We use necessary cookies to make our Site work, to allow you to log into secure areas of our Site or for fraud prevention. We won’t set other cookies unless you consent to them. These other cookies may serve various purposes such as to improve user experience by measuring how you use the Site and remember your previous inputs, actions and preferences when you navigate our Site. Learn how we uses cookies, see our Cookie Notice.
Cookies are small text files placed on your device which we use to improve your experience on our website and to show you relevant advertising. You are able to manage which cookies are set on your device below. For more information, refer to our Cookie Policy.
These are cookies that are required for the operation of our Site. They include, for example, cookies that enable you to log into secure areas of our Site, or fraud prevention. These cookies are automatically activated and cannot be deactivated because they are essential to enable you to browse our Site.
These allow us to recognise and count the number of visitors to our Site and to see how visitors move around our Site when they are using it. This helps us to improve the way our Site works, for example, by ensuring that users are finding what they are looking for easily.
These cookies record your visit to our Site, the pages you have visited and the links you have followed. If you allow these cookies, you will see more advertisement based on your activities on your browser and internet device. We may also share this information with third parties for this purpose.
Last updated: 05.26.2022
We recognize and value the trust that you place in us when providing us with your personal data. We are committed to safeguarding the privacy and security of your personal data. This Global Personal Data Protection Notice (this "Notice") is provided to you by Digivault Limited in connection with Digivault Limited's website, mobile application, platforms, services, or products that you access or use.
References to “Eqonex”, "we", "our", or "us" in this Notice is to such relevant Eqonex entity. However, as noted below your information may be shared with other Eqonex Group entities.
If you are resident in the European Economic Area ("EEA") or the UK, then the entity giving you this Notice as listed above will be your main controller and have primary responsibility for processing your personal data and complying with the EU General Data Protection Regulation and the UK General Data Protection Regulation and companion privacy laws in the EEA and the UK (collectively, the "GDPR").
To the extent personal data is collected in Singapore, by using the website, mobile application, platforms, products and services, you consent to the collection, use and disclosure of such personal data you provide to us pursuant to this Notice.
The Notice is intended to notify you as to how we process your personal data, and how you may exercise your rights with respect to such data. This Notice must be read with any other information that we may provide when we are collecting or otherwise processing your personal data.
We may amend this Notice at any time. To the extent necessary under applicable law, we will notify you of material changes that we make to this Notice. You should cease using or accessing our products and services if you do not accept such changes. The word "including" or "for example" shall not be limiting in this Notice.
In this Notice, "processing" or "process" shall mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
We may collect and otherwise process different types of personal data from multiple sources, including: (i) collecting personal data directly from you; (ii) personal data that is automatically generated about you; and (iii) personal data that we receive about you from other Eqonex Group entities or third parties.
Personal data collected directly from you
We may collect your personal data directly from you, for example, through: (i) our online or paper forms; (ii) entering into an agreement with us; (ii) online and other electronic platforms which we offer or which we have agreed that you may use; (iii) corresponding with us by email or post; (iv) speaking to us in person or over the telephone; or (v) visiting our offices.
Your personal data that we may collect in this manner could include, your:
Identity/Contact information: including your first name, last name, middle names, maiden name, marital status, title, date of birth, gender, and photograph identification, residential address, delivery address, email address, telephone numbers;
Financial data: including your bank account and payment card details, revenue information, financial and investment background, monthly income amount, expected deposit amount, and source of funds;
Services data: including your usernames and passwords, details about payments to and from you, other details of services you have obtained from us or we have obtained from you, your digital wallets, and transaction information, and your interest, feedback and survey responses;
Professional information: including your job title, email address, phone number, addresses, employment status, employer name, previous positions, and professional experience; and
KYC/Verification information: including information about your criminal convictions and offences (if any), passport information, driving licence, national ID number, utility bill (or other proof of address document), country of residence, biometrics for liveness verification (e.g. selfies and videos), country of origin/nationality, country of domicile/tax residency, ongoing monitoring, PEP information, tax reference number.
Personal data collected automatically from you
We may collect your personal data from your use of Eqonex's (i) website; (ii) any platforms or exchanges; (iii) mobile applications; or (iv) other services or products operated by Eqonex:
Usage data: including IP address, website usage and other technical data such as details of your visit to our websites, mobile applications, platforms, services services, or products or information collected through cookies and other tracking technologies (please refer to our Cookie Notice for more details); and
Information from our platforms and exchanges: including information collected through your use of the Eqonex's website, mobile applications, platforms, services, or other products (such as digital asset exchange or digital asset custody), including device type, operating system, browser, location and IP address.
Personal data received from other sources
We may collect your personal data from: (i) publicly available information; (ii) third parties (such as other virtual asset service providers); and (iii) other Eqonex Group entities:
Identity/Contact Information & KYC/Verification information: including information obtained from third party service providers in carrying out KYC checks, other background checks, PEP/Sanctions screening, negative media screening, ongoing monitoring and any other checks required by law or regulation as well as through interactions with governmental or regulatory bodies or other authorities in relation to you or on your behalf;
Financial data: including information from your bank or business partners;
Professional information: including from third party referees and other checks; and
Publicly available information: including information from public registers of individuals; public registers of companies, charities, law firms, chartered accountant, stock or commodities exchange participants, mutual and other entities; public registers of sanctioned persons and entities; other public sources.
Personal data that you provide to us relating to third parties
By providing us with any personal data relating to a third party (for example, personal data relating to your spouse or partner, children, parents, or a Connected Person), you hereby represent and warrant to us that you have (i) obtained the consent of such third party; or (ii) are otherwise permitted under applicable law, in either case (i) and (ii), to provide us with his/her personal data for us to process such data in accordance with this Notice.
"Connected Person" may include any beneficial owner, authorised signatory, director, shareholder, officer of a company, partner or member of a partnership, settlor, trustee, beneficial owner, protector or granter of trust, mandate holder, power of attorney holder, surety, third party security provider, provider of funds, founder and/or employee, payee of designated payment, representatives, agents or nominees.
Failure to provide us with the relevant personal data notably KYC/Verification information, in cases where you are legally or contractually required to provide it, may result in our being unable to establish or continue our business relationship with you or to provide products and services to you.
The nature of your interaction with us will determine how Eqonex will process your personal data. The relevant specific purposes and lawful bases (to the extent required by applicable data protection laws) for which Eqonex will process your personal data are set out in the Tables of Processing below depending on which of the following categories applies:
For visitors to our website and mobile application
For users or prospective users of our platforms, products and services
For visitors to our offices
For representatives of our service providers or professional advisers or investors or other counterparties
For all visitors, users, representatives, professional advisers, investors and other counterparties
Table of Processing - For visitors to our website and mobile applications:
Purpose of Processing | Category of personal data | Lawful Basis | Third Party Recipients |
To operate our website | Identity & Contact data Services data Usage data | It is in our legitimate interests to process such data in order for Eqonex to operate its website and business, such as (i) for IT operations; IT security and maintenance, and systems controls; (ii) placing cookies or similar technologies on our webpages in order to track users as set out in our Cookie Notice. For EU/EEA/UK residents: Article 6 (1) (f) GDPR. | IT Service Providers |
To conduct electronic direct marketing to you | Identity & Contact data Professional information Publicly available information Usage data Information from our platforms | Where your consent is required by applicable laws. For EU/EEA/UK residents: Article 6 (1) (a) GDPR In all other cases, where it is in our legitimate interests to process such data in order to promote our services and products and provide value added benefits to customers, for example, educational seminars, forums, other services and products offered by Eqonex. For EU/EEA/UK residents: Article 6 (1) (f) GDPR For customers and users located in the EU, EEA or UK: If you are a customer of Eqonex products or services, we will only use your email address to send you information about similar Eqonex products or services. You can object to the future processing of your contact data to contact you by e-mail at any time and free of charge. | Marketing service providers |
Table of Processing - For users or prospective users of our platforms, products and services:
Purpose of Processing | Category of personal data | Lawful Basis | Third Party Recipients |
To onboard you as a new customer and conduct relevant KYC, sanctions, PEPs, negative screening, biometrics liveness for verification | Identity & Contact data Financial data Professional information KYC/Verification information Publicly available information | Where we are required to process such personal data because of a legal obligation applicable to us, for example, because of obligations with respect to KYC/PEP/sanction checks, negative media screening and associated requirements. For EU/EEA/UK residents: Article 6 (1) (c) GDPR Where your consent is required by applicable laws. For EU/EEA/UK residents: Article 6 (1) (a) GDPR In order to perform our obligations under our contract (with you or with the entity you represent) or in preparation for entering into a contract (e.g. for considering your application). For EU/EEA/UK residents: Article 6 (1) (b) GDPR In all other cases, where it is in our legitimate interests to process such data in order to comply with associated legal guidance. For EU/EEA/UK residents: Article 6 (1) (f) GDPR | Verification service providers Payment recipients, beneficiaries, nominees, intermediary, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, swap or trade repositories exchanges as well as other virtual asset service providers and banks |
To provide our services and products to you | Identity & Contact data Financial data Services data Professional information KYC/Verification information Information from platforms | In order to perform our obligations under our contract (with you or with the entity you represent). For EU/EEA/UK residents: Article 6 (1) (b) GDPR Where your consent is required by applicable laws. For EU/EEA/UK residents: Article 6 (1) (a) GDPR In all other cases, where it is in our legitimate interests in order for Eqonex to operate its business to the standards that you would expect such as: (i) to administer our relationship with you (or the entity you represent), including for the daily operation of our products, services, and/or other facilities provided to you; (ii) to manage risk; (iii) to improve our services and products; (iv) to send communications in relation to your service/products such as account-related notifications/updates; (v) to conduct investigatory work if unusual/suspicious activities are detected; (vi) to enable you to participate in any campaign, competition or complete a survey; and (vii) to verify the accuracy of the personal data provided. For EU/EEA/UK residents: Article 6 (1) (f) GDPR | Payment recipients, beneficiaries, nominees, intermediary, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, swap or trade repositories exchanges Depository Custodians Originating and beneficiary virtual asset service providers |
To operate our platforms and offerings to you | Identity & Contact data Services data Usage data | Where it is in our legitimate interests for Eqonex to operate its business, such as (i) for IT operations, IT security and maintenance, and systems controls; (ii) to issue service-related announcements to you when necessary (e.g. when we suspend a service due to system maintenance) and (iii) to improve and/or design related services or products. For EU/EEA residents: Article 6 (1) (f) GDPR | IT Service Providers |
To conduct electronic direct marketing to you | Identity & Contact data Professional information Publicly available information Usage data Information from our platforms | Where your consent is required by applicable laws. For EU/EEA/UK residents: Article 6 (1) (a) GDPR In all other cases, where it is in our legitimate interests to process such data in order in order to promote our services and products and provide value added benefits to customers, for example, educational seminars, forums, other services and products offered by Eqonex. For EU/EEA residents: Article 6 (1) (f) GDPR For customers and users located in the EU, EEA or UK: If you are a customer of Eqonex products or services, we will only use your email address to send you information about similar Eqonex products or services. You can object to the future processing of your contact data to contact you by e-mail at any time and free of charge. | Marketing service providers |
Table of Processing - For visitors to our offices:
Purpose of Processing | Category of personal data | Lawful Basis | Third Party Recipients |
To register your attendance at our offices | Identity & Contact data | To comply with our legal obligations, including to comply with any applicable health and safety obligations. For EU/EEA/UK residents: Article 6 (1) (c) GDPR Where it is in our legitimate interests to ensure safety and security in our offices. For EU/EEA/UK residents: Article 6 (1) (f) GDPR |
Table of Processing - For representatives of our service providers or professional advisers, investors or other counterparties:
Purpose of Processing | Category of personal data | Lawful Basis | Third Party Recipients |
To conduct business with you/the business you represent | Identity & Contact data | Where it is in our legitimate interests (i) to contact you; (ii) to manage our relationship For EU/EEA/UK residents: Article 6 (1) (f) GDPR | Verification service providers Professional Advisers (e.g. lawyers, auditors, accountants, banking, insurance, consultancy) |
To invoice you | Identity & Contact data | In order to perform our obligations under our contract (with you or with the entity you represent). For EU/EEA/UK residents: Article 6 (1) (b) GDPR In all other cases, where it is in our legitimate interests to invoice you or an entity that you represent. For EU/EEA/UK residents: Article 6 (1) (f) GDPR | Auditors or accountants |
Table of Processing - For all visitors, users and representatives, professional advisers, investors and other counterparties:
Purpose of Processing | Category of personal data | Lawful Basis | Third Party Recipients |
To meet current or future legal and regulatory obligations. The above shall include any requirements (including KYC and due diligence checks) in relation to virtual asset service providers travel rule, sanctions, money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions or any other unlawful activities. | Identity & Contact data Financial data Services data KYC/Verification information | To comply with our legal obligations, including AML/CFT/PEP/sanction check laws and financial service regulations For EU/EEA/UK residents: Article 6 (1) (c) GDPR In all other cases, where it is in our legitimate interests to protect and enhance Eqonex and our business and operations, including (i) to comply with applicable regulations and guidance as well as internal policies and procedures; and (ii) to respond to requests from legal, regulatory, judicial, administrative, governmental and other official bodies. For EU/EEA/UK residents: Article 6 (1) (f) GDPR | Relevant governmental or regulatory authorities or any other party to whom Eqonex is under an obligation or required or expected to make disclosure Professional Advisers (e.g. lawyers, auditors, accountants, banking, insurance, consultancy) |
To protect our rights, including initiating and defending claims | Identity & Contact data Financial data Services data Information from platforms | Where it is in our legitimate interests to protect Eqonex and our business including by: (i) collecting amounts from you; (ii) enforcing our legal rights; (iii) initiating claims; (iv) defending claims; (v) preventing and detecting crime, fraud and other abuses; (vi) investigating and attending to enquiries; and (vii) creating and maintaining our risk related models. For EU/EEA/UK residents: Article 6 (1) (f) GDPR | Relevant governmental or regulatory authority or any other party to whom Eqonex is under an obligation or required or expected to make disclosure Professional Advisers (e.g. legal advisors, auditors, and accountants) |
In case of sale, merger, reorganization, restructuring, investment or similar | Identity & Contact data Services data | Where it is in our legitimate interests to manage and develop the Eqonex business by enabling corporate transactions. Such transactions may require the provision of your personal data to actual or potential buyers, investors, merger entities, or assignees of Eqonex Group entities’ business or assets. Such data provision may also occur to allow such parties to evaluate or complete the corporate transaction. For EU/EEA/UK residents: Article 6 (1) (f) GDPR | Professional Advisers (e.g. lawyers, auditors, accountants) Actual or potential buyers, investors, merger entities, or assignees of Eqonex Group entities’ business or assets |
In general, Eqonex will not conduct any processing activities relating to your personal data that involves any automated decision-making (including profiling). Typically there is always human involvement. However, where Eqonex makes a decision or profiles through automated means, then Eqonex will put systems in place that comply with applicable laws.
Eqonex is a global firm and as such any personal data that we collect, or you provide to us may be shared with and processed by any Eqonex Group entity, including employees and contractors that work for Eqonex for any of the purposes as listed in this Notice.
In addition, for the purposes as set out in this Notice, Eqonex may share personal data with third parties, including third parties in various jurisdictions around the world, including: Singapore, the European Economic Area, UK, Hong Kong, Australia, USA, Philippines, Vietnam, Seychelles and any other third party jurisdictions. The third party recipients with whom Eqonex may share personal data are set out in the Tables of Processing above.
In case of international transfers of personal data, the laws of certain jurisdictions may provide a lower level of protection with respect to your personal data relative to the laws of your home country. We will protect your personal data in such international jurisdictions in accordance with applicable law. To illustrate, if you are resident in the EU/EEA/UK, we have implemented the following safeguards in relation to international transfers of personal data to the extent required by applicable law:
As between different Eqonex Group entities, we have implemented Data Controller to Data Controller data sharing agreement that incorporates the European Commission-approved standard contractual clauses as well as additional country specific requirements);
As between relevant Eqonex Group entities and its/their third party recipients, we have implemented either (i) Data Controller to Data Processor data transfer agreements that incorporate the European Commission-approved standard contractual clauses as well as additional country specific requirements; or (ii) Data Controller to Data Controller data sharing agreement that incorporates the European Commission-approved standard contractual clauses, as well as additional country specific requirements.
We will retain your personal data only as long as is necessary to fulfil the purpose for which this data was collected, unless a longer retention period is required by applicable law.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
This means that we will usually keep your personal data for the lifetime of your use of our website, mobile application, platforms, services or products, and then thereafter for such period as we are required or permitted to keep your personal data under applicable laws after you have ceased to use our website, mobile application, platforms, services or products. In cases where you are not onboarded as a customer, we will usually keep your personal data for a limited period of time, unless you have subscribed to our mailing list, in which case we will retain your personal data until you unsubscribe.
Under certain circumstances and in accordance with applicable laws, you may have the right to request us to:
provide access to personal data we hold about you;
rectify any inaccuracies in your personal data that we hold;
delete any of your personal data that we no longer have a legitimate interest to process;
where we process your personal data based on your consent, withdraw your consent so that we stop that particular processing;
port your personal data and to request the transmission of such data to another organization;
object to any processing of your personal data based on our "legitimate interests" unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;
object to any processing of your personal data for direct marketing purposes (including any profiling activities in connection with direct marketing); or
restrict how we process your personal data whilst a data protection complaint is being investigated.
You may exercise any of these data protection rights (to the extent applicable) at any time using the contact details for Eqonex set out below. Some of these rights may be limited (e.g. the right to withdraw consent) where we are required or permitted by applicable laws to continue processing your personal data to defend our legal rights or meet our regulatory or contractual obligations. Depending on applicable laws a fee may be payable and there may be circumstances in which Eqonex can refuse your request. For example, Eqonex may, in certain circumstances and where allowed under applicable laws, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We also note in the section below titled “Additional considerations with respect to blockchain and digital assets” additional limitations with respect to your rights in connection with certain blockchain and digital assets
You may also have the right to complain to the relevant supervisory authorities or data protection regulators if your data protection rights have been infringed by us, including:
Importantly, you may not be able to exercise all of your data protection rights with respect to certain blockchain and digital assets. This is because certain blockchain records are public and decentralized, and we may not be able to (for example) alter, delete or modify such records in order to comply with your data protection-related requests.
If you have any query or concern or complaint in relation to this Notice and Eqonex's processing of your personal data, please contact: [email protected]
Raising standards in secure and scalable custody of digital assets for institutions
Digivault Limited is registered by the Financial Conduct Authority under registration number 927958.
You can confirm our registration on the FCA's website Registered Cryptoasset Firms (fca.org.uk)
Digivault's Secure by Design mantra is cemented by internationally recognised standards and accreditation. Digivault is Cyber Essential Plus accredited and ISO27001 certified.
