Privacy Policy

Last updated: November 19, 2024

1. Introduction

UVM Consulting ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, use our digital asset transfer services, or otherwise interact with us. Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.

2. Information We Collect

We may collect and process the following categories of personal information:

• Identity Data: Full legal name, date of birth, nationality, government-issued identification numbers, and photographic identification documents as required for KYC (Know Your Customer) compliance.
• Contact Data: Business email address, telephone number, physical address, and company name.
• Financial Data: Blockchain wallet addresses, transaction histories, bank account details, and information about the source of funds where required for regulatory compliance.
• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our services.
• Usage Data: Information about how you use our website and services, including pages visited, features used, and navigation patterns.
• Authentication Data: Login credentials, multi-factor authentication information (including YubiKey device identifiers), and session tokens.

3. How We Collect Your Information

We collect information through the following methods:

• Direct Interactions: When you create an account, submit an inquiry through our contact form, register for our services, or communicate with us via email or other channels.
• Automated Technologies: As you navigate our website, we may automatically collect technical data about your device, browsing actions, and usage patterns using cookies, server logs, and similar technologies.
• Third-Party Sources: We may receive personal data from third-party identity verification providers, blockchain analytics services, sanctions screening databases, and publicly available sources as part of our regulatory compliance obligations.

4. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and maintain our digital asset transfer services, including processing transactions and managing your account.
• To verify your identity and conduct necessary due diligence in compliance with applicable anti-money laundering (AML) and know-your-customer (KYC) regulations.
• To communicate with you about your account, transactions, and our services, including sending service-related notifications.
• To monitor and analyze usage patterns and trends to improve the functionality, performance, and security of our services.
• To detect, prevent, and address fraud, unauthorized access, and other illegal activities.
• To comply with applicable laws, regulations, and legal obligations, including responding to lawful requests from governmental authorities.
• To enforce our terms of service and protect our rights, privacy, safety, or property.

5. Legal Basis for Processing

We process your personal data on the following legal bases:

• Contractual Necessity: Processing necessary for the performance of our agreement with you to provide digital asset transfer services.
• Legal Obligation: Processing necessary to comply with regulatory requirements, including AML/KYC obligations, tax reporting, and sanctions screening.
• Legitimate Interests: Processing necessary for our legitimate business interests, including fraud prevention, network and information security, and service improvement, where such interests are not overridden by your rights and freedoms.
• Consent: Where you have provided explicit consent for specific processing activities, such as receiving marketing communications.

6. Data Sharing and Disclosure

We may share your personal information with the following categories of recipients:

• Service Providers: Third-party companies that perform services on our behalf, including identity verification, blockchain analytics, cloud hosting, and customer support. These providers are contractually bound to protect your data and use it only for the purposes we specify.
• Regulatory Authorities: Government agencies, law enforcement bodies, and financial regulatory authorities where disclosure is required by law or necessary to comply with our legal obligations.
• Professional Advisors: Lawyers, auditors, and insurers who provide professional services to us, subject to appropriate confidentiality obligations.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

7. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction. When we transfer personal data internationally, we implement appropriate safeguards to ensure that your information receives an adequate level of protection, including standard contractual clauses approved by relevant regulatory authorities.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• End-to-end encryption for data in transit and at rest.
• Multi-factor authentication, including hardware security key (YubiKey) support for account access.
• Regular security assessments and penetration testing of our systems.
• Strict access controls and role-based permissions for employees who handle personal data.
• Incident response procedures to address potential data breaches promptly and effectively.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the purposes for which we process it, applicable legal requirements, and whether we can achieve those purposes through other means. In general:

• Account data is retained for the duration of your account and for a minimum of 5 years after account closure, as required by financial regulations.
• Transaction records are retained for a minimum of 7 years to comply with applicable tax and financial reporting obligations.
• Technical and usage data is typically retained for up to 2 years for analytics and security purposes.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request that we correct any inaccurate or incomplete personal data.
• Right to Erasure: You may request that we delete your personal data, subject to our legal retention obligations.
• Right to Restriction: You may request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You may object to the processing of your personal data where we rely on legitimate interests as our legal basis.
• Right to Withdraw Consent: Where we rely on your consent to process personal data, you may withdraw that consent at any time.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within the timeframe required by applicable law.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and use personal data about you, including to serve interest-based advertising. For detailed information about the cookies we use and the purposes for which we use them, please refer to our Cookies Policy.

12. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information as soon as possible. If you believe that a child under 18 has provided us with personal information, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by updating the "Last updated" date at the top of this page and, where appropriate, by providing a more prominent notice on our website. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us through our Contact page. We will make every effort to resolve any complaints or concerns regarding the use of your personal data in a timely and appropriate manner.