RISENWAYS - PRIVACY AND DATA PROCESSING POLICY
1. INTRODUCTION
1.1 This Privacy and Data Processing
Policy (“Policy”) sets out how RisenWays, an International
Business Company incorporated under the laws of Saint
Lucia (the “Company”, “we”, “us”, or “our”), collects,
uses, processes, stores, transfers, and discloses personal
data in connection with its platform, services, and
operations (the “Platform”).
1.2 This Policy applies to all users,
visitors, affiliates, and any individuals whose personal
data is processed by the Company (“Users” or “you”).
1.3 By accessing or using the Platform,
you represent, warrant, and acknowledge that you have
read, understood, and agreed to the processing of your
personal data in accordance with this Policy.
1.4 This Policy forms an integral part
of, and shall be read in conjunction with, the Terms and
Conditions of RisenWays (the “Terms”). In the event of any
conflict, the Terms shall prevail to the extent permitted
by applicable law.
2. SCOPE AND REGULATORY POSITIONING
2.1 The Company operates on a
cross-border basis. The processing of personal data may
therefore be subject to multiple legal and regulatory
regimes, which may include, where applicable:
2.1.1 the General Data Protection
Regulation (Regulation (EU) 2016/679) (“GDPR”);
2.1.2 international standards relating
to anti-money laundering and counter-terrorist financing
issued by the Financial Action Task Force (“FATF”); and
2.1.3 other applicable data protection
and privacy laws in relevant jurisdictions.
2.2 The Company does not represent or
warrant that its data processing practices are compliant
with all laws in every jurisdiction.
2.3 You are solely responsible for
determining whether your use of the Platform and
submission of personal data is lawful in your
jurisdiction.
3. DEFINITIONS
3.1 “Personal Data” means any information
relating to an identified or identifiable natural person.
3.2 “Processing” means any operation
performed on Personal Data, including collection,
recording, storage, use, disclosure, transfer, or
deletion.
3.3 “KYC” means Know Your Customer
identification and verification processes.
3.4 “AML/CFT” means anti-money laundering
and counter-terrorist financing obligations.
4. CATEGORIES OF PERSONAL DATA
4.1 The Company may collect and process
the following categories of Personal Data:
4.1.1 Identity Data: full name, date of
birth, nationality, government-issued identification
details;
4.1.2 Contact Data: email address,
telephone number, residential address;
4.1.3 Verification Data: identification
documents, proof of address, source of funds
documentation;
4.1.4 Financial Data: transaction
details, payment information, wallet or account details
(where applicable);
4.1.5 Technical Data: IP address,
device information, browser type, operating system, log
data;
4.1.6 Usage Data: interaction with the
Platform, account activity, referral activity;
4.1.7 Communication Data:
correspondence, support queries, recorded
communications;
4.1.8 Marketing and Preference Data:
consent preferences, communication preferences.
4.2 The Company reserves the right to
request additional information where necessary for
compliance, operational, or risk management purposes.
5. SOURCES OF DATA
5.1 Personal Data may be obtained from:
5.1.1 directly from Users during
registration, onboarding, or use of the Platform;
5.1.2 through automated technologies,
including cookies and analytics tools;
5.1.3 from third-party service
providers, including identity verification providers,
payment processors, and compliance databases;
5.1.4 from publicly available sources
where permitted by law.
5.2 You represent and warrant that all
data provided by you is accurate, complete, and not
misleading.
5.3 The Company shall not be responsible
for any loss, delay, or restriction of services arising
from inaccurate, incomplete, or misleading information
provided by the User.
6. PURPOSES OF PROCESSING
6.1 The Company may process Personal Data
for the purposes of:
6.1.1 to create, manage, and maintain
User accounts;
6.1.2 to perform identity verification
and comply with KYC and AML/CFT obligations;
6.1.3 to provide, operate, and improve
the Platform and services;
6.1.4 to process transactions and
manage payments;
6.1.5 to monitor and prevent fraud,
abuse, and unlawful activity;
6.1.6 to communicate with Users,
including service updates and support responses;
6.1.7 to comply with legal, regulatory,
and reporting obligations;
6.1.8 to enforce contractual rights and
terms;
6.1.9 to conduct internal analytics and
business operations;
6.1.10 to send marketing
communications, subject to applicable consent
requirements.
6.2 The Company may also process Personal
Data for marketing purposes, subject to applicable consent
requirements.
7. LEGAL BASIS AND PROCESSING RIGHTS
7.1 The Company processes Personal Data
on one or more of the following legal bases:
7.1.1 performance of a contract with
the User;
7.1.2 compliance with legal and
regulatory obligations;
7.1.3 legitimate interests of the
Company, provided such interests are not overridden by
User rights;
7.1.4 User consent, where required.
7.2 Where processing is based on consent,
Users may withdraw such consent at any time, subject to
legal and contractual limitations.
8. DISCLOSURE AND SHARING OF DATA
8.1 The Company may disclose Personal
Data to:
8.1.1 affiliates and associated
entities;
8.1.2 service providers, including
technology, analytics, compliance, and payment partners;
8.1.3 professional advisers, including
legal, financial, and audit advisers;
8.1.4 regulatory authorities, law
enforcement agencies, or courts, where required by law;
8.1.5 counterparties or third parties
involved in transactions or business operations;
8.1.6 successors, assignees, or
acquirers in the event of a corporate transaction.
8.2 The Company shall ensure that such
disclosures are limited to what is necessary and subject
to appropriate confidentiality and security obligations.
8.3 The Company does not sell Personal
Data to third parties.
9. INTERNATIONAL DATA TRANSFERS
9.1 Due to the global nature of the
Platform, Personal Data may be transferred to and
processed in jurisdictions outside the User’s country of
residence.
9.2 The Company shall take reasonable
steps to ensure that such transfers are conducted in
accordance with applicable data protection standards and
subject to appropriate safeguards.
10. DATA RETENTION
10.1 Personal Data shall be retained for
as long as necessary to fulfil the purposes set out in
this Policy and to comply with legal and regulatory
obligations.
10.2 The Company may retain Personal Data
beyond the termination of the relationship where required
for:
10.2.1 AML/CFT compliance;
10.2.2 dispute resolution;
10.2.3 enforcement of legal rights; or
10.2.4 regulatory record-keeping.
11. DATA SECURITY AND LIMITATIONS
11.1 The Company implements appropriate
technical and organisational measures to protect Personal
Data against unauthorised access, loss, misuse, or
alteration.
11.2 Notwithstanding the foregoing, no
method of transmission or storage is entirely secure, and
the Company does not guarantee absolute security.
11.3 The Company does not warrant that
data processing services, storage systems, or security
measures will be uninterrupted, error-free, or immune from
unauthorised access.
12. USER RIGHTS
12.1 Subject to applicable law, Users may
have the following rights:
12.1.1 the right to access Personal
Data;
12.1.2 the right to request correction
of inaccurate or incomplete data;
12.1.3 the right to request deletion of
Personal Data;
12.1.4 the right to restrict or object
to processing;
12.1.5 the right to data portability;
12.1.6 the right to withdraw consent;
12.1.7 the right to lodge a complaint
with a competent authority.
12.2 The Company reserves the right to
refuse or limit such requests where permitted or required
by law, including where compliance would interfere with
regulatory obligations or legitimate business interests.
13. COOKIES AND TRACKING TECHNOLOGIES
13.1 The Platform may use cookies and
similar technologies for operational, analytical, and
security purposes.
13.2 Disabling such technologies may
affect functionality and performance of the Platform.
14. THIRD-PARTY SERVICES
14.1 The Platform may include links to or
integrations with third-party services.
14.2 The Company does not control and is
not responsible for the privacy practices of such third
parties.
15. LIMITATION OF LIABILITY
15.1 To the fullest extent permitted by
applicable law, the Company shall not be liable for any
loss arising from or in connection with:
15.1.1 unauthorised access to or
interception of Personal Data;
15.1.2 failures, vulnerabilities, or
breaches in third-party systems;
15.1.3 delays or failures in data
transmission; or
15.1.4 your failure to maintain the
confidentiality of your account credentials.
15.2 Nothing in this Policy shall exclude
or limit liability for fraud, wilful misconduct, or any
liability that cannot be excluded under applicable law.
15.3 Without prejudice to the foregoing,
the Company shall not be liable for any loss arising from
compliance with legal or regulatory obligations, including
but not limited to disclosures made to authorities, data
retention requirements, or identity verification
processes.
16. AMENDMENTS
16.1 The Company reserves the right to
amend or update this Policy at any time.
16.2 Any revised version shall be
effective upon publication on the Platform. Continued use
of the Platform constitutes acceptance of such amendments.
17. USER ACKNOWLEDGEMENT
17.1 By accessing or using the Platform,
you irrevocably acknowledge and agree that:
17.1.1 you have read and understood
this Policy;
17.1.2 you consent to the collection,
use, processing, and transfer of your Personal Data as
described herein;
17.1.3 you understand the risks
associated with digital data transmission and storage;
and
17.1.4 you accept that the Company’s
obligations are subject to applicable legal and
technical limitations.