The likely consequences of the breach;
- The measures taken or proposed to be taken to address and mitigate the effects of the breach.
- Rights of Data Subjects
We are committed, to the best of our abilities, to allow you to exercise your rights in relation to your Personal Data held by us. We are committed to respect and act upon any exercise of such rights.
Right to Information
- Our identity and our contact details or of our representative;
- The contact details of the Data Protection Officer;
- The purposes and legal basis of the processing of your Personal Data;
- The legitimate interests pursued by us for the processing of your Personal Data;
- The recipients of your Personal Data;
- Where your Personal Data is not collected directly from you, information as to the source of your Personal Data; and
- The fact that we may transfer your Personal Data to a third country or international organisation and that appropriate safeguards are in place.
- The period for which your Personal Data will be stored, or the criteria used to determine that period;
- Information on the rights to which you are entitled;
- The fact that the provision of your Personal Data is both a statutory and contractual requirement, and instances where you are obliged or not obliged to provide your Personal Data and the possible consequences of failure to provide such data; and
- The existence of automated decision-making, including profiling, and information on the logic involved, the significance and the envisaged consequences of such processing of your Personal Data.
Right of Access
This Policy requires us to allow you to exercise your right in requesting a confirmation from us as to whether your Personal Data is being processed and the right to access your Personal Data. You are also entitled to access the information on your Personal Data mentioned in the previous sub-section.
Right to be Forgotten and Rectification
You shall have the right to obtain from us without undue delay the rectification of inaccurate Personal Data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
You may also ask us to destroy any of your Personal Data. When such request is made, we are obliged to destroy your Personal Data in an irrecoverable manner and without undue delay if one of the following grounds applies:
- Your Personal Data is no longer necessary in relation to the purposes for which it was collected or processed;
- You withdraw your consent on which the processing is based and where there is no other legal ground for the processing;
- You object to the processing and there are no overriding legitimate grounds for the processing;
- Your Personal Data has been unlawfully processed;
- Your Personal Data has to be erased for compliance with a legal obligation in the EU or under Maltese Law; and if
- Your Personal Data has been collected in relation to the offer of information society services.
This right to erase your Personal Data shall not be granted if the processing of your Personal Data is necessary for:
- Exercising the right of freedom of expression and information;
- Compliance with a legal obligation which requires processing by the EU or Malta, or for the performance of a task carried out in the public interest;
- Reasons of public interest in the area of public health;
- Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes as long as erasure of your Personal Data is likely to render impossible or seriously impair the achievement of the objectives of that processing; or for
- The establishment, exercise or defence of legal claims.
Right to Restrict Processing
- The accuracy of your Personal Data is contested by you, for a period enabling us to verify the accuracy of your Personal Data;
- The processing is unlawful, and you oppose the erasure of your Personal Data and you request the restriction of its use instead;
- We no longer need your Personal Data for the purposes of the processing, but your Personal Data is required by you for the establishment, exercise, or defence of legal claims;
- You have objected to processing of your Personal Data, for the period pending verification whether we have legitimate grounds which override your fundamental rights and freedoms.
Where processing has so been restricted, your Personal Data shall, with the exception of storage, only be processed:
- With your consent;
- For the establishment, exercise, or defence of legal claims;
- For the protection of the rights of another natural or legal person; or
- For reasons of important public interest of the EU or one of its member states.
Apart from restricting processing, you shall also have the right to object, at any time, to processing of your Personal Data when the processing of your Personal Data is required for the performance of a task carried out in the public interest or for the purposes of our legitimate interest. In such case, we may continue to process your Personal Data only if we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. If you object to the processing of your Personal Data for direct marketing purposes, we shall cease the processing.
Right to Data Portability
You may also request to receive your Personal Data from us in a structured, commonly used and machine-readable format. You may also request such Personal Data to be transmitted to another controller without any hindrance from us where:
- The processing is based on a consent or on a contract; and
- The processing is carried out by automated means.
- Links to Other Sites
We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.
- Contact Us