PRIVACY POLICY

1. Purpose

We protect your privacy. You will be able to feel confident when you entrust us with your personal data. Therefore, we have established this policy. It is based on current data protection legislation and clarifies how we work to safeguard your rights and integrity.

The purpose of this policy is to tell you how we treat your personal data, what we use it for, who will get to access to it and under what pre-requisites, and how you can exercise your rights.

tarmex AB , org no  559251-9408 ("tarmex") is the data controller.

The contact information for the Data Protection Officer is at the end of this document.

The principles apply if a customer uses, has used or has expressed an intention to use, or otherwise is associated with, any of the services provided by  tarmex , including such conditions established before the Policy entered into force.

2. Definitions

“Customer” means a physical person who uses, has used or expressed a wish to use or otherwise be related to any of the services provided by  tarmex A.

“Personal Data” means all information that can be directly or indirectly related to a natural person.

“Processing” means all handling of Personal Data (including collection, recording, recording, storage, transfer, deletion, etc.).

“Data Protection Officer” supervises that  tarmex complies with the Data Protection Regulation.

3. General provisions

3.1 This policy describes overall how  tarmex processes Personal Data. Specific information about the processing of Personal Data may also be disclosed in agreements and other documents related to Euronordic's services.

3.2  tarmex Asecures, within the applicable law, the privacy of Personal Data and has appropriate technical and organizational measures to protect Personal Data from unauthorized access, illegal processing or clearing of information, accidental loss, alteration or destruction.

3.3   tarmex uses personal data advisory services for the processing of Personal Data, or transmits Personal Data to other recipients. In these cases,  tarmex takes exceptional measures to ensure that personal data advisers handle Personal Data according to  tarmex's instructions, in accordance with applicable law and require adequate security measures.tarmex

4. Categories of Personal Data

Personal Data can be retrieved from a Customer through Customer's use of services and from external sources, such as from public and private records or by third parties. Categories of Personal Data collected and processed by   tarmex , primarily, but not only are:

§  Identification information such as name, social security number, date of birth, information about identity document (e.g. copy of passport, ID card) etc.

§  Contact information such as address, telephone number, e-mail address, communication language.

§  Information about relationships with legal entities such as data provided by the Customer or obtained from public sources or through third party service providers for the fulfillment of transactions on behalf of the legal person concerned etc.

§  Financial information such as accounts, ownership, transactions, trade requests or completed transactions.

§  Information on the origin of assets such as the Customer's transaction partner and business activities, etc.

§  Credibility and due diligence data such as payment behavior, damage caused to  tarmex or other data that allows  tarmex  to take measures to prevent anti-money laundering and terrorist financing and to ensure compliance with international sanctions, including the purpose of the business relationship and whether the Customer is a person in a politically exposed position.

§  Information obtained and / or created in fulfillment of an obligation by law such as information arising from requests from authorities such as the Swedish Tax Agency, courts, Swedish Enforcement Authority. Information about the customer's tax residence, such as information about the country of residence, tax identification number, etc.

§  Communications information collected when   tarmex provides services or when the Customer communicates with   tarmex through telephone, e-mail, messages and other communication tools such as social media, Personal Data related to Customer's visit to  tarmex's websites or communications through other  tarmex Channels.

§  Information related to the services such as the performance of the agreement or lack of performance, including transactions carried out, use of bitcoin addresses or similar, terminated agreements, submitted applications, requests and complaints and fees, etc.

§  Information about habits, preferences and customer satisfaction such as the level of activity in the use of the services, the services used, personal settings, questionnaires, etc.

§  Details of participation in competitions and promotions such as points, competitions or promotional prizes, etc.

5. Purpose and legal basis for processing of Personal Data

5.1 Managing Customer Relationship and Providing and Managing Access to Products and Services: To conclude and fulfil an agreement, such as a transaction with the Customer, it is necessary for  tarmex to keep Personal Data updated and correct by verifying and enriching Personal Data through external and internal records.

Based on: Performance of agreements or to take action at Customer's request before entering into an agreement or due to legal obligations.

5.2 Perform risk assessments: To conduct internal risk assessments to determine what services and products and terms and conditions that may be offered to a Customer and to comply with applicable law regarding risk assessments or similar analysis.

Based on: Performance of agreements or to take action at the Customer's request prior to entering into agreements or compliance with legal obligations or  tarmex's legitimate interests for sound risk management.

5.3 Protecting Customer and / or   tarmex's interests: To protect the interests of the Customer and / or  tarmex and to investigate the quality of the services provided by   tarmex for the purpose of providing proof of a commercial transaction or other business communication.

Based on: Performance of agreements or actions taken at the Customer's request prior to the conclusion of an agreement or compliance with legal obligation or consent of the Customer or  tarmexs legitimate interests in preventing, limiting and investigating abuse or illegal use or interference with   tarmex's services and products, internal training or quality assurance of services.

5.4 To guarantee   tarmex and / or Customer’s security: To protect Customer's life and health and his / her representatives and other rights for the   tarmex and Customer.

Based on: tarmex's legitimate interests in protecting its itself, Customers, employees, and visitors, etc.

5.5 Provide additional services: Make Customer surveys, market analysis and statistics in order to offer the Customer the services of   tarmex, or that of a carefully selected partner, including personalized offers.

Based on: Consent from Customer or   tarmex's legitimate interests to improve its services and products and / or offer additional services and products.

5.6 Compliance with legal obligations and verification of identity: To comply with applicable laws, including related to due diligence by the Customer, prevent, detect, investigate and report potential money laundering or terrorist financing, whether the Customer is subject to financial sanctions or if the Customer is a person in a politically exposed position and to verify identity.

Based on: Performance of agreements or to take action at customer's request prior to entering into agreements or compliance with legal obligations or   tarmex’s legitimate interests for sound risk management and governance.

5.7 Prevent abuse of services and ensure appropriate terms of service: To approve and manage access control and functionality of digital channels, prevent unauthorized access and abuse of these and to ensure information security.

Based on: Performance of agreements or actions taken at the Customer's request prior to the conclusion of an agreement or compliance with legal obligations or consent of the Customer or   tarmex's eligible interests in controlling access and functionality of digital services.

5.8 Improve technical systems and IT infrastructure: Customize display of service to Customer User Unit, and develop  tarmex services, including testing and improving technical systems and IT infrastructure.

Based on:   tarmex's legitimate interests in improving technical systems and IT infrastructure.

5.9 Determining, exercising and defending legal claims. To determine, exercise and defend legal claims

Based on: Performance of agreements or to be able to take action at Customer's request before entering into or complying with legal obligations or Euronordic's legitimate interests in taking legal action.

5.10 Execute transactions in national and international payment systems: To execute national and international payments and transactions through credit institutions and payment systems

Based on: Performance of agreements or actions taken at the Customer's request prior to the conclusion of an agreement or compliance with legal obligations.

6. Profiling, personal offers and automated decision making

6.1. Profiling refers to the automatic processing of Personal Data used to assess certain personal characteristics of the Customer, in particular to analyse personal preferences, interests and Customer's domicile. Profiling is used to conduct analysis for marketing, system development, automated decision making such as risk management and transaction monitoring to counter fraud.

6.2   tarmex can process Personal Data to improve Customer's user experience of the digital services, for example, by customizing display of the Services to Customer User Unit and creating appropriate customer offers.  Unless direct marketing has been restricted by the Customer,   tarmex may process Personal Data in order to provide personal offers of  tarmex's services. Such marketing may, inter alia, be based on services that the Customer uses and how the Customer uses the services, and how the Customer moves in  tarmex's digital channels.

6.3   tarmex will collect statistical information about the Customer, e.g. typical behavior and lifestyle based on demographic household data. Statistical data for creating segments / profiles can be collected from external sources and may be combined with  tarmex's internal data.

7. Recipient of Personal Data

Personal data is shared with other recipients, for example:

§  Authorities, such as the Swedish Tax Agency, regulatory authorities and the Swedish Financial Supervisory Authority.

§  Credit institutions and financial institutions, and intermediaries of financial services companies, third parties involved in the execution of orders, settlement or reporting, organized trading venues as well as market makers, trade repositories and regulated reporting mechanisms.

§  Financial and legal consultants, auditors or other service providers to   tarmex.

§  Third parties that maintain databases and registers e.g. to credit registers, population registers, trade registers, or other records that hold or convey Personal Data.

§  Debt Collection Companies, bankruptcy trustees and Credit information Institute. And such data processor that Euronordic utilize according to section 3.3 above.

8. Geographical area for personal data processing

In general, Personal Data is processed within the European Union / European Economic Area (EU / EEA), but may in some cases be transferred and processed in non-EU / EEA countries.

The transfer and processing of personal data outside the EU / EEA may occur if there is a legal basis, i.e. according to a legal obligation or the Customer's consent and that appropriate safeguards are available.

Appropriate safeguards are to:

a.     There is an on-the-spot agreement that includes EU standard agreement clauses or  other approved clauses, codes of conduct, certifications, etc. approved in accordance with the General Data Protection Regulation (GDPR).

b.     The country outside the EU / EEA where the recipient is located has an appropriate level of data protection established as determined by the EU Commission.

c.     The recipient is certified in accordance with Privacy Shield (applicable to recipients in the United States).

Upon request, the Customer may receive further information about the transfer of Personal Data to countries outside the EU / EEA.

9. Storage periods

Personal Data is not processed for periods beyond necessary. Personal Data will be saved as long as the contractual relationship exists and thereafter for a maximum of 10 years with regard to limitation rules.  In some cases, Personal Data may be saved for longer due to legislation that  tarmex has to comply.  Other deadlines may also apply when Personal Data is stored for purposes other than due to the contractual relationship. The storage period may then be based on   tarmex's compliance with applicable legislation, for example, against money laundering (5 years) and accounting (7 years).

10. Customer's rights as registered

A (registered) Customer has rights regarding the processing of their Personal Data. Such rights generally mean that:

a.     Require that Customer's Personal Data be corrected if they are inadequate, incomplete or incorrect.

b.     Invert against certain processing of Customer's Personal Data.

c.     Require deletion of Customer's Personal Data.

d.     Limit processing of Customer Personal Data.

e.     Get information about Customer's Personal Data processed by  tarmex and, if so, get a copy of their   personal information.

f.     Receive Customer's Personal Data provided by him / her and processed based on consent or agreement inwritten or commonly used electronic format and, when possible, transfer such Personal Data to another service provider (data portability)

g.     Revoke Customer's consent to process his / her Personal Data.

h.     Not to be subject to fully automated decision making, including profiling, if such decision-making has legal consequences or similarly substantially affect the Customer. This right does not apply if the decision-making is necessary to conclude or complete an agreement with the Customer, if the decision is allowed under applicable law or if the Customer has given his express consent.

i.      Make complaints regarding the processing of Personal Data to the Data Protection Authority, www.datainspektionen.se if Customer considers that processing of Customer's Personal Data violates the Customer's rights and interests under applicable law.