ROSEON.FINANCE
PRIVACY POLICY
MyBitok OU, a company registered in Estonia under n. 14668300 (the “Company”), declares the following
Privacy Policy, confirming that every defined word or term has the same meaning and purpose as stated in the
Roseon.Finance Terms and Conditions (“T&Cs”), in relation to:
I. any information the Company collects about the User when he/she visits the Company’s Website, uses the
Platform and/or services, or otherwise interacts with any member of the Company’s Team.
II. how the Company uses, shares, stores, and secures the information; and
III. how the User may access and control that information.
1. User Information.
1.1. The Company may collect any ''Personal Information'', which is any data, information, or combination of
data and information that is provided by the User to the Company, or through the use of the Company’s
products, services, Platform and Website and that relates to an identifiable individual.
1.2. The Company collects the Personal Information when it is provided by the User or when the User visits the
Website or uses the Platform.
1.3. The Company does not collect sensitive data or special category data about the User. This includes details
about race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, or sexual
orientation.
2. Information Usage.
2.1. The Company will only use any Personal Information that the applicable law allows to and in particular:
2.1.1. to provide customer support and personalised features, and to protect the safety and security of
the Platform and Website;
2.1.2. to satisfy a legitimate interest which is not overridden by the User’s fundamental rights or data
protection interests, for example for research and development, and in order to protect the Company’s
legal rights and interests;
2.1.3. when the User consents to do so for a specific purpose;
2.1.4. when the Company needs to comply with a legal or regulatory obligation.
2.2. When the User has given consent to use any Personal Information for a specific purpose, he/she has the
right to withdraw said consent at any time by contacting the Company, but this will not affect any use of the
Personal Information that has already taken place.
2.3. The Company does not share any Personal Information with any company outside its own group, if
applicable, for marketing purpose, unless there is an express specific consent to do so.
2.4. For visitors to or users of the Website or Platform who are located in the European Union, the legal bases
for processing their information is published in the Legal Bases Table at the end of this policy under Clause 9.
3. Information Sharing.
3.1. The Company shares Personal Information with third parties that helps it operate, provide, support, improve,
and market its Platform, Website, products and services, for example third-party service providers who provide
website and application development, data storage and backup, infrastructure, payment processing, customer
support, business analytics, Anti-Money Laundering (''AML'') and Know Your Customer checks (''KYC'') and
other relevant services.
3.2. Third-party service providers have access to the Personal Information only for the purpose of performing
their services and in compliance with applicable laws and regulations. These third-party service providers are
required to maintain confidentiality and security of all Personal Information that they process on the Company’s
behalf and to implement and maintain reasonable security measures to protect the confidentiality, integrity, and
availability of any Personal Information.
3.3. The Company takes reasonable steps to confirm that all third-party service providers process Personal
Information in a manner that provides at least the same level of protection as is provided under this Privacy
Policy. Where any third-party service provider is unable to satisfy these requirements, any reasonable steps to
prevent or stop non-compliant processing will be taken.
3.4. The Company may share Personal Information on aggregated or de-identified basis with third parties for
research and analysis, profiling, and similar purposes to help the improvement of products and services.
3.5. If the Users use any third-party software in connection with our products or services, for example any third-
party software that the Platform integrates with, third-party software provider can gain access access to the
Personal Information. Policies and procedures of third-party software providers are not controlled by the
Company, and this Privacy Policy shall not cover how any Personal Information is collected or used by third-
party software providers. The User is encouraged to review the privacy policies of third-party software providers
before using third-party software.
3.6. The Platform or Website may contain links to third-party websites over which the company has no control. If
the Users follow a link to any of these websites or submit information to them, any Personal Information will be
governed by their policies. We encourage the User to review the privacy policies of third-party websites before
submitting any information to them.
3.7. The Company may share any Personal Information with government and law enforcement officials to
comply with applicable laws or regulations.
4. Information Storage
4.1. All Personal Information provided by the User is stored on the Company’s servers or on third-parties server
to which only the Company has access to within the boundaries of relevant laws and regulations.
4.2. The Company only retains Personal Information for so long as it is reasonably necessary to fulfil the
purposes they were collected for, including for the purposes of satisfying any legal, accounting, or reporting
requirements.
5. International Transfer of Information
5.1. The Company collects any Personal Information globally and transfers, processs, and stores any Personal
Information outside the User’s country of residence where the Company’s or any third-party service providers
operate for the purpose of providing the products and services.
5.2. Some of the countries in which the Company or third-party service providers are operating or are located
may not have the privacy and data protection laws that are equivalent to those in the User’s country of
residence. When Personal Information is shared with these companies or third-party service providers, use is
made of contractual clauses, corporate rules, and other appropriate mechanisms to safeguard the transfer of any
Personal Information.
6. User’s rights
6.1. The User has the following right to:
6.1.1. be informed of what the Company does with the relevant Personal Information;
6.1.2. request a copy of relevant Personal Information the Company holds;
6.1.3. require the Company to correct any inaccuracy or error in any Personal Information held; 6.1.4.
request erasure of any relevant Personal Information, except the one held for record keeping purposes,
to complete transactions, or to comply with legal obligations);
6.1.5. object to or restrict the processing of any relevant Personal Information (including for marketing
purposes);
6.1.6. request to receive some of the relevant Personal Information in a structured, commonly used, and
machine readable format, and request that it is transferred to another party; and
6.1.7. withdraw consent at any time where the Company is relying on consent to process the relevant
Personal Information (although this will not affect the lawfulness of any processing carried out before
such consent withdrawal).
6.2. The Platform enables Users to update certain information about themselves.
6.3. The User may opt out of receiving marketing materials from the Company by expressly contacting it.
However the User will continue to receive notifications or information that are necessary for the use of the
Company’s products or services.
6.4. As a security measure, the Company may need specific information from from the User to help confirm
his/her identity when processing any privacy requests or when you exercise the rights stated in this Clause.
6.5. Any request under paragraph 6.1 will normally be addressed free of charge. However, the Company may
charge a reasonable administration fee if the request is clearly unfounded, repetitive, or excessive.
6.6. The Company will respond to all legitimate requests approximately within one (1) month. Occasionally, it
may take longer than one (1) month if the request is particularly complex or if the users have made a number of
requests.
7. Policy Changes
7.1. The Company reserves the right to amend this Privacy Policy from time to time by posting the updated
Privacy Policy on the Platform or Website. By continuing to use the Company’s Platform and/or Website after the
changes come into effect, the User agrees to be bound by the revised policy.
8. Children Privacy Policy
8.1. The Company’s products and services are not directed or intended for individuals not major of age in their
Country of residence. The Company does not knowingly collect any personal information from individuals not
major of age and if this will be detected, steps will be taken to delete such information.
9. European Union Users - GDPR
9.1. If the User is visiting the Company’s Website or using the Platform from the European Union (''EU''), that
may differ from privacy laws under other jurisdictions. The User acknowledges that he may be transferring
relevant Personal Information to the Company for storage and processing in other Countries around the world for
the purposes described under this Privacy Policy. The Company takes the utmost care in protecting any relevant
Personal Information and have put in place adequate mechanisms to protect it when it is transferred
internationally.
9.2. The Legal Basis for collecting and using any relevant Personal Information if the User is a Citizen or resident
of the EU, will depend on the Personal Information concerned and the specific context in which it is collected:
Performance of a contract. The use of any relevant Personal Information may be necessary to perform
the terms and conditions or other policies under which we provide our Services or operate our Website.
Consent. The User consent is needed if technical information such as cookie data and geolocation data
is necessary; and any relevant Personal Information is used for marketing purposes. The User may
withdraw his/hers consent at any time by contacting the Company directly.
Legitimate interests. The Company may use any Personal Information for its legitimate interests to
improve its Website, Platform or Services, for security purposes, and fraud prevention, and to share
information with any affiliates for internal administration. In such circumstances the Company ensures
that these interests are not overridden by the User’s data protection interests or fundamental rights and
freedoms.
9.3. Legal Basis Table
Processing purpose
Type of data processed
Legal basis
To register a User on the
Account Data
Contract performance
Platform
To enable the User to access Account Data, Transaction Data, Support
Contract performance
products and services
Data, Technical Data [and User Content]
To process User Payments or Account Data, Transaction Data,
Contract performance
other contributions
Financial Data
To administer and maintain he
safety and security of the Technical Data
Contract performance
Platform and Website
To study the usage of products or Transaction Data, Support Data, Legitimate interest to improve the
services
Technical Data, Usage Data
Platform and Website
To gather feedback on products,
Legitimate interest to improve the
Account Data
services, or features
Platform and Website
9.4. Rights under EU law:
If the User’s relevant Personal Information is subject to the protections offered by EU law, he/she may:
Access, correct, update or request deletion of any relevant Personal Information, at any time by
contacting the Company using the contact details provided on the Website
(in accordance with
applicable data protection laws); the Company may charge a reasonable fee for any manifestly
unfounded, excessive or repetitive requests;
Object to the processing of any relevant Personal Information, ask the Company to restrict processing of
any relevant Personal Information or request portability of any relevant Personal Information for the
legitimate interests set out above. In certain circumstances the Company may not be able to stop using
the Personal Information, with motivated cause.
Withdraw consent at any time if the Compamny collected and processed any relevant Personal
Information with consent;
Opt-out of any marketing communications that the Company (or any third party to whom the Company
disclosed the Personal Information with consent) may send;
Complain to a data protection authority about the Company’s collection and use of any relevant Personal
Information.
These rights apply only for Users who are subjected to EU law.
9.5. The Company is the Data Controller in relation to its Platform and Website and is responsible for any
relevant Personal Information. The User may contact the Company through its Website if he/she has any
concerns about this Policy and any relevant Personal Information.