With this Privacy Policy we provide you information on why and how we process your Personal Data in connection to the Ovoro Crypto-Asset Service (hereinafter “Service”).
The Service consists of providing crypto-asset exchange services and wallet services to Customers.
The Controller of your Personal Data is Ovoro Oy (business ID:3376649-1), and we are located Lapinlahdenkatu 16, 00180 Helsinki, Finland.
You can reach us via email at: data@ovoro.com.
We process Personal Data to be able to provide our Service to our Customers, comply with our legal obligations under the AML Act as well as enhance and develop our Service.
Our legal basis for processing Personal Data depends on the purpose for which we process Personal Data. We use as a legal basis
(i) our contractual obligations when we provide our Service to our Customers,
(ii) our legal obligations when complying with the AML Act and
(iii) our legitimate interests when enhancing and developing our Service.
In our Personal Data processing activities, we process names, contact information, data related to the use of our Service and data we are required to process under applicable laws of our Customers and their representatives.
We collect your Personal Data from you when you interact with us in regard to our Service, from digital services we use from time to time (e.g. compliance tools for anti-money laundering purposes) and from public sources (e.g. official registries such as trade registry).
As a general rule, we will not disclose your Personal Data to third parties. However, if we are required by law or governmental authorities to disclose your Personal Data, we will assess the legality of such disclosure on a case-by-case basis.
We do share, i.e. transfer your Personal Data to others as part of our normal business activities when using various digital services. For example, we use the following digital services provided by data processors, which involve the processing of Personal Data:
- data storage services (e.g. cloud services),
- communication services (e.g. e-mails) and
- compliance tools.
Your Personal Data may be processed outside the EU and the EEA area. In these situations, we ensure an adequate level of data protection, for example, through standard contractual clauses, adequacy decisions, and other similar arrangements.
We retain Personal Data for
(i) at least five (5) years after the end of customer relationship,
when processing Personal Data to ensure compliance with the AML Act, and
(ii) as long as it is necessary to fulfill the purpose of data processing,
when we process Personal Data for the purposes of enhancing and developing our Service.
You may have the right to use the below listed data protection rights under the GDPR:
If you would like to use your rights or inquire something about data protection, please be in touch via email (see contact information from Section 1).
You may also have a right to lodge a complaint with the data protection authorities, if you think that the processing of your Personal Data infringes data protection laws. In Finland, the data protection authority is the Data Protection Ombudsman.
We may unilaterally amend this Privacy Policy. We update the Privacy Policy as necessary, for example, when there is a change in legislation.
Amendments to this Privacy Policy will take effect immediately when we post an updated version on our website. If we make significant changes to the Privacy Policy, or if there is a significant change in the way it is used, we will notify the Data Subjects.
(Last update 21.2.2024)