The Privacy notice together with GREMBIS Terms and Conditions describes how we collect, process, use and disclose your personal data which you provide to us while using our website grembispay.com. When you register with GREMBIS, log in, make payments using your wallet, contact support, fill out any forms on the site, or submit any data through the ticket system, we will collect, use and store your data in the same way as described in this Privacy notice.
The Data Controller is the company that determines the purpose and means of personal data processing.
GREMBIS LIMITED Corporation No:1345006-6, 25 Peter Street, Suite 33, Toronto ON M5V 2H1, Canada, BN number 769773003RC0001 (https://ised-isde.canada.ca/cc/lgcy/fdrlCrpDtls.html?lang=eng&corpId=13450066). Canada, is the Data Controller regarding your data processed while you use GREMBIS LIMITED Corporation.
You may contact our Data Protection Officer by e-mail [email protected].
Personal data is considered as any information relating to an identified or identifiable natural person (data subject), directly or indirectly, by reference to an identifier, such as a name, an identification number, location data or an online identifier. In other words, personal data is any information about you that enables your identification.
The way we collect and use personal data is described in this Privacy notice.
Personal data we collect and process
We obtain certain personal data from you directly:
We only process your personal data where a lawful basis exists. We may rely on the following:
We process your personal data to provide you with the GREMBIS services based on the Terms and Conditions that you accept when you sign up in our system.
We collect your data to set up and administer your GREMBIS account.
Furthermore, we also process your data to ensure secure access to your GREMBIS account when we send you a one-time password or other access codes.
We use your data to process transactions you make with your GREMBIS account, such as transferring funds, making payments, adding money to a wallet, or withdraw funds.
We process your data when you obtain an IBAN. To achieve this, we share data with third parties who provide such services.
We may send you important information about the system, login confirmation, suspicious authorization attempts and completed transactions notifications, as well as provide technical and customer support.
We process personal data to assist you in resolving issues related to the use of GREMBIS, when you contact customer support via ticket, email, or phone.
We process your personal data to comply with our legal obligations, in particular the requirements of anti-money laundering and terrorist financing legislation, to verify and confirm your identity as part of the KYC procedure.
When you request IBAN or initiate a bank transfer, we also send your data to the providers of these services to meet AML requirements and follow KYC rules.
We may use your data to assist any law enforcement authority with their investigation or disclose data required by a court order as we may be obliged by law.
We may use anonymized and aggregated data to analyse how customers use our services and evaluate the quality and convenience of our product, site operation and functionality.
Likewise, we may also use your data to notify you about changes to our policies or new features of GREMBIS.
We take a risk-based approach to assess both the profile of users and the transactions they make, as well as to detect and prevent fraudulent and other illegal activities. We collect, use, and store personal data for these purposes.
When you contact the support service, we keep a record of the conversation. We do this to improve the quality of our services and products, protect our interests in case of disputes, evaluate the quality of the work of the support staff, and train them.
You may opt in to receive emails about our products and services, and allow us to measure the performance of marketing emails and analyse product use. You may withdraw your consent at any time.
To verify your account, we ask you to go through the liveness test to make sure that you are a living person and the documents submitted really belong to you. To achieve this, you will need to turn on the camera and turn your head so that the neural network can analyse the individual features of your face. Such analysis constitutes the processing of a special category of personal data, and can only be carried out based on your consent. The term of the consent is limited to the achievement of the purpose of the liveness check, so the data processing is terminated immediately once it is completed. The data collection and processing is carried out by a third party, acting as a data processor on our behalf. You can read more about this in the “Disclosure of personal data to third parties” section.
We use an automated risk assessment system to analyse the risk profile of the users and ongoing transactions to prevent illegal and fraudulent activities. However, any significant decisions that may impact you will be taken by our employees based on a manual review.
We use cookies on our website. You may read about it in our Cookies Policy.
We are committed to make sure that your personal data is protected. We take a variety of security and organizational measures to ensure the safety of your data when you enter it on the site or otherwise provide it to us.
Furthermore, we use data encryption techniques and authentication procedures to prevent unauthorized access to our system and your data. Only authorized employees are granted physical access to the premises where data is processed and stored. The premises are being watched.
All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology. Card payment information encryption is compliant with PCI DSS.
We authorize access to your personal data only for those employees who need it based on their job requirements (for example, customer support staff). All employees who access personal data are bound by a non-disclosure agreement. We implement continual training for our employees in regard to ensuring the security and confidentiality of personal data.
We continuously improve our security procedures to comply with the best industry standards and maintain a high level of personal data protection.
We recommend you also adhere to some simple rules that will help ensure your safety. Never use the same password for multiple accounts on different sites and always use a strong password with mixed case letters, numbers, and symbols. Do not tell anyone your GREMBIS wallet password. Please remember that our employees never ask for user passwords. If someone pretending to be an GREMBIS employee asks you for your password or other login information, do not give it to them and notify us immediately by email to [email protected]
Your personal data will be retained as long as necessary for the specific purpose for which it was collected.
The data we collect for AML compliance and anti-fraud purposes will be kept for 5 years after you close the account. All data will be deleted when the statutory retention period is over and the purposes of using the collected information are achieved.
To provide our services, we may need to share your information with third parties.
Some of our partners and employees may be located outside Canada and the European Economic Area (EEA), so we may transfer data to the third countries. Such a transfer may only take place if appropriate guarantees are in place to ensure an adequate level of protection of the rights of the personal data subjects. Our partners and providers are required to provide an adequate level of data protection in accordance with the terms of the contract we enter into with them.
Our website may contain external links to third-party resources, such as the services of our partners. We can't control how the third parties use your information for their purposes, so please review the Privacy Policies of these websites.
You have the right to exercise control over the way in which your personal data is processed:
Right to be informed. You are entitled to know how and why we process personal data. Therefore, we publish this Privacy notice and are always ready to answer any of your questions.
Right of access. You can ask us to confirm whether we are processing your personal data. You can ask for detailed information about how we collect, process, use, store and share your data.
Right to rectification. We strive to maintain the integrity of the data we store and keep it up to date. Therefore, you can always ask us to clarify and correct outdated or inaccurate information.
Right to erasure/Right to «be forgotten». You may request to delete your personal data. However, if we are required by law to still retain it, then the right to erasure will not apply to such processing.
Restrict and object to processing. You may restrict or object to the processing of your personal data.
Right to data portability. You can ask us to transfer your data to another entity providing similar services, if it is technically possible to do so and unless it is not restricted by law. The data will be transmitted in a structured, commonly used and machine-readable format.
Right to withdraw consent. Where the processing is based on your consent, you may withdraw it at any time by changing your account settings or by sending an e-mail to [email protected]. You can opt out of receiving materials from us electronically by clicking the «unsubscribe» link in e-mails.
Right to complain. You may lodge a complaint if you feel like your rights have been violated. Please refer to Section 13 for further details.
We will reply to your request within 30 days once we receive it. If we expect that responding to you would take longer, we will let you know.
You may exercise your rights described above by sending an e-mail to [email protected]. Before we provide you with any confidential information, we must ensure that you are indeed the person you claim to be. For example, we will ask you to send a request from the mail associated with your GREMBIS account, or in rare cases to pass SumSub verification.
However, if the requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee considering the administrative costs of providing the information or communication or taking the action requested.
Kindly note that there may be legal reasons when we will not be able to fulfil your request.
If you believe that your rights have been violated, you may file a complaint to the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca/en/). You may also file a complaint with the supervisory authority in your country of residence, place of work or place of the alleged violation. If you are in the EU, you can find the relevant supervisory authority on the European Data Protection Board Website (https://edpb.europa.eu/about-edpb/board/members_en).
We may update our Privacy notice from time to time. In case of significant changes, we may notify you of them by e-mail.
You are welcome to send your questions and comments regarding our Privacy notice to our Data protection officer at [email protected].