AML/KYC/KYT policy. Policy regarding the storage and processing of personal data

KYT (Know Your Transaction) Policy
Updated 12/21/2022


This policy is aimed at identifying the User in the event of a precedent when the Service has reasonable suspicion that the User is using El-change.com for other purposes.

Such a precedent may arise if the Service suspects illegal actions of the User, which can be qualified as laundering or attempted laundering of digital assets obtained illegally or the funds are of overtly criminal origin. For these purposes, the El-change.com Service has the right to use any legal information, third-party tools for analyzing the origin of digital assets, as well as its own development of a screening system.

In this case, the El-change.com Service reserves the full right to:

     1. Require the User to provide additional information disclosing the origin of digital assets and / or confirmation that these assets were not obtained by criminal means;


     2. Block the account and any operations related to the User. If requested, transfer all available information on the incident to the controlling financial activities and / or law enforcement agencies;


     3. At the request of the regulator (an exchange, a government agency or other organization that has the appropriate legal grounds can act as a regulator) require from the User documents confirming the identity, physical existence, address of registration, solvency;


     4. Return digital assets only to the details from which the transfer was made;


     5. Refuse the User to withdraw funds to the account of third parties without explanation;


     6. Hold the User's funds until the incident is fully investigated;


     7. The service reserves the right to monitor the entire chain of transactions in order to identify suspicious transactions;


     8. The Service reserves the right to refuse to provide the Service to the User if the Service has reasonable suspicions of the legitimacy of the origin of digital assets and to hold funds on special accounts of the Service;


     9. The Service reserves the right to refuse the User to provide the service if the Service has reasonable suspicions of the legitimacy of the origin of digital assets and to hold funds on special accounts of the Service if it is impossible to trace the entire chain of movement of digital assets from the moment they appear.

  
     10. The service reserves the right not to disclose information about the methods and results of the verification.

AML/CTF policy
updated 12/21/2022



The administration of the El-change.com service, realizing the public danger of crimes related to money laundering and terrorist financing, adheres to a set of measures and requirements of the FATF intergovernmental organization, the sixth anti-money laundering directive (6AMLD) and other legislative acts aimed at combating with the legalization of proceeds from crime and the financing of terrorism.

As a consequence of the application of the AML policy, the Service reserves the right to:

     1. Appoint a responsible person (MLRO - Money Laundering Reporting Officer), exercising control and supervision powers for the implementation of the provisions of this Policy.

     2. Monitor all transactions. The Administration reserves the right to ensure the transmission of reports about the suspicious nature of transactions to the appropriate law enforcement agencies through the Responsible Official;

     3. Request from the User any additional information and documents in case of suspicious transactions, also at the request of the regulator (the exchange, government agency or other organization that has the appropriate legal grounds can act as a regulator);

     4. Suspend or terminate a User's account if there is a reasonable suspicion that such User is engaging in illegal activities.

     5. Interaction with state bodies in cases established by law. In the event of an official request from law enforcement or judicial authorities, the Service will be obliged to provide the requested information. Also, the Service Administration has the right to provide the data requested by official representatives of payment systems.

This Policy defines the El-change.com Service's AML/CTF risk criteria. To mitigate this risk, the El-change.com Administration declares that the Service does not accept funds from sub-sanctioned platforms/wallets/exchanges. Transactions from such sources may be frozen indefinitely. As a result of this provision, the Service has the right to suspend financial transactions until a full investigation by the regulator (see Clause 3), in cases where the AML check of the transaction sent by the client shows a significant risk (overall risk assessment of more than 50%, or there are elements in the assessment High Risk - Dark Market, Sanctions, etc.).

However, the above list is not exhaustive and the Responsible Officer will monitor User transactions on a daily basis to determine whether such transactions should be reported and treated as suspicious or should be treated as bona fide.

Conditions for the return of funds stopped for verification based on the results of the AML analysis of the transaction:

Refunds are made after a full check by the Service's security service, which may include identification of the sender. Refunds are made minus a commission of up to 5% of the transaction amount to cover the labor costs for processing the application and arranging a refund.

The return, subject to approval by the Service, will be processed by the Service within 7 (seven) calendar days, starting from the date when the User was notified with the decision of the Service regarding his return request.

Refunds that have not passed the AML check are allowed only at the source of receipt




Policy regarding the processing of personal data
Updated 12/21/2022

This personal data processing policy, together with its other integral parts, is drawn up in accordance with the requirements of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” and determines the procedure for processing personal data and measures to ensure the security of personal data carried out by the Service. The service sets as its most important goal and condition for the implementation of its activities the observance of the rights and freedoms of a person and citizen in the processing of his personal data, including the protection of the rights to privacy, personal and family secrets. This Service policy regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Service can receive about visitors to the El-change.com website

El-change.com Service and its Affiliates undertake to make every effort to protect the privacy of Users. El-change.com uses the information collected about the User to fulfill its contractual obligations and improve customer service.

Please read the text below carefully. The Privacy Policy is intended to explain to the visitors of the Service how and for what purpose the El-change.com Service collects, stores, protects and uses the personal data of its Users.

Basic concepts and terms used in the Policy


Personal data - any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data)

Operator - a legal entity, independently or jointly with other persons organizing and (or) carrying out the processing of personal data for the El-change.com service, the composition of personal data to be processed, actions performed with personal data;

Processing of personal data - any action or set of actions performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;

Website - a set of graphic and information materials, as well as computer programs and databases that ensure their availability on the Internet at the network address https://el-change.com;

Automated personal data collection system - a set of tools designed to process personal data using computer technology;

Dissemination of personal data - actions aimed at disclosing personal data to an indefinite circle of persons;

Blocking of personal data - temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data);

Personal data information system - a set of personal data contained in databases and information technologies and technical means that ensure their processing;

Depersonalization of personal data - actions as a result of which it is impossible to determine, without the use of additional information, the ownership of personal data by a specific User or other subject of personal data;

Providing personal data - actions aimed at disclosing personal data to a certain person or a certain circle of persons;

Dissemination of personal data - any actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or familiarizing with personal data of an unlimited number of persons, including the disclosure of personal data in the media, placement in information and telecommunication networks or providing access to personal data in any other way;

Cross-border transfer of personal data - transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or foreign legal entity;

Destruction of personal data - any actions as a result of which personal data are destroyed irretrievably with the impossibility of further restoration of the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.

General provisions
The most important condition for the implementation of the goals of the El-change.com Service (hereinafter referred to as the Service) is to ensure the necessary and sufficient level of information security of assets, which, among other things, include personal data and the processes within which they are processed.

Ensuring the security of personal data is one of the priorities of the Service.

The Service highly appreciates the relationship with its current and potential Users (hereinafter referred to as Users) and visitors to the Internet resource of the Service, and understands the importance of ensuring the security and confidentiality of their personal data.

By agreeing to the terms and conditions of the User Agreement and / or using the services of the Service, the User thereby gives the Service his full consent to the collection, storage, protection and use of his personal data in accordance with this Privacy Policy, including receiving mailings related to the course fulfillment of the User's orders.

In case of disagreement with this Privacy Policy, the use of the Service must be terminated.

The Service proceeds from the fact that the User who initiates an appeal to the Internet resource of the Service https://el-change.com:

Uses the Internet resource of the Service on its own behalf and reliably indicates personal data in cases where it is necessary;

Defines and controls the settings of the software it uses;

Has the opportunity to get acquainted with this Privacy Policy by clicking on a hypertext link on the main page of the Service.

The concept and composition of personal data

Information constituting personal data is any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data).

Personal data includes - personal information specified by the Client when placing (entering) his personal data, documents (copies of documents, including in electronic form) when filling out electronic forms on the site https://el-change.com, as well as when written requests to the Service, requests through the online chat form on the site https://el-change.com, etc.

This information also includes, but is not limited to:

- FULL NAME;

- Telephone number;

- E-mail address;

- Address of the place of registration;

- Mailing address;

- Details of the identity document and the data contained in it;

- Bank account details and bank account agreement data;

- Photo and video images of the client;

Or other data.

Documents required to identify the User:

- Details of the identity document and the data contained therein;

- Addresses of wallets from which funds were sent;

- Utility bills and/or bank statement;

- Standard data automatically received by the http server when accessing the Internet resource of the Service (host IP address, address of the requested resource, time, type and information about the viewer that sent the resource request, type of the user's operating system, address of the page from which the transition to the requested resource has been made);

- Information automatically received when accessing the Internet resource of the Service (cookies);

or other documents.

Purposes of personal data processing

The Service processes personal data in the following cases:

- To identify the User;

- In order to carry out measures to protect against fraud and other illegal actions;

- To promptly inform about news, expand the list of services provided by the Services, promotions and promotional offers of the Service, as well as to advise Users on a wide range of issues;

- In order to inform about the progress of the execution of the application, about the advertising and / or marketing campaigns conducted by the Service, surveys, studies in relation to the services provided by the Service;

- To maintain a correct registration database of Users;

- In order to analyze statistical data on the use of the Internet resources of the Service, their performance and efficiency, in order to offer Users products and services of higher quality.

Principles of processing, storage and protection of personal data

The processing of personal data by the Service is carried out on the basis of the following principles:

- Lawfulness and fairness of the purposes and methods of processing personal data;

- Compliance of the purposes of processing personal data with the purposes predetermined and declared during the collection of personal data, as well as the authority of the Service;

- Compliance of the volume and nature of the processed personal data, methods of processing personal data with the purposes of processing personal data;

- The reliability of personal data, their sufficiency for the purposes of processing, the inadmissibility of processing personal data that is excessive in relation to the purposes stated when collecting personal data;

- Inadmissibility of combining databases created for mutually incompatible purposes containing personal data;

- Storage of personal data should be carried out in a form that allows you to determine the subject of personal data, no longer than required by the purpose of their processing, if the period of storage of personal data is not established by law, an agreement to which the party, beneficiary or recipient is the subject of personal data;

- Destruction upon achievement of the purposes of processing personal data or in case of loss of the need to achieve them, unless otherwise provided by law.

The Service processes personal data using automation tools, including using information technologies and technical means, including computer equipment, information technology complexes and networks, means and systems for transmitting, receiving and processing personal data, software tools (operating systems, database management systems, etc.), information security tools used in information systems, as well as without the use of automation tools.

The Service has the right to transfer personal data of the subject of personal data in the event of an official request from law enforcement, judicial authorities, as well as official representatives of payment systems. The Service guarantees compliance with this Policy and taking the necessary measures to protect the confidential information of Users.

The Service undertakes not to provide access to the Users' personal data to anyone other than employees, partners of the Service to the extent necessary for doing business, including, but not limited to, banking and credit relationships. The Service guarantees compliance with this Privacy Policy by the specified persons, including the adoption of adequate measures for the storage and protection of personal data of Users.

The Service does not place the personal data of the subject of personal data in public sources without his prior consent.

The Service has the right to disclose personal data of Users to federal or state regulatory and law enforcement agencies in whose jurisdiction the Service is located, in response to relevant legally executed requests for the provision of such information, and also has the right to disclose information about the User in response to court orders or subpoenas .

The Service takes all necessary organizational and technical measures to ensure the security of personal data from accidental or unauthorized access, modification, disclosure or destruction, blocking access and other unauthorized actions. These measures include, in particular, internal review of data collection, storage and processing processes and security measures, including appropriate encryption and physical data security measures to prevent unauthorized access to personal data stores.

Links to Internet resources of third parties

The Internet resource of the Service may contain hypertext links to Internet resources of other (unaffiliated) companies. When switching to another Internet resource using any of these links, the User leaves the Internet resource of the Service. The Service does not manage the Internet resources of other companies and does not control their privacy practices, which may differ from those accepted by the Service. Personal data that the User provides to other companies is not subject to this Privacy Policy. The service recommends that you familiarize yourself with the privacy policy of other companies before providing them with your personal data.

Correspondence sent to the Service
All correspondence sent by Users or visitors of the Internet resource of the Service to the latter (letters, comments on the materials of the Service, etc.) is perceived as restricted information and can be published only with the written consent of the sender. The address, telephone number and other personal data of the sender may not be used without his express consent, except to respond to the subject of the received correspondence.

Cookies

By registering on the website of the Service and using its services without registration, in accordance with this Policy, the User:

- Gives consent to the use of his personal data, as well as their processing: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion , destruction of any information related directly or indirectly to the User, his operations and payments.

- confirms that he is familiar with the processing of the User's personal data by the Service in the interests of the User and in order to provide / provide the User with any consultations (clarifications) and / or in order to offer the User the services provided by the Service and / or services provided by persons in the interests of which the Service operates, by making contacts with Users directly or by phone, mail, as well as in order to prepare for the conclusion, for the purpose of concluding, executing, changing, terminating contracts (agreements) between Users and the Service or persons in whose interests the Service operates, including the proper identification of the User, as well as for the purpose of preparing forms of applications, notifications, agreements, contracts that do not directly entail the conclusion, termination, amendment of the relevant contract, agreement and for other purposes corresponding to the direction of the above goals.

- The user confirms that he is properly acquainted with the purposes of processing his personal data.

- The User confirms that he is notified that the processing of personal data is carried out by the Service in any way, including both using automation tools (including software) and without using automation tools.

- The User confirms that the processing of personal data can be carried out both by the Service and by other persons who have entered into an agreement with the Service on the terms of confidentiality and responsibility for the disclosure of Personal data.

This right (consent) is valid for 3 years and can be revoked by sending a written notice to the Service. This consent is considered withdrawn after 60 (Sixty) days from the date of receipt by the Service of a written notice of the withdrawal of this consent. The day of receipt of the notification shall not be included in the sixty-day period.

Final provisions of the Privacy Policy

This Privacy Policy is an open and public document. The current version is posted on the Internet on the Internet resource of the Service.

The Service reserves the right to change the Privacy Policy, notifying about it on the page located at this address. Changes to the Privacy Policy will be posted on this page. In the event of significant changes, the Service will notify Users in a more explicit way (for example, by sending an email).

This Policy is subject to change, addition in case of amendments to the current legislative acts and the emergence of new legislative acts, and special regulatory documents on the processing and protection of personal data.