Last Updated; April 19, 2022
This Policy may be made available in several languages; all versions are legally binding, but in the event of inconsistency between the English version and a translated version, the English version prevails.
This Policy applies to all visitors and/or users who act in their own personal capacity as our customer or as in their professional capacity, for instance;
- Users who access our Website and/or App or other services provided by
- Our prospective customers identified as such by us or our third parties
- Our registered users who are our customers
- Our suppliers and business partners
- Anyone else who interacts with us via call, email or visit us or otherwise interact with us
We at PROTOCOL33 know and understand how important it is for you to understand how we collect, store, process, share and use your personal data. We respect and protect the privacy of our Users’ personal data in our platform.
The purpose of this Policy is to describe how PROTOCOL33 collects, processes and manages Users’ personal data through the Website and/or App, that are developed to offer PROTOCOL33 services.
a. “Personal data” means any information referring to an identified or identifiable natural person
b. “Data subject” means identified or identifiable natural person to whom Personal Data relates.
c. “Identifiable Natural Person” means a natural living person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his biological, physical, biometric, physiological, mental, genetic, economic, cultural or social identity.
d. “User(s)” means any legal person or entity who visits, and creates an account in the Website and/or App.
e. “Document(s)” includes
i. any medium in which data is recorded, whether printed, or on tape, or film or by electronic means, or otherwise;
ii. map, diagram, photograph, film, microfilm, video-tape, sound recording, or machine-readable record;
iii. any record which is capable of being produced from
f. “Authorized Person” means any natural person appointed by the entity under a letter of authorization to (a)sign in, (b) open an account and (c) to carry out the business of that particular entity
g. “PEP” means a Politically Exposed Person refers to a natural person (and includes where relevant, a family member or close associate) who is or has been entrusted with a prominent public function, including but not limited to, a head of state or government, senior government or an important political party official.
By accessing and using PROTOCOL33 Website and/or App or our services you are consenting and accepting the terms of this Policy. If you do not agree or consent with the details we require with any aspect of this Policy, you shall at any time withdraw your consent and discontinue access or use of our services.
Your Personal data is collected and stored with PROTOCOL33 in order to provide, develop and to enhance our products and services including technical infrastructure, security, compliance, fraud prevention and customer support. We are committed to exercise due diligence when dealing with every User and in the course of conducting business, we ensure that it is able to comply with all the applicable Laws and regulations that require to prevent the facilitation of money laundering and terrorist financing.
The personal data we collect from PROTOCOL33 Users are;
|AUTHORIZED PERSON DETAILS||CORPORATE DETAILS|
|1. Full name||1. Company name|
|2. Date of Birth||2. Country of Incorporation|
|3. Email Address||3. Country of Operation|
|4. Gender||4. Authorized Person’s Details|
|5. Residence Address||5. Ultimate Beneficial Owner Details|
|6. Nationality||6. A copy of Certificate of Incorporation|
|7. Country Code||7. Source of Funds Verification documents|
|8. Telephone number||8. UBO structure|
|9. Employment Status||9. A letter of authorization issued to individual performing on behalf of entity|
|10. Nature of the employment||10. Sanction list & PEP Questionnaire|
|11. Employer details||11. Passport copies of all directors & Shareholders|
|12. Government issued Identity or Driving License||12. Valid Trade License|
|13. Passport details||13. Memorandum of Association|
|14. Proof of Residences||14. Article of Association|
|15. Salary Certificate||15. Registered Address|
|16. Source of Fund||16. Audited financial Statement|
|17. Sanction list & PEP questionnaire||17. UBO Proof of address|
|18. Audio or video recordings||18. Audio or video recordings|
|AUTHORIZED PERSON DETAILS||CORPORATE DETAILS|
|1. IP Address||1. Device- specific information|
|2. Login information||2. Location|
|3. Browser type and version||3. System activity|
|4. Time zone setting||4. Uniform Resource Locators [URL]|
|5. Platform||5. Data collected via Cookies|
|6. Operating System|
|7. Transaction history|
|8. Pages accessed and links clicked|
|9. Public blockchain data|
i. To communicate with User
ii. To comply with legal and regulatory compliance
iii. To detect and prevent frauds and credit risks
iv. To provide, troubleshoot and improve PROTOCOL33 Services
v. To enforce our terms in our User agreement
vi. To provide customer services
vii. To ensure quality control
viii. To ensure network and information security
ix. To enhance and personalize User experience
x. To facilitate corporate acquisitions, mergers or transactions
xi. To engage in marketing activities
xii. For Transaction services
xiii. Purposes for which we seek User’s consent
We may share your personal data with affiliates, selected third parties, including business suppliers, distributors and subcontractors, when it is necessary for the delivery of our services, or when there is a legal basis to do so. The aforementioned third parties only collect, use and disclose your information in the ways indicated by us in order to provide adequate services.
We further ensure that we comply with the applicable data protection legal norms and we shall only share information in the following circumstances:
a. With applicable regulatory bodies of the UAE.In the event of suspicious activities or transactions such as any fraud, tax, money laundering or terrorist financing activities, PROTOCOL33 is obliged to share the User’s personal information with the applicable regulatory bodies.
b. With third party KYC/AML service providers of PROTOCOL33 to identity verification services in User onboarding process and in ongoing transaction monitoring process.
PROTOCOL33 intends to uphold and implement the strictest standards of compliance, security and transparency in its operation, starting with detailed verification of onboard Users and operates transaction monitoring system to trace the nature of the virtual asset wallet to which each of our Users is sending to or receiving from, therefore PROTOCOL33 acquires the User’s information via third party KYC/AML service providers to provide streamlined verification process for individuals and companies with global coverage, configurable verification rules, detailed and case management tools along with PEP database screening, financial crime screening, legality of assets verification and due diligence services.
c. With service providers under contracts to operate the business. For
i. Cloud storage
ii. Payment process
iii. Transaction Monitoring
iv. Network Infrastructure
vi. Customer Support
viii. Data analytics
d. We transfer only the minimum amount of data necessary for a particular outsourced service provider(s) and we only cooperate with the outsourced service providers who can provide and ensure adequate level of Personal data protection.
e. With our affiliates/ business partners as a general part of conducting business to offer services
f. With financial Institution which we partner to process payments you have authorized
PROTOCOL33 ensures that the service providers and affiliates/ business partners who process personal information to acknowledge the confidentiality of this information and to protect the User’s right to privacy by complying with all applicable privacy and data protection laws
PROTOCOL33 maintains physical, technical, administrative and procedural safeguards in connection with the collections, storage and disclosure of User’s personal data. We use firewall barriers, encryption techniques and authentication procedures to maintain the security of User’s online sessions.
PROTOCOL33 Users are requested to protect their account password from unauthorized access to avoid unnecessary authentication issues. In order to circumvent loss, misuse, unauthorized acquisition or alteration of your data, Users are requested to choose the strongest password and to protect the account privacy data from any third-parties. In the event of unauthorized access, the PROTOCOL33 insists the Users to contact us at email@example.com
Furthermore, PROTOCOL33 does not ensure the security or privacy of data transmitted via email, phone or SMS, till such data reaches the domain of our network, since we have no access to protect such data until it reaches our network domain.
PROTOCOL33 shall keep the original or a true copy of all Documents, data and information it receives from its User in a readily retrievable format for five  years.
When an investigation into a suspicious User or a suspicious transaction has been initiated and in the event of proceeding the investigation in respect of the User, PROTOCOL33 shall not destroy any relevant records even though the prescribed period for retention shall have elapsed by the reporting authority, for the reason that we are subjected to certain anti-money laundering laws.
PROTOCOL33 is obliged and bound by the General Data Protection Regulation [GDPR]. This regulation came into effect on May 25, 2018 and PROTOCOL33 will be liable for any violation of its privacy and security standards, with penalties.
Under certain circumstances, you have rights under data protection laws in relation to your personal data which are set out in more detail below
a. Request access This enables you to receive copies of your personal data. We hold about you and to check that we are lawfully processing it. This is also commonly known as a "Data Subject access request". This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
b. Request erasure This enables you to request us to delete or remove personal data where there is no good reason for us continuing to process it. Please note that there may be circumstances where we may be legally entitled to retain your personal data.
c. Request to Restrict Processing This enables you to object to the processing of your personal data, which is processed based on our legitimate interests. In the event of such an objection, we will no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
d. Request to Object Processing You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
e. Request to transfer If you request us, we will provide you or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
The Virtual assets are recorded on a public blockchain. It is a ledger which means a chain of blocks where each block contains the recording of any data transmission. Blockchains are decentralized or third-party networks which are not controlled or operated by any third-party service provider or affiliates or business partners of PROTOCOL33, and we have no access or authority to erase, modify or alter any personal data from such networks.
We reserve the right, at our sole discretion, to modify, amend, supplement or replace this Policy at any time and such update details shall be indicated at the top of this page. We will review and revise this Policy when there are any material circumstances arisen that may affect our ability to apply this Policy pursuant to the provisions of statutory and law requirements. What constitutes a material change will be determined at our sole discretion.
We will inform our Users on all material amendments to this Policy by publishing the updated version of this Policy on our Website and/or App. When an updated version of the Policy is released, your continued access to the Website and/or App means that you agree to the updated content and agree to abide by the updated Policy.
In the event of any comments, questions, inquiries or complaints regarding this Policy, the User has the right to submit questions and/or concerns at firstname.lastname@example.org