This Privacy Policy is effective from 3 April, 2022
Cleo Finance Ltd., No.: 09962294, seated at Elscot House, Arcadia Avenue, Finchley, N3 2JU London, United Kingdom ("Company", "we", "us" or "our") is aware of the importance of the protection of personal data and, therefore, it has adopted this general data protection policy ("Privacy Policy").
We are the exclusive owner and operator of the cleo.finance application ("App") and of the website located at cleo.finance ("Website").
This Privacy Policy textribes how we, as the data controller, collect, use, store, disclose and otherwise process your personal data provided to us (whether via the Website, the App or by any other means) or otherwise held by us. Any capitalized term used but not defined in this Privacy Policy will have the meaning defined in the Terms and Conditions. Collection and processing of your personal data is conducted in accordance with the applicable data protection legislation, in particular, the General Data Protection Regulation.
We process your personal data only to the extent determined by the particular services we provide to you via App or Website or other purposes of processing as specified below.
1. When you register to our App or Website. During the registration with our services, we ask for your name, surname, email address, nickname and password. In common with most websites, we also log the IP address of all requests to our servers. Once you've registered, we will send you a confirmation email acknowledging your new account to the address that you supplied. We need to process the abovementioned personal data to enable you the use of the services offered through the App and/or the Website. Legal basis for such processing is performance of a contract to which you are a party (i.e. provision of our services you have registered for), and the collected personal data will be processed for the period of the duration of our contractual relationship.
2. When you register to our App or Website via third parties service providers. You may also register via your existing account registered with third party service providers, such as Google, Facebook, Microsoft, LinkedIn or PayPal. If you do so, we will access for purposes of the registration your profile data, including your name, e-mail address, username, profile picture, profile URL, time zone, country, address, phone number , language, gender, birthday and age range and your profile textription, including education and work history and information you provide about yourself (the extent of this data may differ depending on the platform you use for the registration). Please note that processing of your personal data and their disclosure to third parties by the party service providers is subject to privacy policies adopted by those entities and this Privacy Policy does not apply. If you connect your existing account(s) registered with other brokers, stock exchange, cryptocurrency exchange platform or any other trading platform with your account registered with us, we may also process your personal data stored with the connected third-party account(s) to provide you with a detailed statistical analysis of such account(s). Legal basis for such processing is performance of a contract to which you are a party (i.e. provision of the requested service), and the collected personal data will be processed for the period of the duration of our contractual relationship.
3. When you decide to use our additional services or participate at customers' events. We may also ask for additional personal data when providing you with other optional additional services such as mobile applications and other services. If you don't want to provide us with the personal data requested, you don't have to, but you may not then be able to use some of the additional services. On occasion, we may also ask you, on a voluntary basis, for other personal data in connection with competitions, surveys, or other promotional offers running on the Website. Whether you give us that data or not is entirely your choice. Legal basis for such processing is performance of a contract to which you are a party (i.e. provision of our additional services or of the promotional offers), and the collected personal data will be processed for the period of the duration of the contractual relationship.
4. When we need your data to ensure our Website and/or App works properly. While on the Website, we automatically log certain information about how you're using this Website that may be regarded as personal data. This information includes the URL that you just came from, your intellectual property address, the pages you visit while using the Website, the number of pages viewed, browser identification and operating system, the device from which you come, traffic data and recording of some visits to he Website and/or App. We collect the said personal data to ensure that our Website and App work properly and we can thus provide you with the best web experience possible. This processing is based on our legitimate interest and the personal data will be processed for the period necessary to fulfil this purpose.
5. When we need to make sure our Website and/or App are secured. We may process your personal data in the extent of including your name, e-mail address, username, profile picture, profile URL, time zone, country, address, phone number, language, gender, birthday and age range and your profile textription and information you provide about yourself to enhance the security of our services. This processing is based on our legitimate interest and the personal data will be processed for the period necessary to fulfil this purpose.
6. If we need to provide you our services properly and handle all your requests. If you contact us, we may keep a record of that correspondence in order to provide services upon a mutual agreement. We will keep details of transactions you carry out through the App and/or the Website and of the fulfilment of your orders and your historic trading track-record, and information about any trades from the point you start reporting them to us. Legal basis for such processing is performance of a contract to which you are a party (i.e. provision of the requested service), and the collected personal data will be processed for the period of the duration of the contractual relationship.
7. If we want to enhance and improve our App and/or Website for you. From time to time, we may contact you (via e-mail, notification on the Website, pop-up or other plug-in on the Website) in order for us to improve the quality of our App and/or Website and, as the case may be, to develop new services related to them. If you agree to participate in our survey to enhance our App and/or Website, you will be further contacted via the preferred means of communication. For this purpose, we may process the collected personal data (please see above for the scope of your personal data) as well as additional data you will provide within the survey. Such processing is based on your consent and the personal data will be processed for the duration of the consent, but no longer than is necessary for the survey evaluation.
8. If we need to keep data for potential claim in future. In addition, we need to process and store all the collected personal data (please see above for the scope of your personal data) for the purpose of potential legal claims in the future. This processing is based on our legitimate interest as we might need to keep evidence for potential dispute that may arise. The personal data will be processed for the period necessary to fulfil this purpose, however, no longer than for the period of 10 years from the commencement of the statutory limitation period in each particular case.
9. If we need to deliver you marketing communications. If you register with us or sign up for any of our products or services, we may process your electronic contact details, such as your e-mail address or phone number, for purposes of promotion of our products and services. You can unsubscribe from such commercial communications at any time by contacting us at the contacts specified below. You will also have the option to unsubscribe from receiving this kind of communication in each message you receive from us. Details of your electronic contact will be processed for the period of the duration of the contractual relationship or until you unsubscribe, whichever comes first.
We are committed to protecting your personal data. All information that you provide to us is stored on secure servers managed by us or otherwise as referred to in our Terms and Conditions. Access to personalised areas of the Website is password-protected for your privacy and security. You are responsible for maintaining the secrecy of your passwords and/or any account information. If you need to change your password, please follow the steps set out on the Website.
To ensure maximal protection of your personal data when you register with or log in to our services, we use a third-party service provider, Auth0, which securely stores passwords and performs user authentication when logging in. To ensure maximum protection of the API keys you enter when connecting to services provided by third parties, we use a third-party service provider, Amazon Web Services (AWS), which ensures security according to the most available technological procedures.
Your personal data will be, to the scope we process them, transferred to other controllers within our group to be processed if it is necessary for administrative purposes. In addition, your personal data will be disclosed to reliable third parties that provide us with administrative or technical support, ensuring accounting, analysis of the traffic on the Website, processing payment transactions and providing marketing research.
We may also share your personal data with government authorities or law enforcement bodies if required by law, with external advisors and with other personnel who is subject to confidentiality obligation. Only a limited number of our employees will have access to your personal data. The employees are obliged to keep your personal data and measures taken for their protection strictly confidential. They are entitled to handle personal data only upon our explicit instructions.
On any forum we may operate (and anywhere else on the Website), you are publicly identified by your user or screen name. If you choose your full name as your username, you have voluntarily disclosed that information to anyone reading the Website. Similarly, any information you provide in your public profile is for public consumption. The same is true for any personal data you include in any forum or related posts.
Many of our partners, such as brokerages and merchants, link from the Website to areas on their own websites where they sell their own goods and services. If you follow these links from the Website to their websites, you should be aware that these other websites have their own privacy and data processing practices.
The Website may also include social media features, such as Facebook, Twitter, Instagram, WhatsApp, Telegram or LinkedIn plug-ins. These plug-ins may collect certain information about visitors of the Website, such as IP address or browsing history and may implement cookies to the browser of the visitors. You should note that processing of the collected data is governed by policies adopted by operators of the social media networks.
Some visits to the website and application may be recorded for the purpose of optimizing the user experience. The recording is through a third party, Hotjar. All data Hotjar collects is stored electronically in Ireland, Europe on the Amazon Web Services infrastructure, eu-west-1 datacenter. IP addresses of visitors are always suppressed before being stored. The recordings are stored for the duration of 30 days.
We are not responsible or liable for the independent policies of other data controllers. For more information regarding a third-party website and its privacy policies, check that website
Your personal data may from time to time be transferred to someone who provides a service to us in other countries and it may be processed, stored or otherwise used by us outside of the European Economic Area ("EEA"). Currently, we will transfer your personal data to the United States of America.
Such transfers will only happen for the specific purposes mentioned above, and we will always ensure that appropriate safeguards are in place for such transfers as set out below:
• we will provide appropriate safeguards for the transfer through the use of "Model Contracts for the Transfer of Personal Data to Third Countries", as published by the Commission of the European Union, or any other contractual agreement approved by the competent authorities. You may obtain a copy of the contract/agreement by contacting us atsupport@cleo.finance.
• we will disclose your personal data to the EU-US Privacy Shield certified companies.
We retain your personal data for no longer than is necessary to fulfil the purpose of the processing in question, i.e. typically for the duration of our contractual relationship. Where we process your personal data based on your consent, such personal data will only be processed for the duration of the consent which you may revoke or restrict at any time. If you do so, we will stop processing the personal data concerned for the purpose for which the consent has been revoked or restricted. Where we process your data based on legitimate interest, you can object this processing anytime (please see below). Specific information about retention of your personal data is stated above.
If you grant us your consent to the processing of your personal data, you do so entirely voluntarily and, therefore, you have the right to revoke or restrict the consent at any time. In certain circumstances, you have the right to object to the processing of your data by us, in particular where your personal data is processed on the basis of a legitimate interest; in such case we will assess your objection and inform you about the result.
You also have the right to access your personal data and to request a copy thereof. You also have the right to ask us to rectify, complete and delete your personal data, to restrict its processing, and to 'port' your personal data (that is, to ask us to provide it to you in a structured, commonly used and machine readable format and to transmit it directly to another organisation).
However, there are exceptions to these rights. For example, it will not be possible for us to delete your data if we are required by law to keep it. Similarly, access to your data may be refused if making the information available would reveal personal information about another person or if we are legally prevented from disclosing such information.
In addition, you have the right to make a complaint to the relevant data protection authority or to seek a remedy through courts if you believe that your rights have been breached.
Any changes to this Privacy Policy will be posted on the Website so you are always aware of what personal data we collect and how we use it. In case of important changes we will inform you by sending an e-mail or through pop-up notifications.
In case of any personal data protection request or withdrawal of consent to further processing of your personal data, you can contact us atsupport@cleo.financeor at phone number +420 604 359 430.
In this regard, we would like to inform you that we may require you to prove your identity to us in an appropriate way so that we can verify your identity. This is a precautionary security measure to prevent unauthorized persons from accessing your personal data.