This policy describes personal data that we process, purposes for which we use such data, and how you can review and correct any personal data processed by us. VELVET ensures, within the framework of applicable law, the confidentiality of Personal data and has implemented appropriate technical and organisational measures to safeguard Personal data from unauthorized access, unlawful processing or disclosure, accidental loss, modification or destruction.
“Applicable Data Privacy Laws” means data protection laws and regulations implementing the Data Protection Directive 95/46/EC and as of 25 May 2018 the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the "GDPR").
“Client” means any natural person who uses, has used or has expressed a wish to use or is in other way related to any of the services provided by VELVET.
“Personal data” means information relating to you or another identifiable individual.
“Processing” means any operation carried out with Personal data (incl. collection, recording, storing, erasure, transfer, etc.).
The Controller is a part of the Velvet group of companies. An updated list of companies within the Velvet group companies can be found by sending a request to dpo@VelvetPlatform.com.
The Velvet group of companies has established an Intra Group Data Transfer Agreement which governs any transfer of Personal data within the group of companies.
Collection of information
We collect your personal data and other information when you use or register into our products and services, or make a payment, take part in campaigns or subscribe to newsletter, or otherwise interact with us. We are responsible for the processing of personal data we receive and if subsequently we transfer to a third party acting as an agent on its behalf.
Personal data may be collected from a Client, from the Client’s use of the services and from external sources such as public and private registers or third parties. Personal data categories which VELVET primarily, but not only, collects and processes are:
“Identification data” such as name, personal identification code, date of birth, data regarding the identification document (e.g. copy of the passport, ID card, video-call etc).
“Contact data” such as address, telephone number, email address, language of communication etc.
“Data about the relationships with legal entities” such as data submitted by the Client or obtained from public data-bases or through third party service providers for the execution of transactions on behalf of the legal entity in question etc.
“Professional data” such as educational or professional career, etc.
“Financial data” such as accounts, ownership, transactions, credits, income, liabilities, the Client's financial experience and investment objectives such as data collected during the selection and provision of investment services, investment or insurance services and other products carrying investment risk knowledge, trade requests or executed transactions in financial instruments etc.
“Data on origin of assets or wealth” such as data regarding the Client's transaction partners and business activities, etc.
“Data about trustworthiness and due diligence” such as data about payment behavior, damage afflicted to VELVET or other party, data that enables VELVET to perform its due diligence measures regarding money laundering and terrorist financing prevention and to ensure the compliance with international sanctions, including the purpose of the business relationship and whether the client is a politically exposed person.
“Data obtained and/or created while performing an obligation” arising from law such as data resulting from enquiries made by authorities, such as Tax Agency, courts, Enforcement Agency, details of income, credit commitments, property holdings, remarks, and debt balances.
“Data about the Client’s tax residency” such as data about country of residence, tax identification number, etc.
“Communication data” collected when the Client visits branches, ATMs and other areas where renders services or communicates with VELVET via telephone, visual and/or audio recordings, e-mail, messages and other communication mechanisms such as social media, data related to the Client’s visit at VELVET’s web sites or communicating through other VELVET channels (e.g. internet- and mobile bank) etc.
“Data related to the services” such as the performance of the agreements or the failure thereof, inter alia executed transactions, usage of ATMs, concluded and expired agreements, submitted applications, requests and complaints, interests and service fees, , etc.
“Data about habits, preferences and satisfaction” such as the activeness of using the services, services used, personal settings, survey responses, hobbies, Client satisfaction, etc.
“Data about participation in games and campaigns” such as the points gained, prizes won in games or campaigns, etc.
Purposes and legal basis of processing Personal Data
We use your personal data based on legitimate interest and/or legal requirement in order to provide you with our services.
VELVET processes Personal data primary to:
1 Manage customer relations and provide and administrate access to products and services.
To conclude and execute an agreement, for example a transaction, with the Client, keeping data updated and correct by verifying and enriching data through external and internal registers based on: performance of an agreement or in order to take steps at the request of the Client prior to entering into an agreement or compliance with a legal obligation.
2 Perform credit- and risk assessments.
To carry out internal credit- and risk assessments in order to determine which services and products and on what terms can be offered to a Client and to comply with applicable law relating to credit- and other risk assessments when providing credits and other financial services, risk hedging and capital requirements for VELVET, internal calculations and analyses based on: performance of an agreement or in order to take steps at the request of the Client prior to entering into an agreement or compliance of a legal obligation or VELVET’s legitimate interest to a sound risk management.
3 Protect the interest of the Client and/or VELVET.
To protect the interests of the Client and/or VELVET and examine the quality of services provided by VELVET and for the purpose of providing proof of a commercial transaction or of other business communication (recorded conversations) based on: performance of an agreement or in order to take steps at the request of the Client prior to entering into an agreement or compliance with a legal obligation or consent from the Client or VELVET’s legitimate interests to prevent, limit and investigate any misuse or unlawful use or disturbance of our services and products, internal training or quality assurance of services.
4 Provide additional services, perform customer surveys, market analyses and statistics.
Offer to the Client the services of VELVET or carefully selected cooperation partners, including personalized offers, based on: consent from the Client or VELVET’s legitimate interest to offer additional services. Perform Client surveys, market analyses and statistics; organize games and campaigns for a Client based on: ours legitimate interest to improve services, improve the Client’s user experience of services and to develop new products and services or consent from the Client.
5 Comply with legal obligations and verification of identity.
To comply with applicable law, inter alia related to due diligence, prevent, discover, investigate and report potential money laundering, terrorist financing, if the Client is subject to financial sanctions or is a politically exposed person and to verify identity based on: performance of an agreement or in order to take steps at the request of the Client prior to entering into an agreement or compliance with a legal obligation or VELVET’s legitimate interest for a sound risk management and corporate governance.
6 Prevent misuse of services and ensure adequate provisions of services.
To authorize and control access to and functioning of digital channels, prevent unauthorized access and misuse of those and to ensure the safety of information based on: performance of an agreement or take steps at the request of the Client prior to entering into an agreement or compliance with a legal obligation or consent from the Client or VELVET’s legitimate interests to have control over authorizations, access to and functioning of VELVET digital services.
Improve technical systems, IT-infrastructure, customizing the display of the service to the device and to develop VELVET services inter alia by testing and improving technical systems and IT-infrastructure based on VELVET’s legitimate interests to improve technical systems and IT-infrastructure.
7 Establishing, exercising and defending legal claims.
To establish, exercise and defend legal claims based on: performance of an agreement or in order to take steps at the request of the Client prior to entering into an agreement or compliance with a legal obligation or VELVET’s legitimate interests to exercising legal claims.
8 Execute transactions in national and international payment systems.
To fulfil obligations to execute national and international transactions via credit institutions and payment-systems based on: performance of an agreement or take steps at the request of the Client prior to entering into an agreement or compliance with a legal obligation.
Sharing personal data
We share your personal data with our affiliates in order to provide you our services. Personal data is shared with other recipients, such as:
1 Authorities (such as Tax Agency, supervisory authorities, and Financial Supervisory Authority). We may also occasionally be required by law, court order or governmental authority to disclose certain types of personal data. Examples of the type of situation where this would occur would be:
- in the administration of justice; or
- where we have to defend ourselves legally.
2 VELVET’s affiliates and subsidiaries. Full list of affiliates and subsidiaries may be requested by email dpo@VelvetPlatform.com .
3 Credit and financial institutions, insurance providers and intermediaries of financial services, third parties participating in the trade execution, settlement and reporting cycle.
4 Financial and legal consultants, auditors or any other service providers of VELVET.
5 Third parties maintaining databases and registers e.g. to credit registers, population registers, commercial registers, securities registers or other register holding or intermediating Personal data debt collectors and bankruptcy or insolvency administrators.
6 Credit reference agencies.
7 Participants and/or parties related to domestic, European and international payment systems.
8 Processors authorized by VELVET.
9 We may disclose depersonalized data (such as aggregated statistics) about the users of our site in order to describe our traffic patterns and their site information to prospective partners, advertisers, investors and other reputable third parties and to other lawful purposes, but these statistics will include no personal data.
10 Finally, in the event of a reorganization, sales or takeover we may need to disclose personal data.
VELVET may use authorised processors for processing Personal data or transfer Personal data to other recipients. In such cases, we take needed steps to ensure that such data processors process Personal data under the instructions of VELVET and in compliance with applicable law and requires adequate security measures.
We use third parties, such as a credit card processing company, to bill you for services and a Live Chat service to assist you if you have questions while using our website or regarding your order. When you sign up for our services, we will share your personal information only as necessary for the third party to provide that service. Some third parties will provide us with information about you from publicly available sources to provide you a personalized experience while using our services.
Geographical area of processing
As a general rule the Personal data is processed within the European Union/European Economic Area (EU/EEA) but in some cases transferred and processed to countries outside the EU/EEA.
Transfer and processing of Personal data outside the EU/EEA can take place provided there is a legal ground i.e. due to legal requirement or Client’s consent and appropriate safeguards are in place. Appropriate safeguards, such as:
- There is an agreement in place and signed Data Processing Agreement including the EU Standard Contractual Clauses or other approved clauses, code of conducts, certifications etc., approved in accordance with the General Data Protection Regulation;
- The country outside of the EU/EEA where the recipient is located has adequate level of data protection as decided by the EU Commission;
Upon request the Client can receive further details on Personal data transfers to countries outside the EU/EEA.
Personal data will be processed no longer than necessary. Personal data will be saved as long as the contractual relationship exists and thereafter for a maximum of 7 years with regard to rules of limitation. In some cases, the data may be saved longer due to capital adequacy legislation applicable to VELVET. Other deadlines may also apply when Personal Data is stored for purposes other than due to the contractual relationship. The retention period may be based on agreements with the Client or Partner, the legitimate interest of VELVET or applicable law (such as laws related to accounting (7 years), anti-money laundering (7 years), statute of limitations, civil law, etc.).
You have various rights in relation to your personal data, including:
- the right to request information regarding what personal data is processed;
- the right to have your personal data rectified if inaccurate or out of date;
- the right to have your personal data erased;
- the right to object to certain processing or to have certain processing restricted; and
- the right to have your personal data transferred from one data controller to another;
- the right to receive his/her Personal data that is provided by him-/herself and is being processed based on consent or in order to perform an agreement in written or commonly used electronical format and were feasible transmit such data to another service provider (data portability);
- the right to withdraw his/her consent to process his/her Personal data.
- the right not to be subject to fully automated decision-making, including profiling, if such decision-making has legal effects or similarly significantly affects the Client. This right does not apply if the decision-making is necessary in order to enter into or to perform an agreement with the Client, if the decision-making is permitted under applicable law or if the Client has provided his/her explicit consent.
- the right to lodge complaints pertaining to the use of Personal data to the Data Protection Authority if he/she considers that processing of his/her Personal data infringes his/her rights and interests under applicable law.
Please note, these rights are not absolute and there may be conditions which must be met before you can enforce these rights.
Please see Cookies policy here: https://VelvetPlatform.com/cookies-policy.
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure.
Links to other websites
Our site may contain links to other websites. While we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other websites.
You may contact VELVET with any enquiries, withdrawal of consents, requests to exercise data subject rights and complaints regarding the use of Personal data. Contact details of VELVET are available on VELVET website: VelvetPlatform.com. Contact details of the appointed Data Protection Officer: dpo@VelvetPlatform.com