For more information about us, see the Section of this policy entitled “Our details” below.
Collecting and Using Data.
For example, when you use our Services, we must collect your name, email address, and transaction information to complete the transaction. Some of the reasons that we collect Personal Information include to:
- Provide our products and services, including our Apps and this Site, and improve them over time;
- Allow you to download and purchase products and services;
- Personalize and manage our relationship with you, including introducing you to products or services that may be of interest to you or to provide customer support;
- Investigate, respond to, and manage inquiries or events;
- Work with and respond to law enforcement and regulators; and
- Research matters relating to our business such as security threats and vulnerabilities.
Data You Provide To Us. We collect information that you provide to us, including:
- your name, email address, mobile phone number, date of birth, physical address, and currency preference, such as when you create an account, complete your profile or submit a request for support;
- the emails and phone numbers of your contacts, if you choose to invite your friends to use AFFILIATES as part of our referral program when you create your account;
- information about transactions you complete using our services, including the amount of funds associated with a service we provide, the type of transaction executed, and other related information; and
- if you use our mobile apps, we collect from your mobile device a unique ID (where your device is an iPhone, we also collect the Apple-recommended CFUUID (the Core Foundation Universally Unique Identifier)).
Other Data Collected. We may also automatically collect the following data:
- Analytics. When you visit our website, we use third party analysis tools to collect data about your computer and Internet connection. That information includes the IP address of your computer and/or Internet service provider, when you access our website, the Internet address of websites from which you link to our website and from which you came before landing on our website, the browser that you are using, and your movements and preferences on our website. All of this information is used internally for the purpose of understanding how our website is being used and improving our website. We also use third party analysis tools to collect data about your use of our mobile apps. The information collected identifies the types and timing of actions you take within our mobile, including installation, registration, uploading, and certain types of navigating. All of this information is used internally for the purpose of understanding how our mobile apps are being used and improving them.
- Action Tags. When you visit our website, we use action tags (also called pixel tags, clear GIF, or beacons) to identify some of the pages that you visit and how you use the content on those pages. Action tags may collect and transmit this data in a manner that identifies you if you have registered with our website; or are logged into our website. We also use action tags in our emails, to determine whether an email was opened or whether it was forwarded to someone else. When you use our mobile apps, we use action tags where you are accessing websites from links in our mobile apps. These may identify the pages that you visit and how you use the content on those pages.
- Site Management. We aggregate data that we collect about the use of our website for administering, protecting and improving our website and our systems, to better understand the preferences of our website visitors and optimize the content that we serve, to identify server problems, to compile aggregated statistics about our website usage, and to improve our marketing and research.
Bases for Data Processing. The data we collect and the data you provide to us is processed:
- for the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract;
- for our legitimate interests, namely the proper administration of our business, the monitoring and improving of our website and Services, and the protection and assertion of our legal rights, your legal rights and the legal rights of others; and
- in limited circumstances, further to your consent.
Automated Decision Making. We use automated processes to check Know-Your-Client (KYC) and Anti-Money Laundering (AML) data you provide to us in order to assess whether you are located in a banned country and, therefore, whether or not we are legally able to allow you to use our Services. However, those automated process support a decision making process that, in most cases, is conducted by humans, who will review any red flag issues raised by the automated processes. In some cases, decisions related to KYC data (and which are necessary to establish whether or not we can enter into a contract for Services with you) will be entirely automated. In those cases:
- we perform a constant IP connection control in order to determine any potential connection to a banned country (in relation to account applications and/or during our relationship with you) and will reject any account application and/or relationship that is made from jurisdictions or regions that are prohibited by CHANGEHERE policies in compliance with applicable sanctions regulations.
- account applications that infringe applicable rules will automatically be denied (for example, for customers that have submitted forged or fraudulent documents).
- account applications for which all information and/or documentation is processed and approved by automated online identification systems are approved without human intervention.
Your Rights As A Data Subject. As a data subject you have the following rights which can be exercised by contacting our Data Protection Officer on firstname.lastname@example.org:
- The right to confirmation and access
You have the right to ask us to confirm to you whether or not we collect, process or store your Personal Information.
Where we collect process or store your Personal Information, you are entitled to access to your Personal Information.
- The right to rectification
You have the right to have any inaccurate Personal Information about you rectified and to have any incomplete Personal Information about you completed.
- The right to erasure
You have the general right to request the erasure of your Personal Information. This right can be exercised if one of the following applies:
- the Personal Information is no longer necessary for the purpose the we collected it for;
- you withdraw your consent to consent based processing and no other legal justification for processing applies;
- you object to processing for direct marketing purposes;
- we unlawfully processed your Personal Information; or
- erasure is required to comply with a legal obligation that applies to us.
- The right to restrict processing
You have the right to restrict the processing of your Personal Information under certain circumstances. You may restrict the processing of your Personal Information in the following circumstances:
- if you contest the accuracy of the Personal Information;
- where processing is unlawful you may request, instead of requesting erasure, that we restrict the use of the unlawfully processed Personal Information;
- if we longer need to process your Personal Information but you need the Personal Information for the establishment, exercise, or defense of legal claims; or
- if you object to processing that relies on the public interest or on our legitimate interests as the lawful processing grounds, we must restrict the challenged processing activity pending verification of whether our legitimate interests override your interests.
- The right to object to processing
You have the right to object to processing of your Personal Information under certain circumstances. These include:
- where our processing of your Personal Information is for direct marketing purposes (including profiling for direct marketing purposes) you may object free of charge by contacting us in writing; or
- where our processing of your Personal Information is for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation.
- The right to data portability
Where the legal basis for our processing your Personal Information is:
- your consent; or
- that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and where this processing is carried out by automated means, you have the right to receive your Personal Information from us in a structured, commonly used and machine-readable format, and also the right to transmit your Personal Information from us to another data controller without any hindrance from us where this is technically feasible. However, this right does not apply where it adversely affects the rights and freedoms of others.
- The right to complain to a supervisory authority
If you consider that our processing of your Personal Information infringes data protection laws applicable to you, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
- The right to withdraw consent.
Where the legal basis for processing your Personal Information is your consent, you have the right to withdraw that consent at any time, including in respect of direct marketing and automated decision making.
How We Protect The Data We Collect. We use reasonable physical, electronic, organizational and procedural safeguards to protect the personal information that we obtain from you from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please note that we are not responsible for the security of any data you are transmitting over the Internet, or any data you are storing, posting, or providing directly to a third party’s website, which is governed by that party’s policies. Please note that no method of transmission over the Internet or method of electronic storage is 100% secure. If you have further questions about security, you can contact us.
Data Retention. The time periods for which we retain your Personal Information depend on the purposes for which we use it and are set out in our Record Retention & Destruction Policy. If you wish to close your KR Design account altogether, please contact us from your registered email address. We may retain information about you in our databases for as long as your account is active or as needed to provide you services and in accordance with applicable laws. Our retention and use of your information will be as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. The retention period may extend beyond the end of your relationship with us, but it will be only as long as it is necessary for us to have sufficient information to respond to any issues that may arise later. For example, we may need or be required to retain certain information to prevent fraudulent activity, protect ourselves against liability, permit us to pursue available remedies or limit any damages that we may sustain, or if we believe in good faith that a law, regulation, rule or guideline requires it.
Access to Information. We will respond to your request for access to information we collect about you within the time frame required by applicable law.
Sharing Data. We may share your information as follows:
- If we’ve aggregated or de-identified the information, so that it cannot reasonably be used to identify you;
- With third party service providers who we use in delivering our Services, including certain advertising, referral, operations, financial services and technology services (such as hosting providers, identity verification, support, payment, and email service providers);
- If required by applicable law or legal process, or if we believe it is in accordance with applicable law or legal process;
- To protect the rights, property and safety of KR Design, our users and the public, including, for example, in connection with court proceedings, or to detect or prevent criminal activity, fraud, material misrepresentation, or to establish our rights or defend against legal claims; or
- In connection with selling, merging, transferring, or reorganizing all or parts of our business.
Email Communications. If you opted-in to receive information about our products, updates and offers, we will use your name and email address to send this information to you. If you no longer wish to receive these communications, you can unsubscribe by following the instructions contained in the emails you receive or on our website. Please note that we may send you transactional and relationship messages, even if you have unsubscribed from our marketing communications. For instance, if our service is going to be temporarily suspended for maintenance, we might send you an email to update you.
Data Transfers. KR Design is headquartered in Midrand, South Africa, and we have operations band service providers throughout the world, including in the United States, United Kingdom and others. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it. If you are located in the European Economic Area, we provide adequate protection for the transfer of Personal Information to countries outside of the EEA through a series of intercompany agreements based on the Standard Contractual Clauses authorized under the Article 46 of the EU General Data Protection Regulation.
Links to Other Websites and Online Services. Our website may include links to other websites or online services, including Facebook, whose privacy practices may differ from those of KR Design. If you submit information to any of those websites or online services, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.
Our details. KR Design (PTY) LTD is registered in South Africa under registration number 2014/091081/07, and our registered office is at: 44 Sonneblom Road, Country View, Midrand, South Africa, 1687.
You can contact us:
- by post, to the postal address given above;
- using our website contact form;
- by email, using following email address email@example.com.