Effective January 29, 2024

Privacy Policy

1. Important Information And Who We Are

Monerium EMI would like to inform you that your privacy is of crucial importance to us. The success of our business depends on our ability to maintain the trust of our customers. During the course of our business, we are legally bound to gather information about our customers, and we would like to inform you about the type of information we gather, why we retain Personal Data, what we do with it, and how you can correct and/or modify the information you entrust us with.

We are committed to safeguarding the privacy of our Website visitors and Service users. This Privacy Policy is designed to help you obtain information about our privacy practices and to help you understand your privacy choices when you use our Site and Services. 

Our Website is not intended for children and we do not knowingly collect data relating to children.

We have defined some terms that we use throughout the Privacy Policy. You can find the meaning of a capitalized term in the Definitions section.

It’s important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them. 

You agree and understand that this Privacy Policy is subject to the terms and conditions set forth in our Terms of Service. In case of conflict, the Terms of Service shall prevail. You further agree and understand that the defined terms used in this Privacy Policy, if defined in our Terms of Service, shall have the meanings set forth in our Terms of Service.

If any policy or practice of this Privacy Policy is unacceptable to you, please do not visit, access, or use our services. Use of the words “we,” “us,” or “our” in this Privacy Policy refers to Monerium EMI and any or all of its affiliates.

Controller

Monerium EMI is the controller and is responsible for your personal data.

Data Protection Officer

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

If you have any questions about this privacy policy or our privacy practices, please contact our DPO in the following ways:

Full name of legal entity: Monerium EMI ehf.

Email: legal@monerium.com

Postal address: Lækjargata 2, 101 Reykjavík, Iceland.

Complaints

You have the right to make a complaint at any time to the Icelandic Data Protection Authority (Persónuvernd) at www.personuvernd.is. We would, however, appreciate the chance to deal with your concerns before you approach Persónuvernd so please contact us in the first instance.

For clarity, we will:

  • Always keep your data safe and private.

  • Never sell your data.

  • Allow you to manage and review your marketing choices if any at all times. 

2. What Personal Data Do We Collect

We collect information about you when you sign up and create an Account and use our Services. Furthermore, we may collect information about you when you visit our Website. The following information may be collected and stored for administrative, service-related, and/or legal purposes:

  • Registration and use information - When you register to use our Services by establishing an Account, we will collect Personal Data as necessary to offer and fulfill the Services you request. We may require you to provide us with your identity document, name, postal address, telephone number, email address, bank account number, bank sort code, IBAN, and identification information to establish an Account. We may require you to provide us with additional Personal Data as you use our Services.

  • Transaction and experience information - When you use our Services or access our Website, for example, to buy or sell e-money, we collect information about the transaction. That includes details about payments to and from you, your blockchain address submitted, as well as other information associated with the transaction such as the amount bought or sold, bank account information, as well as information about any funding instruments used to complete the transaction, device information, technical usage data, and geolocation information.

  • Information that you choose to provide us to obtain additional Services or specific online Services - If you request or participate in an optional Site feature, or request enhanced Services or other elective functionality, we may collect additional information from you. We will provide you with a separate notice at the time of collection if the use of that information differs from the uses disclosed in this Privacy Policy.

  • Information about you from third-party sources - We obtain information from third-party sources such as authorities, merchants, data providers, financial institutions, or similar entities,  where permitted and/or required by law.

  • Device Information – Information that is automatically collected about your device (such as but not limited to, hardware, operating system, browser, etc.).

  • Location Information – Information that is automatically collected via analytics systems providers to determine your location, including your IP address and/or domain name and any external page that referred you to us.

  • Log Information – Information that is generated by your use of Monerium EMI that is automatically collected and stored in our server logs. This may include, but is not limited to, device-specific information, location information, system activity, and any internal and external information related to Monerium pages that you visit.

  • Other information we collect related to your use of our Website or Services - We may collect additional information from or about you when you communicate with us, contact our customer support, or respond to a survey.

We may also collect, use and share aggregated data such as statistical or demographic data for any purposes. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. If we combine or connect aggregated data with your personal data we will treat the combined data as personal data which will be used in accordance with this privacy policy.

3. Why Do We Collect and Retain Personal Data

We collect and retain Personal Data to comply with legal and regulatory obligations according to anti-money laundering and know your customer regulations which we as an Electronic Money Institution are subject to. We may also collect and retain Personal Data for our business purposes. If it is in our legitimate business interests and not prohibited by law, we may retain Personal Data for longer periods than required by law. If your Account is closed, we may take steps to mask Personal Data and other information, but we reserve our ability to retain and access the data for as long as required to comply with applicable laws. We will continue to use and disclose such Personal Data in accordance with this Privacy Policy.

4. How Do We Process Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will Process your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

  • Where we need to comply with a legal obligation.

 We may Process your information for the following reasons:

  • To operate the Website and provide the Services, including to:

    • register you as a new customer;

    • issue and redeem e-money;

    • authenticate your access to an Account;

    • communicate with you about your Account, the Website, the Services, or Monerium;

    • compare information for accuracy and verification purposes; and

    • carry out customer due diligence measures. 

  • To manage our business needs, such as monitoring, analyzing, and improving the Services and the Website performance and functionality. For example, analyzing buying behavior.

  • To manage risk and protect the Website, the Services, and you from fraud by verifying your identity, and helping to detect and prevent fraud and abuse of the Website or Services.

  • Marketing by delivering marketing materials about Monerium products and online Services and the products and services of unaffiliated businesses. We may also Process your Personal Data to tailor certain Services or Site experiences to better match our understanding of your interests.

  • To comply with our obligations and to enforce the terms of our Website and Services, including complying with all applicable laws and regulations.

  • To respond to your requests, for example, to contact you about a question you submitted to our customer service team.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.

5. Do We Disclose Your Personal Data?

We may disclose your Personal Data or other information about you to others in a variety of ways as described in this section of the Privacy Policy.

We send Personal Data to the following sets of data processors in order to perform the Monerium Services:

  • Fraud prevention agencies and other relevant authorities: In order to comply with relevant legislation we must be able in some situations to provide relevant authorities with your Personal Data. This is to verify your identity, protect against fraud, comply with anti-money laundering laws, and confirm your eligibility to use our Services.

  • Third-party identity verification services providers: Monerium uses Onfido Ltd (“Onfido“) to (i) verify your identity by comparing the facial scan data extracted from your selfie or video with the photo in your government-issued identity document and (ii) prevent and detect fraud, including by using your facial scan data to determine whether Onfido has previously verified your identity on our behalf. Onfido will process, store, retain and delete your personal information, including biometric data, in accordance with Onfido´s Privacy Policy and Facial Scan Policy and Release available at  https://onfido.com/privacy/ and https://onfido.com/facial-scan-policy-and-release/.

  • Cloud storage providers: This is in order to safely and securely store your data with Monerium. Your Personal Data will always be encrypted when stored with third-party service providers. 

  • IT, payment, and delivery services: We use such partners in order to help us provide you with our services. 

  • Banking and financial services partners: Financial services providers that help us provide our Services including banking partners, banking intermediaries, payment service providers, payment networks, and other financial institutions.

  • Advertisers, analytics, and information search providers: If we decide to engage advertisers to promote our Products and Services, the advertisers and their advertising networks may require anonymized personal data to serve relevant adverts to you and others. We will never disclose identifiable information about individuals to advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 40 have clicked on their advertisement on any given day). We may also use such aggregate information to help our advertising partners provide a tailored and targeted campaign, relevant to a subsection of our users (for example, women in Ljubljana). In some instances, we may use personal data we have collected from you to enable our advertising partners to display their advertisements to their target audience. We may use analytics and search engine providers to assist us in the improvement and optimization of our site.

  • Communications service providers: In order to help us to send you emails, push notifications, and text messages.

  • Companies within the Monerium group: In order to provide a unified service across all of our products and services, we may disclose your personal information to members of the Monerium group, which means any of our subsidiaries or related entities. 

We may also disclose your personal information in the following circumstances:

  • If Monerium or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets.

  • If we are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation or request.

  • In order to:

    • enforce or apply the Business Terms of Service and/or any other agreements between you and us or to investigate potential breaches; or

    • protect the rights, property, or safety of Monerium, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

With your consent: We also will share your Personal Data and other information with your consent or direction, including if you authorize an account connection with a third-party account or platform.

You can always withdraw your consent at any time after giving your explicit opt-in consent by contacting support and letting us know.

In addition, Monerium may provide aggregated statistical data to third parties, including other businesses and members of the public, about how, when, and why Users visit our Website and use our Services. This data will not personally identify you or provide information about your use of the Website or Services. We do not share your Personal Data with third parties for their marketing purposes without your consent.

6. How Do We Work With Other Services And Platforms

A significant benefit and innovation of Monerium´s Services is that you can in some instances connect your Account with a third-party account or platform. For the purposes of this Privacy Policy, an “account connection“ with such a third party is a connection you authorize or enable between your Account and a non-Monerium account, payment instrument, or platform that you lawfully control or own. When you authorize such a connection, Monerium and the third party will exchange your Personal Data and other information directly. Examples of account connections include:

  • Connecting your Account to a third-party financial services company, if you provide such company with your Account log-in credentials; or

  • accessing and/or using your Monerium account in a third-party platform; or

  • using your Account to make payments to a merchant or allowing a merchant to charge your Account.

If you choose to create an account connection, we may receive information from the third party about you and your use of the third-party service. If you connect your Account to other financial accounts, directly or through third-party service providers, we may have access to your account balance and transactional information, such as purchases and funds transfers. 

Your personal data will only be sent to third parties once you have requested to utilize their services. You can withdraw your consent at any time by contacting support. Please be aware that this may impact your ability to use such services going forward. Please notice that when we share your data with third parties you will also be subject to their privacy policy as well. Before authorizing an account connection, you should review the privacy notice of any third party that will gain access to your Personal Data as part of the account connection.

7. How Do We Use Cookies And Tracking Technologies

When you visit our Website, use our Services, or visit a third-party website for which we provide online Services, we and our business partners and  agents may use cookies and other tracking technologies (collectively, “Cookies“) to recognize you as a User and to customize your online experiences, the Services you use, and other online content and advertising; and to mitigate risk, prevent potential fraud, and promote trust and safety across our Websites and Services. Certain aspects and features of our Services and Website are only available through the use of Cookies, so if you choose to disable or decline Cookies, your use of the Website and Services may be limited or not possible.

Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. We do not respond to DNT signals. Please read our Cookie Policy for further information.

8. Retaining Your Information

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.

Monerium is obligated under the Anti Money Laundering and Countering The Financing of Terrorism Regulations to retain Personal Data about you and your Monerium Transactions for a period of five years. Also, as an FSA-authorized Electronic Money Institution, we are under further regulatory obligations to retain your data for a certain amount of time. Under the Electronic Money Regulations from 2013, Electronic Money Institutions must keep certain records for seven years. We, therefore, use this precondition for some personal data that we receive from you. In order to not hold your information for longer than is strictly necessary we will not hold any of your personal data for more than seven years after the termination of our business relationship.

9. Your Legal Rights

Under data protection laws you have certain rights in relation to your personal data. Accordingly, we have implemented additional transparency and access controls in our Privacy Settings to help you take advantage of those rights. For data access, correction, restriction, deletion, or portability requests, please reach out to our support team. In accordance with this Privacy Policy and applicable law, you have the right to:

  • Request access to your personal data (commonly known as a “data subject access request“). This enables you to receive a copy of the personal data we hold.

  • Request correction of your personal data that we hold. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. As an FSA-authorized firm, Monerium is under certain obligations to retain certain data for a minimum of 5 years (see above). Please note that these retention requirements supersede any right to erasure requests under applicable data protection laws. 

  • Object to processing of your personal data. This is in situations where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object to where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights. As an FSA-authorized firm, Monerium is under certain obligations to process and retain certain data for compliance purposes. Please note that these requirements supersede any right to objection requests under applicable data protection laws. If you object to the processing of certain data then we may not be able to provide the Monerium Services and it is likely we will have to terminate your account.

  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: a) if you want us to establish the data accuracy; b) where our use of the data is unlawful but you do not want us to erase it; c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Please note that any requests in relation to the restriction of the processing of your data mean that we may not be able to perform the contract we have or are trying to enter into with you (including the Monerium Services). In this case, we may have to cancel your use of Monerium Services but we will notify you if this is the case at the time.

  • Request the transfer of your personal data to you or to a third party. We will provide you, with your personal data in a structured, commonly used, machine-readable format, which you can then transfer to an applicable third party. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. 

  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide the Monerium Services to you. We will advise you if this is the case at the time you withdraw your consent.

No fees are usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (including the Monerium Services). In this case, we may have to cancel your use of Monerium Services but we will notify you if this is the case at the time.

10. How Do We Protect Your Personal Data

No security is foolproof, and the Internet is an insecure medium. We cannot guarantee absolute security, but we work hard to protect Monerium and you from unauthorized access to or unauthorized alteration, disclosure, or destruction of Personal Information we collect and store. We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centers, and information access authorization controls. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account registration information and verifying that the Personal Data we maintain about you is accurate and current. We are not responsible for protecting any Personal Data that we share with a third-party based on an account connection that you have authorized.

11. Can Children Use Our Services

The Website and Services are not directed to children under the age of 18. We do not knowingly collect information, including Personal Data, from children or other individuals who are not legally able to use our Website or Services. If we obtain actual knowledge that we have collected Personal Data from a child under the age of 18, we will promptly delete it, unless we are legally obligated to retain such data. Please contact us if you believe we have mistakenly or unintentionally collected information from a child under the age of 16.

12. What Else Should You Know

Changes to This Privacy Policy

We may revise this Privacy Policy from time to time to reflect changes to our business, the Website or Services, or applicable laws. The revised Privacy will be effective as of the published effective date. If the revised version includes a substantial change, we will provide you with 30 days prior notice via email.

Transfer of Your Personal Data to Other Countries

The data that we collect from you will be transferred to and stored at, a destination inside of the European Economic Area (EEA) or within a secure third country that the European Commission has confirmed to have an adequate level of data protection. Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers. As we aim to provide an international service your data may be processed outside of the EEA and secure third countries in order for us to fulfill our contract with you to provide the Monerium Services. We will need to process your personal data in order for us, for example, to provide global anti-money laundering and counter-terrorist financing solutions and provide ongoing support services. We will take all appropriate steps to ensure that your data is treated securely and in accordance with this Privacy Policy. 

Where you have chosen (or we have given you) a password that enables you to access certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

13. Contact Us

Please reach out to our support team if you have general questions about our Privacy Policy and practices or questions about our Account information or Personal Data.

14. Automated decision-making

We do not engage in automated decision-making.

15. Definitions

Account means a Monerium user account.

Device Information: data that can be automatically collected from any device used to access the Website or Services. Such information may include, but is not limited to, your device type; your device´s network connections; your device´s name; your device´s IP address; information about your device´s web browser, and the internet connection being used to access the Website or Services; Geolocation Information; and biometric data (e.g., Touch ID/Fingerprint to verify your identity).

Geolocation Information: information that identifies with reasonable specificity your location by using, for instance, longitude and latitude coordinates obtained through GPS, Wi-Fi, or cell site triangulation. Some of our Services may ask you for permission to share your current location. Some of the WebSite and Services require this information to provide a specific product or online Service. If you do not agree to our collection of the geolocation information, our Website or Services may not function properly when you try to use them.

FSA: the Icelandic Financial Supervisory Authority (Central Bank of Iceland).

Monerium: Monerium EMI ehf. and parent companies, subsidiaries, or affiliates. In this Privacy Policy, Monerium is sometimes referred to as “we“, “us“, or “our“ depending on the context.

Personal Data: personal information that can be associated with an identified or identifiable person. Personal Data can include name, postal address (including billing and shipping addresses), telephone number, email address, payment card number, other financial account information, account number, date of birth, and government-issued credentials (e.g., driver’s license, national ID, passport, Social Security number, and Taxpayer ID). Personal Data does not include information that does not identify a specific User.

Process: any method or way that we handle Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, and consultation, disclosure by transmission, disseminating or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data.

Services: any products, services, content, features, technologies, or functions, and all related websites, applications, and services offered to you by Monerium in connection with an Account.

Website: our website www.monerium.com or other online properties through which Monerium may offer the Services and which have posted or linked to this Privacy Policy.

Technical Usage Data: information we collect from your phone, computer, or other devices that you use to access the Website or Services. Technical Usage Data tells us how you use the Website and Services, such as what you have searched for and viewed on the Website and the way you use our Services, including your IP address, statistics regarding how pages are loaded or viewed, the website you visited before coming to the Website and other usage and browsing information collected through Cookies.

User: an individual who uses the Services or accesses the Website and has established a relationship in his own name or through a legal entity with Monerium (for example, by opening an Account and agreeing to the Monerium Terms and Conditions) or otherwise uses the Services.

 
"