Privacy Policy

  1. Introduction

    This privacy notice applies to the processing activities performed by FinconnectX to the personal data of its clients, prospective clients.

    Your privacy is of the utmost importance to us. It is our policy to safeguard the confidentiality of information and respect the privacy of individuals.

    Please see below for information about how we manage personal data, and for information about your rights with respect to the processing of your personal data.

  2. Definitions

    The following terms are defined as follows:

    2.1 “AML” means anti-money laundering.

    2.2 “Digital Asset” means any digital representation of value that may be traded via FinconnectX’s services, excluding non-fungible tokens.

    2.3 “FinconnectX”, “We”, “Us”, refers collectively to FinconnectX Pty Ltd and its subsidiaries.

    2.4 “Personal data” refers to any information relating to an identified or identifiable natural person, including names, identification numbers, location data, an online identifier, or to one or more factors specific to the physical, economic, cultural or social identity of a natural person.

  3. Your Data Controller

    Our products and services are provided through local operating entities that are part of the FinconnectX group of companies.

    You are contracting with FinconnectX as specified in our Terms of Service . The company you are contracting with is your Data Controller, and is responsible for the collection, use, disclosure, retention and protection of your personal data in accordance with our global privacy standards, this Privacy Notice, as well as any applicable national laws.

  4. How do we protect personal data?

    Your personal information is generally stored in our computer database. Any paper files are stored in secure areas.

    We recognise the importance of securing the personal information of our customers. We will take reasonable steps to ensure your personal information is protected from misuse, interference or loss, and unauthorised access, modification or disclosure.

  5. Information we may collect about you

    We obtain information about you in a number of ways through your use of our products and services, our websites, the account opening process, webinar sign-up forms, event subscribing, news and updates subscribing and from information provided in the course of on-going support service communications.

    We generally collect personal information directly from you. For example, personal information will be collected through our application processes, forms and other interactions with you in the course of providing you with our products and services.

    We may also collect personal information about you from a third party, such as an entity in which you are a representative of or have an ownership interest in, electronic verification services, referrers and marketing agencies. We may also collect your personal information from our associated entities by your instructions, consent and in compliance with privacy and contractual arrangements as well as with regulation applicable to your relations with such associated entities. If so, we will take reasonable steps to ensure that you are made aware of this Privacy Policy. 

    The information that we collect from you is as follows:

    Full name, residential address and contact details (e.g. email address, telephone number etc.), date of birth, place of birth, gender, citizenship (“Biographical information and contact information”); Bank account information, wallet addresses, credit card details, details about your source of funds, assets and liabilities, and information relating to economic and trade sanctions lists (“Financial information”); Trading account balances, trading activity (such as whether you participate in FinconnectX's VIP program, and custodial activity) (“Trading information”); Information on whether you (or someone close to you) holds a prominent public function (“PEP information”); Verification information, which includes information necessary to verify your identity such as a passport, driver’s licence, selfie photos / videos, login credentials or Government-issued identity card, which may be processed using technologies that extract biometric data (“Verification information”); Information collected when you interact with our support service channels, including online chat, phone call, email, direct message or other communication means (“Support service communications”);  including FinconnectX username, profile picture, email address, name, phone number, phone contacts (if enabled), display name, transaction records, user generated content such as payment descriptions, comments and attachments ; On-chain attestations, such as DeFi trading volume, liquidity provision, transaction metrics, verification status of a wallet (e.g., whether it is associated with a FinconnectX account), wallet addresses used for attestations, metadata related to attestations, such as timestamps and schema details (“Attestation information”); Other personal data or commercial and/or identification information – Information we, in our sole discretion, deem necessary to comply with our legal obligations under various AML obligations, such as under the Australian Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 (Cth) (AML/CTF Act).Institutional Information (if you are an institutional Customer); Employer identification number (or comparable number issued by a government);Personal identification information for all material beneficial owners of your business

    Information we collect about you automatically:

    Browser information – Information that is automatically collected via analytics systems providers from your browser, including your IP address, domain name, any external page that referred you to us, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform (“Browser information”); Log information – Information that is generated by your use of FinconnectX-branded websites, applications, services, or tools operated by FinconnectX that is automatically collected and stored in our log records. This may include device information such as device identifier, device operating system and model, device storage, Media Access Control (MAC) address and Subscriber Identity Module (SIM) information, signals relating to user behaviour and device interaction, marketing identifier, battery usage, location information, network address, system activity and any internal and external information related to pages that you visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website or App (including date and time, page response times, download errors, length of visits to certain pages, page interaction information such as scrolling, clicks, and mouse-overs, and methods used to browse away from the page (“Log information”).

    Information we receive about you from other sources.

    We also receive information about you from third parties such as your payment providers, our service providers assisting with AML, fraud, and security compliance, and through publicly available sources. For example:

    The banks you use to transfer money to us will provide us with your basic personal data, such as your name and address, as well as your financial information such as your bank account details. Your business partners may provide us with your name and address, as well as financial information. Advertising networks, analytics providers and search information providers may provide us with anonymised or de-identified information about you, such as confirming how you found our website. Our service providers may provide us with information relating to fraud, security, sanctions and AML and other risks, for example, confirmation of identity attributes, and information about any attributes linked to such matters. Credit reference agencies may provide us with your personal data during the credit referencing process. We may read and store data that is written on a blockchain, other publicly available ledgers, or is otherwise in the public domain.

  6. Our legal justification for processing personal data

    We only process your personal data where we have a legal basis for doing so under applicable Australian privacy laws, including the Privacy Act 1988 (Cth). These legal bases include:

    To perform our contractual obligations: We process personal data as necessary to provide you with our services under the terms of our user agreement, including for onboarding, transaction processing, and account management.

    To comply with legal obligations: As a registered Australian business operating in the financial sector, we are subject to various legal obligations, including anti-money laundering (AML), counter-terrorism financing (CTF), taxation, and regulatory reporting obligations. These laws require us to collect, retain, and sometimes share your personal data.

    To pursue our legitimate interests: We process personal data where it is in our legitimate interests to do so and where such processing does not override your rights. This includes activities such as improving and securing our platform, detecting and preventing fraud, maintaining business continuity, and conducting internal audits.

    With your consent: In some limited situations, we rely on your consent to process personal data (e.g., for certain marketing communications). You may withdraw your consent at any time.

    We assess the appropriateness of each legal basis before we process personal data and take steps to ensure our processing is transparent and fair. If you would like more information on how we determine the legal basis for a specific processing activity, you can contact us at info@finconnectx.com.

  7. Disclosure of your personal data

    As part of processing your personal data for the purposes set out above, FinconnectX may disclose your personal data to any members of the FinconnectX Pty Ltd, and to third parties. For example, FinconnectX may disclose your personal data to any of our service providers and business partners, for business or other legitimate purposes, such as specialist advisors who have been contracted to provide us with administrative, financial, legal, tax, compliance, insurance, IT, debt-recovery, analytics, research or other services. Depending on your jurisdiction, FinconnectX may disclose your personal data to telecommunication providers or mobile network operators for the purpose of identity verification.

    If FinconnectX discloses your personal data to service providers and business partners, in order to perform the services requested by clients or to comply with our legal and regulatory obligations, such providers and partners may store your personal data within their own systems. We require them to protect the confidentiality of this personal data, and comply with all relevant privacy and data protection laws.

    FinconnectX may also disclose personal data when it is compelled by law, for example to a government agency as a result of a valid court order.

    On-chain attestations are publicly available and may be accessed by third parties via blockchain explorers and APIs. FinconnectX does not control or restrict third-party access to on-chain attestation data.

  8. Where we store your personal data

    Our operations are supported by a network of computers, servers, other infrastructure and information technology, and third-party service providers. We and our third-party service providers and business partners store and process your personal data in Australia. Courts, law enforcement and security agencies of these jurisdictions may be able to use legal processes to access your personal data.

  9. International transfers of personal data

    We may transfer your personal data outside your home jurisdiction to service providers and business partners. Transfers outside of your home jurisdiction are done in accordance with lawful transfer mechanisms.

    For example, for EEA customers, FinconnectX may rely on an ‘adequacy decision’ to transfer personal data to a country which has been found by the European Commission to have an essentially equivalent standard of data protection to the EEA.

    We may also rely on additional international transfer mechanisms, including your consent, compliance with legal or regulatory obligations, execution of agreement or Standard Contractual Clauses.

  10. Privacy when using digital assets and blockchains

    Your use of digital assets may be recorded on a public blockchain. Public blockchains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis which can lead to re-identification of transacting individuals and the revelation of personal data, especially when blockchain data is combined with other data.

    As blockchains are decentralized or third-party networks which are not controlled or operated by FinconnectX, we are not able to erase, modify, or alter personal data on such networks.

    By using FinconnectX services, you acknowledge that your attestations will be recorded on a public blockchain. These attestations are immutable and cannot be modified or deleted.

  11. Data retention

    When personal data is no longer necessary for the purposes for which it may lawfully be processed, we will remove any details that will identify you, or we will securely destroy the relevant records. We may need to maintain records for a significant period of time after you cease being our client for legal or regulatory reasons, for example, when we need to retain information to help manage a dispute or legal claim. Additionally, we are subject to certain anti-money laundering laws which may require us to retain the following for a period (e.g., 5 years) after our business relationship with you has ended:

    A copy of the records we used in order to comply with our client due diligence obligations; Supporting evidence and records of transactions with you, and your relationship with us. If you have opted out of receiving marketing communications, we will keep your information on our suppression list to ensure that you do not receive these messages.

    We may keep your personal data for longer than 5 years if we cannot delete it for legal, regulatory, or technical reasons.

    FinconnectX retains attestation-related data for operational security and integrity purposes.On-chain attestations are immutable and cannot be deleted, as they are recorded on a public blockchain.

  12. Cookies

    Cookies are small text files that provide information regarding the device used by a visitor. Click on Cookie Settings in the footer of this page for additional detail on the types of cookies this website uses and why, and to adjust your Cookie Settings. Cookie information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies although doing so may impact website functionality.

  13. Your rights regarding your personal data

    The rights that are available to you in relation to the personal data we process are outlined below. You may request to exercise these rights subject to any limitations provided for under applicable data protection laws.

    Confirmation and access

    You can ask us to confirm whether we are processing your personal data and, if so, what information we process. Should you wish to obtain a copy of that information, please submit your request by using our contact form.

    Rectification

    It is important to us that your personal data is up to date. We will take all reasonable steps to make sure that your personal data remains accurate, complete and up-to-date. Please inform us if your personal data changes. If the personal data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have disclosed your personal data to others, we will let them know about the rectification where possible. If you ask us, and if possible and lawful to do so, we will also inform you with whom we have shared your personal data.

    You may inform us at any time if your personal details have changed by using our contact form. Subject to applicable law, FinconnectX will update your personal data in accordance with your instructions. To proceed with such requests, in some cases we may need supporting documents from you as proof, i.e. personal data that we are required to keep for regulatory or other legal purposes.

    Erasure

    You can ask us to delete, remove, block or anonymise your personal data in certain circumstances. Such requests may be subject to any retention limits we are required to comply with in accordance with applicable laws and regulations. If we have disclosed your personal data to others, we will let them know about the erasure request where possible. If you ask us, and if possible and lawful to do so, we will also inform you with whom we have shared your personal data.

    On-chain attestations cannot be modified or deleted once published. Users should carefully consider the implications before submitting an attestation.

    Processing restrictions

    You can ask us to block or suppress the processing of your personal data in certain circumstances such as if you contest the accuracy of that personal data or object to us processing it. It will not stop us from storing your personal data. If we have disclosed your personal data to others, we will let them know about the restriction of processing if possible. If you ask us, and if possible and lawful to do so, we will also inform you with whom we have shared your personal data.

    Data portability

    In certain circumstances you may have the right to obtain personal data you have provided to us, in a structured, commonly used and machine-readable format, and to re-use it elsewhere or ask us to transfer this to a third party of your choice, where technically feasible.

    Objection

    You can ask us to stop processing your personal data, and we will do so, if we are:

    Relying on our own or someone else’s legitimate interests to process your personal data except if we can demonstrate compelling legal grounds for the processing or for the establishment, exercise or defence of legal claims;

    Processing your personal data for direct marketing; or

    Processing your personal data for research unless we reasonably believe such processing is necessary for the performance of a task carried out for reasons of public interest (such as by a regulatory or enforcement agency).

    Automated decision-making and profiling

    If we have made a decision about you based solely on an automated process (e.g. through automatic profiling) that affects your ability to access our products and services or has another significant effect on you, you can request not to be subject to such a decision unless we can demonstrate to you that such decision is necessary for entering into, or the performance of, a contract between you and us. Even if a decision is necessary for entering into or performing a contract, you may contest the decision and require human intervention. We may not be able to offer our products or services to you, if we agree to such a request (i.e. end our relationship with you).

    Complaints

    You have the right to complain to a competent data protection authority. Contact details are set out in Section 17 below. We ask that you first reach out, by using our contact form, to give us an opportunity to address any concerns.


    Withdraw consent

    You have the right to withdraw consent to processing based on consent at any time. Note this will not affect the lawfulness of processing based on consent prior to the withdrawal of consent or on grounds where consent is not required.

  14. Changes to this privacy notice

    Our privacy notice is reviewed regularly in light of new regulations, technologies, and any changes to our business operations. Any personal data we process will be governed by our most recent privacy notice. We will update the “Last updated” date accordingly at the beginning of this privacy notice. Please review this privacy notice from time to time. We will announce any material changes to this privacy notice on our website.

  15. Our products and services are not available to children

    Our products and services are not directed to persons under the age of 18 (herein, “Children”, “Child”) and we do not knowingly collect personal data from children. If we learn that we have inadvertently processed personal data from a child, we will take legally permissible measures to remove that data from our records. FinconnectX will require the child user to close his or her account and will not allow the use of our products and services. If you are a parent or guardian of a child, and you become aware that a child has provided personal data to us, please reach out by using our email(info@finconnectx.com).

  16. Contact information

    Any questions, complaints, comments and requests regarding this privacy notice are welcome and should be submitted using email(info@finconnectx.com).

  17. Data Protection Authorities

    If you are not satisfied with our response to your complaint, you have the right to submit a complaint to a competent data protection authority.