PRIVACY POLICY - SMA SOFTWARE LLC

This Privacy Policy is an overview of how we collect, use, and process your personal data when you use the money transfer platform developed by SMA SOFTWARE LLC located at 1 Bridge Pl, 2FL, Fort Lee, NJ 07024, USA, website: www.smasoftware.com (‘’the company’’, ‘’us’’,).

Please read this Policy carefully, as it becomes legally binding when you use our Services. For the full definition of the capitalized words here, check our Customer Agreement. We take privacy and protection of your data very seriously and are committed to handling the personal information of those we engage with, whether customers, suppliers, or colleagues responsibly and in a way that meets the legal requirements of the countries in which we operate.

DATA WE COLLECT

We will collect and process the following mandatory data about you:

  1. Information You Give Us.

You may give us information about you when you sign up to use our service, e.g., when you provide us with personal details like name and email address. This also includes information you provide through your continued use of our Services, your participation in discussion boards or other social media functions on our platform, through entering a competition, promotion, or survey, and by reporting problems with our Services. During the process of our services, the information we access may include name, address, email address, phone number, financial information (including credit card, debit card, or bank account information), payment reason, geographical location, social security number, personal description, and photograph.

In some cases, such as when you send or receive high value or high-volume transactions, or where we need to comply with anti-money laundering regulations, we may also need more commercial or identification information from you.

In providing the personal data of any individual (other than yourself) that receive payments from you during your use of our Services, you promise that you have obtained consent from such individual to disclose his/her personal data to us, as well his/her consent to our collection, use and disclosure of such personal data, for the purposes set out in this Privacy Policy.

  1. Information we collect about you. 

About your use of our Services, we may automatically collect the following information:

  • Details of the transactions you carry out when using our Services, including geographic location from which the transaction originates.
  • Financial information such as Bank account, DBA, expiration dates, credit card information, names, address, relationship with the beneficiary, postal codes, the e-mail registered in the financial institution.
  • Technical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform.
  • Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our platform (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer support number.
  1. C) Information we receive from other sources. 

We may receive information about you if you use any of the other platforms we operate or the other services we provide. We are also working closely with third parties and may receive information about you from them.

For example:

  • The banks you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well as your financial information such as your bank account details.
  • Business partners may provide us with your name and address, as well as financial information, such as card payment information.
  • Advertising networks, analytics providers and search information providers may provide us with pseudonymized information about you, such as confirming how you found our services.
  • A credit reference agency does not provide us with any personal information about yourself, but we may use them to corroborate the information you have provided to us.

 

  1. Information from social media networks. 

If access our Services using your social media account (for example, Facebook or Google) we will receive relevant information that is necessary to enable our Services and authenticate you. The social media network will provide us with access to certain information that you have provided to them, including your name, profile image and email address.

We use such information, together with any other information you directly provide to us when registering or using our Services, to create your account and to communicate with you about the information, products, and services that you request from us. You may also be able to specifically request that we have access to the contacts in your social media account so that you can send a referral link to your family and friends. We will use, disclose, and store all this information in accordance with this privacy policy.

  1. Sensitive data

We process a limited amount of sensitive data when we carry out verification of identity documents that contain biometric data. Where we are relying on the substantial public interest condition in Article 9(2)(g) of the GDPR and condition 14. Preventing fraud in Part 2 of Schedule 1 of the DPA 2018.

In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter a contract.

  1. Children’s data

Our products and services are directed at adults aged 18 years and over, and not intended for children. We do not knowingly collect data from this age group. Our verification process prevents SMA SOFTWARE collecting this data. If any data is collected from a child without verification of parental consent, it will be deleted.

All data requested by SMA SOFTWARE is mandatory and failure to provide this Data may make it impossible for SMA SOFTWARE to provide its services. In cases where SMA SOFTWARE specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.

HOW WE PROTECT YOUR PERSONAL INFORMATION

  1. We take the safeguarding of your information very seriously, and take several steps to ensure it stays secure:
  • Communication over the Internet between you and SMA SOFTWARE servers is encrypted using strong asymmetric encryption. This makes it unreadable to anyone who might be listening in.
  • We update and patch our servers in a timely manner.
  • We run a Responsible Disclosureand bug bounty program to identify any security issues in SMA SOFTWARE
  • Our technical security team proactively monitors for abnormal and malicious activity in our servers and services.
  • When information you have given, us is not in active use, it is encrypted at rest. This means it is unreadable from server hard drives without the decryption secret.
  1. We do regular audits such as _____ and _____. As part of these audits, our security is validated by external auditors.
  2. We restrict access to your personal information to those employees of SMA SOFTWARE who have a business reason for knowing such information. We continuously educate and train our employees about the importance of confidentiality and privacy of customer personal information. We maintain physical, electronic, and procedural safeguards that comply with the relevant laws and regulations to protect your personal information from unauthorized access.

WAYS WE USE YOUR INFORMATION

We use your information:

  • to carry out our obligations relating to your contract with us and to provide you with the information, products, and services.
  • to comply with any applicable legal and/or regulatory requirements.
  • to notify you about changes to our Services.
  • as part of our efforts to keep our Services safe and secure.
  • to administer our Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
  • to improve our Services and to ensure that they are presented in the most effective manner.
  • to allow other SMA SOFTWARE customers to request or send money to you through our services when providing matching information for your phone number or email.
  • to measure or understand the effectiveness of advertising we serve and to deliver relevant advertising to you.
  • to allow you to participate in interactive features of our Services, when you choose to do so.
  • to provide you with information about other similar goods and services we offer.
  • to combine information, we receive from other sources with the information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

LEGAL BASIS FOR PROCESSING IN EUROPE

The lawful basis we use for collecting and processing your information in Europe (as required by current legislation) are as follows:

  • Where it is necessary for entering into or performing a contract with you.
  • Where we have a legitimate interest to do so, provided your rights do not override those interests.
  • Where you have consented to its uses.
  • Where our colleagues believe it is in your vital interests to share your personal details.
  • Where required to comply with our legal obligations.

DISCLOSURE OF YOUR INFORMATION

  1. We may share your information with selected third parties including:
  • affiliates, business partners, suppliers and subcontractors for the performance and execution of any contract we enter with them or you.
  • advertisers and advertising networks solely to select and serve relevant adverts to you and others with your consent.
  • analytics and search engine providers that assist us in the improvement and optimization of our platform, and our group entities or
  1. We may disclose your personal information to third parties:
  • such as affiliates, business partners, suppliers and subcontractors for the performance and execution of any contract we enter with them or you.
  • if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If we are under a duty to disclose or share your personal data to comply with any legal obligation, or to enforce or apply our Customer Agreement and other applicable agreements; or to protect the rights, property, or safety of SMA SOFTWARE, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
  • to assist us in conducting or co-operating in investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so.
  • to prevent and detect fraud or crime.
  • in response to a subpoena, warrant, court order, or as otherwise required by law.
  • to assess financial and insurance risks.
  • to recover debt or in relation to your insolvency; and
  • to develop customer relationships, services, and systems.
  1. We do not have a list of all third parties we share your data with, as this would be dependent on your specific use of our Services. However, if you would like further information about who we have shared your data with, or to be provided with a list specific to you, you can request this by writing to info@smasoftware.com

SHARING AND STORING YOUR PERSONAL DATA

We may transfer and store your data at a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your payment order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing and processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

In order to provide our Services to you, it is sometimes necessary for us to transfer your data to the third parties that are based outside of the European Economic Area. In these cases, we ensure that both ourselves and our partners take adequate and appropriate technical, physical and organizational security measures to protect your data. We also ensure we have appropriate contractual protections (e.g. BCR, Standard Contractual Clauses) in place with these parties receiving the data outside the EEA.

To offer you the best service and remain competitive in our business, we may transfer data across affiliates in different geographies and locations with all the compliance appropriate steps to ensure your personal data is handled as described in this Privacy Policy.

Where required, we comply with applicable legal frameworks relating to the transfer of personal data. For example, we only make these transfers, where the EU has made an “adequacy decision” for the country to which the data will be transferred or where we have put in place the “appropriate safeguards” that the law requires such as signing EU SCC’s, or BCR’s.

Notice that the decision made on July 16, 2020, by the Court of Justice of the European Union (CJEU) that invalidated the EU-U.S. Privacy Shield will not interfere on the purpose of the signed SCC’s, or BCR’s. Following the CJEU decision, the U.S. Department of Commerce announced that it will continue to enforce the Privacy Shield for current registrants while working with the EU Commission to develop and implement a new data transfer framework.

In light of these decisions, SMA SOFTWARE will continue to honor its commitments and will rely on Standard Contractual Clauses for the transfer of personal data and/or another appropriate legal basis for data transfers, where required. We will continue to monitor guidance regarding appropriate and lawful transfer mechanisms and will update our processes as needed.

This is done in accordance with Irish EU Data Protection requirements.

PROFILING AND AUTOMATED DECISION MAKING

We may use some elements of your data to customize our Services and the information we provide to you, and to address your needs — such as your country of residence and transaction history. For example, if you frequently send funds from one currency to another, we may use this information to inform you of new product updates or features that may be useful for you. When we do this, we take all necessary measures to ensure that your privacy and security are protected — and we only use pseudonymized data wherever possible. This activity has no legal effect on you.

We may use Automated Decision Making (ADM) to improve your experience, or to help fight financial crime. For example, so that we can provide you with a fast and efficient service, we may use ADM to verify your identity documents, or to confirm the accuracy of the information you have provided to us. None of our ADM processes have a legal effect on you.

COOKIES

We use small files (known as cookies) to distinguish you from other users, see how you use our site and products while providing you with the best experience. They also enable us to promote our services via our website.

DATA RETENTION

As a regulated financial institution, SMA SOFTWARE is required by law to store some of your personal and transactional data beyond the closure of your account with us. We only access your data internally on a need-to-know basis, and we’ll only access or process it, if it is absolutely necessary.

We will always delete data that is no longer required by a relevant law or jurisdiction in which we operate.

RETENTION TIME

  • Personal Data shall be processed and stored for 5 years required by the purpose they have been collected for.
  • Personal Data collected for purposes related to the performance of a contract between the Company and the User shall be retained until such contract has been fully performed.
  • Personal Data collected for the purposes of the Company’s legitimate interests shall be retained if needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Company within the relevant sections of this document or by contacting the Company.

The Company may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, we may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Once the retention period expires, Personal Data shall be deleted; therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

YOUR RIGHTS

Subject to applicable laws, you may have the right to access information we hold about you. Your right to access can be exercised in accordance with the relevant data protection legislation. If you have any questions in relation to our use of your personal information, contact us. Under certain conditions, you may have the right to require us to:

  • provide you with further details on the use we make of your information.
  • provide you with a copy of the information that you have provided to us.
  • update any inaccurate, incorrect, or out of date personal information we hold.
  • delete any personal information that is no longer necessary, or no longer subject to a legal obligation to which SMA SOFTWARE is subject to. SMA SOFTWARE has legal obligations so it may not be possible to delete your data at the time of request. Once the required time has passed then we will be able to comply with your request.
  • where processing is based on consent, to withdraw your consent so that we stop that particular processing.
  • cease direct marketing to you, by contacting us or adjusting your notification preferences in the settings section of your account.

Where we undertake wholly automated decision making which results in the creation of a legal obligation or a similar significant impact, you may request that we provide information about the decision-making methodology and ask us to verify that the automated decision has been made correctly.

We may reject the request, as permitted by applicable law, including when providing the information would result in a disclosure of a trade secret or would interfere with the prevention or detection of fraud or other crime. However, generally in these circumstances we will verify that the algorithm and source data are functioning as anticipated without error or bias or if required by law to adjust the processing.

We object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights restrict how we use your information whilst a complaint is being investigated.

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in this company or for the purposes of the legitimate interests pursued by the company, users may object to such processing by providing a ground related to their situation to justify the objection.

THIRD-PARTY PROVIDERS

This Privacy Policy does not apply to other providers. Thus, we are advising you to consult the respective Privacy Policies of these third-party servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options. We do not control these third-party providers and are not responsible for their privacy statements.

INTERNATIONAL TRANSFERS

The Services are hosted on servers inside the United States, for more information about its privacy policy visit OVHcloud . If you are in the elsewhere outside of the United States, information that we collect (including through cookies) will be processed and stored in the United States, a jurisdiction in which the data protection and privacy laws may not offer the same level of protection as those in the country where you reside or are a citizen. Subject to applicable law, by using our Services and providing information to use, you consent to the transfer to and processing of information in the United States and other jurisdictions. Where necessary under applicable law, we may employ appropriate cross-border transfer methods governing personal data. This privacy policy is governed by the laws of The United States of America.

MINORS

Our Website is not directed to persons under the age of 18 or the applicable age of majority in the jurisdiction from which the Website is accessed and we do not knowingly collect Personal Information from minors. If you become aware that your child has provided us with Personal Information, please contact us at info@smasoftware.com. If we become aware that a minor has provided us with Personal Information, we take steps to remove such information and terminate that person’s account.

GDPR /RGPD

If you are a resident of EU, under the General Data Protection Regulation (GDPR), the relevant Data Protection information may be contacted at info@smasoftware.com. Please be aware that where GDPR  applies, you have the right to lodge a complaint with the competent data protection authority.

CCPA – California Consumer Privacy Act- California

Under the California Consumer Privacy Act (CCPA) Notice you have the right to know your Personal Information. You can request the last 12 months of personal information collected from your use of the Services. You will need to provide your identity so we can return the requested data to you. Please note that you must make the request from each browser or device where you access the Services. For more information, please contact us at: info@smasoftware.com.

CHANGES TO OUR PRIVACY POLICY

To keep up with changing legislation, best practice, and changes in how we process personal information, we may revise this Privacy Policy at any time without notice by posting a revised version on this platform. To stay up to date on any changes, check back periodically.

CONTACT

Please send any questions, comments, or requests regarding this privacy policy to our global privacy team at info@smasoftware.com, 1 Bridge Pl, 2FL, Fort Lee, NJ 07024, USA, website: www.smasoftware.com.

If you feel that we have not addressed your questions or concerns adequately, or you believe that your data protection or privacy rights have been infringed, you can complain to any supervisory authority or other public body with responsibility for enforcing privacy laws. in the case you are in the United Kingdom this is the Information Commissioner’s Office; you can see their contact details via the ICO website.

CHANGES TO THIS PRIVACY POLICY

The Company reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within SMA SOFTWARE and/or – as far as technically and legally feasible – sending a notice to Users via any contact information available to the Company. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

The changes should affect processing activities performed based on the user’s consent, the Company shall collect new consent from the user, where required.

Copyright SMA Software , All rights reserved.