Privacy Policy

1. General provisions

 

 

 

1.1. This Personal Data Processing and Storage Policy (hereinafter referred to as the “Policy”) has been developed in accordance with the Constitution of the Russian Federation, Federal Law No. 152—FZ, and other regulatory legal acts of the Russian Federation and defines the procedure for processing and measures to ensure the security of personal data of users of the exchange service (hereinafter referred to as the “Exchange Service”).

 

 

 

1.2. The Exchange Service ensures the protection of human and civil rights and freedoms when processing personal data, including the protection of the rights to privacy, personal and family secrets.

 

 

 

1.3. This Policy applies to all information that the Exchange Service can receive about users.

 

 

 

2. Basic concepts

 

 

 

2.1. Personal data — any information relating directly or indirectly to a specific or identifiable natural person.

 

 

 

2.2. Personal data processing is any action (operation) or set of actions performed with or without the use of automation tools.

 

 

 

2.3. The User is an individual using the Exchange Service.

 

 

 

3. Legal grounds for personal data processing

 

 

 

3.1. The Exchange Service processes personal data on the following grounds:

 

• consent of the personal data subject;

 

• conclusion and execution of the contract;

 

• compliance with the requirements of the legislation of the Russian Federation;

 

• exercising the rights and legitimate interests of the Exchange Service.

 

 

 

3.2. By submitting their personal data, the User agrees to their processing in accordance with the terms of this Policy.

 

 

 

4. Purposes of personal data processing

 

 

 

Personal data is processed for the purposes of:

 

• User registration and identification;

 

• fulfillment of obligations on exchange transactions;

 

• compliance with the requirements of the legislation of the Russian Federation;

 

• Financial and accounting accounting;

 

• Fraud prevention and operation security;

 

• reviewing user requests;

 

• informing about the status of operations;

 

• ensuring the functioning of the Exchange Service.

 

 

 

5. Composition of personal data processed

 

 

 

5.1. The Exchange Service may process the following personal data:

 

• last name, first name, patronymic;

 

• Email address;

 

• Phone number;

 

• details of bank accounts, cards, and electronic wallets;

 

• passport data (if necessary, identification);

 

• residential address;

 

• IP address;

 

• coоkie data;

 

• information about user actions on the site;

 

• Operation history.

 

 

 

5.2. The Exchange Service does not process special categories of personal data, except in cases expressly provided for by the legislation of the Russian Federation.

 

 

 

6. Procedure and conditions of personal data processing

 

 

 

6.1. Personal data is processed using automation tools and without the use of such tools.

 

 

 

6.2. The Exchange Service takes the necessary organizational and technical measures to protect personal data from:

 

• unauthorized access;

 

• destruction;

 

• changes;

 

• blocking;

 

• copying;

 

• distribution;

 

• other illegal actions.

 

 

 

6.3. Access to personal data is provided only to authorized persons who are responsible for maintaining confidentiality.

 

 

 

7. Transfer of personal data to third parties

 

 

 

7.1. The Exchange Service has the right to transfer personal data:

 

• credit institutions and payment systems;

 

• hosting providers;

 

• contractors providing technical support;

 

• state bodies — in cases stipulated by the legislation of the Russian Federation.

 

 

 

7.2. The transfer of data to third parties is subject to their compliance with the requirements of the legislation on personal data.

 

 

 

8. Terms of personal data storage

 

 

 

8.1. Personal data is stored:

 

• during the term of the contractual relationship;

 

• within the time limits established by the tax and financial legislation of the Russian Federation;

 

• until the processing objectives are achieved;

 

• before the withdrawal of consent by the personal data subject (if there are no other legal grounds for processing).

 

 

 

8.2. Upon achievement of the purposes of processing, personal data is subject to destruction or depersonalization.

 

9. Rights of the personal data subject

 

 

 

The subject of personal data has the right to:

 

• receive information about the processing of your personal data;

 

• require clarification, blocking, or destruction of data;

 

• revoke consent to processing;

 

• appeal the actions of the Exchange Service to the authorized body or in court.

 

 

 

Requests are sent to the following email address: [support@bro.exchange ].

 

 

 

10. Localization of personal data

 

 

 

10.1. When collecting personal data of citizens of the Russian Federation, the Exchange Service ensures the recording, systematization, accumulation, storage and extraction of personal data using databases located on the territory of the Russian Federation.

 

 

 

11. Ensuring the security of personal data

 

 

 

11.1. The Exchange Service applies the following protection measures:

 

• using secure data transfer protocols (SSL/TLS);

 

• Antivirus protection;

 

• Firewalls;

 

• restriction of access to information;

 

• Backup;

 

• Regular security audits.

 

 

 

12. Final provisions

 

 

 

12.1. The Exchange Service has the right to make changes to this Policy without prior notification to users.

 

 

 

12.2. The new version of the Policy comes into force from the moment it is posted on the website.

 

 

 

12.3. The current version of the Policy is always available on the website of the Exchange Service.