隐私政策和数据保护

for AML Quppy Bot Website (

https://quppyaml.com/

)

INTRODUCTION

1. 
   The Company is committed to being a responsible custodian of the
   information you provide to us and the information we collect in the
   course of operating our business. This Privacy Policy describes how the
   Company may collect and process information received by us in association
   with the operation of the AML Quppy Bot Website (
   
   
   https://quppyaml.com/
   
   
   ) and the provision of Services outlined in the
   
   
   Terms of Use
   
   
   . This Policy is addressed to the Company’s clients as well as to
   those individuals who will provide their personal data for processing
   (hereinafter – Data Subjects).
   
2. 
   Your Personal Data is processed in accordance with the
   
   
   General Data Protection Regulation
   
   
   (Regulation EU 2016/679, further – “the GDPR”), the
   
   
   Data Protection Act 2018
   
   
   and other relevant legislation with respect to the accepted principles of
   good information handling (collectively referred to as the “Data
   Protection Legislation”).
   
3. 
   This Privacy Policy shall be governed by the laws of Hong Kong. 
   
4. 
   For all intents and purposes, the English language version of this
   Privacy Policy will be the original, governing instrument. In the event
   of any conflict between the English language version of this Privacy
   Policy and any subsequent translation into any other language, the
   English language version will govern and control.
   

DEFINITIONS

“Company” means QUPPY PAY LIMITED, a company registered in
Hong Kong with registration number 3148041, having its registered office
at Room 747, 7/F Star House 3, Salisbury Road Tst, Hong Kong  (the
“Company”, “We”), which operates AML Quppy Bot
website available at https://quppyaml.com/ (referred to as
“we” and “us” hereinafter);

1. 
   “Website” means the AML Quppy Bot website operated by the
   Company and available at https://quppyaml.com/ ;
   
2. 
   “Privacy Policy” means the latest version of the
   Company’s Privacy Policy which describes our policies and
   procedures pertaining to the collection, use, and disclosure of your
   Personal Data;
   
3. 
   “Personal Data” means any information relating to the User,
   which identifies or may identify the User;
   
4. 
   “User” means an individual or a legal entity that has read
   and agreed to the Terms of Use and the Privacy Policy and uses the
   services of AML Quppy Bot provided by the Company through the Website
   (referred to as “you” or “yours” hereinafter);
   
5. 
   “Services” means the services of AML Quppy Bot provided by
   the Company and available to Users via the Website as set out in detail
   in the Terms of Use. 
   

SCOPE OF THE POLICY

The purpose of this policy is to ensure that the QUPPY PAY’s staff
shall comply with the provisions of Hong Kong law and the EU GDPR when
processing personal data. Any serious infringement will be treated
seriously and may be considered under disciplinary procedures. The company
adheres to the principles of data protection as laid down by the EU GDPR.
In accordance with those principles personal data shall be:

• 
  Processed fairly and lawfully and in a transparent manner in relation to
  the data subject;
  
• 
  Processed for specified, explicit and legitimate purposes only and not
  further processed in a manner that is incompatible with those purposes;
  
• 
  Adequate, relevant and limited to what is necessary in relation to the
  purposes for which they are processed;
  
• Accurate and up to date;
• 
  Kept in a form which permits identification of data subjects for no
  longer than is necessary for the purposes for which the personal data are
  processed;
  
• Not kept longer than necessary;
• 
  Processed in a manner that ensures appropriate security of the personal
  data;
  
• 
  Not transferred outside the countries of the European Economic Area or
  the EU without adequate protection.
  

RESPONSIBILITIES

(a) QUPPY PAY responsibilities. QUPPY PAY is responsible for establishing
policies and procedures in order to comply with the EU GDPR.

(b) Data Protection Officer’s responsibilities. Data Protection
Officer holds responsibility for:

• 
  drawing up guidance and promoting compliance with this policy in such a
  way as to ensure the easy, appropriate and timely retrieval of
  information;
  
• 
  the appropriate compliance with subject access rights and ensuring that
  data is processed in accordance with the Data Protection Act 2018 and the
  EU GDPR;
  
• 
  ensuring that any data protection breaches are resolved, catalogued and
  reported appropriately in a swift manner;
  
• 
  investigating and responding to complaints regarding data protection
  including requests to cease processing personal data.
  

(c) Staff responsibilities. Staff members who process personal data must
comply with the requirements of this policy. Staff members must ensure
that:

• all personal data is kept securely;
• 
  no personal data is disclosed either verbally or in writing, accidentally
  or otherwise, to any unauthorised third party;
  
• 
  any queries regarding data protection, including subject access requests
  and complaints, are promptly directed to the Data Protection Officer;
  
• 
  any data protection breaches are swiftly brought to the attention of the
  Governance Team and that they support the Data Protection Officer in
  resolving breaches;
  
• 
  where there is uncertainty around a Data Protection matter advice is
  sought from the Data Protection Officer.
  

Software and network security

The Company holds regular vulnerability scans against our full
infrastructure. We also have external, independent, penetration tests
conducted on a periodic basis.

• 
  Our dashboard supports several regimes of secrecy, so that our clients
  could monitor the status of processing without learning any personal data
  of the their customers.
  
• 
  Code changes are always peer reviewed and static source code reviews are
  performed systematically and at a high frequency.
  
• 
  All engineering and development operations staff are regularly trained on
  system, application and network security.
  
• 
  Our IT and container infrastructure is continuously monitored and audited
  for change.
  
• 
  Critical systems and information are protected with strong authentication
  mechanisms.
  
• 
  All networks connections are protected by firewalls and are monitored by
  cyber security solutions to detect intrusions and suspicious activity.
  
• 
  Machine learning is used to discover malicious behaviour of network
  endpoints and applications.
  
• 
  All our computers, laptops and servers utilise full disk/volume
  encryption and are installed with antivirus/malware protection which is
  automatically updated to the latest version and signatures available.
  

INFORMATION WE COLLECT

When you engage with us, we collect and process your Personal Data, which
includes as follows:

1. 
   Personal identification information, including: name, e-mail address,
   phone number, country, full address, date of birth, registered address,
   banking details;
   
2. 
   Data collected in connection with “Know Your Customer” (KYC)
   compliance, “Anti-Money Laundering” (AML) compliance and
   “Counter-Terrorist Financing” (CTF) compliance;
   
3. 
   Device and website usage data, including: IP addresses; language
   preferences and other device identifiers; information relating to your
   access to the Platforms, such as device characteristics, date and time.
   
4. 
   The Company subjects the personal data to automated reading, verification
   of the authenticity and other automated processing of photos and scanned
   copies of documents and with further check against the data in multiple
   databases, including inter alia International politically exposed persons
   (PEPs) and Sanctions, Country Specific Sanctions Lists, Criminal Lists
   and Financial Lists. Once the personal data is not any more necessary for
   the purposes of applicable compliance rules, the Company shall erase the
   data completely off its servers without leaving any backup copies or,
   based on the same condition, transfer the data to the relevant
   Controller.
   

HOW WE COLLECT YOUR DATA

1. 
   We collect Personal Data directly from you when you use our Website or
   services, communicate with us, or interact directly with us. For example,
   when you complete the contact form on our Website, Application or when
   you contact us via email. 
   
2. 
   We use industry standards for automatically collecting certain
   information about visitors to our Website. We collect information about
   you, or information collected by cookies and similar technologies, when
   you use, access, or interact with our Website. We shall ensure that
   processing is proportionate and that we have carried out a legitimate
   interest impact assessment. To the extent that the use of cookies or
   similar technologies requires your consent, we may also process your
   Personal Data based on your consent. 
   
3. 
   We also may collect information about you from third-party sources,
   including but not limited to, the following channels: 
   

1. 
   5.3.1. marketing partners and resellers;
   
2. 
   5.3.2. advertising partners and analytics providers;
   
3. 
   5.3.3. public databases, credit bureaus and ID verification partners;
   
4. 
   5.3.4. social networks (for example, Twitter). 
   

4. 
   We protect the Personal Data obtained from third parties according to the
   practices described in this Privacy Policy and we also apply additional
   restrictions imposed by the source of data. 
   

DATA SUBJECT’S RIGHTS

Each Data Subject providing his/her personal data to the Company has the
following rights that the Company fully respects:

• 
  Right to obtain confirmation as to whether or not his or her personal
  data are being processed (Article 15 EU GDPR);
  
• 
  Right to obtain rectification of inaccurate personal data without undue
  delay (Article 16 EU GDPR);
  
• 
  Right to erase personal data or “right to be forgotten”
  (Article 17 EU GDPR);
  
• 
  Right to restrict data processing, in particular when the accuracy of the
  data is contested (Article 18 EU GDPR);
  
• 
  Right to receive communications as to rectification or erasure of
  personal data or restriction on processing (Article 19 EU GDPR);
  
• 
  Right to receive personal data in the form that is machine-¬readable
  and ready for transmission to another controller (Article 20 EU GDPR);
  
• 
  Right to object data processing (Article 21 EU GDPR);
  
• 
  Right not to be subject to a decision based solely on automated
  processing (Article 22 EU GDPR). 
  

THE PURPOSES OF COLLECTING YOUR PERSONAL DATA

1. 
   The Company collects your Personal Data for the following purposes:
   
1. 
   to enable you to use our Website and the Services provided through them,
   to create an account or profile, to process information you provide via
   our Website (including verifying that your email address is active and
   valid) in accordance with
   
   Article 6(1)(a) GDPR
   ;
2. 
   to detect and prevent potentially prohibited or illegal activity
   relating to the Company’s services in accordance with
   
   
   Article 6(1)(b),(c) and (f) GDPR
   
   ; 
3. 
   to tailor content, recommendations, and advertisements that we and third
   parties display to you, both on the Platforms and elsewhere online in
   accordance with
   
   Article 6(1)(a) GDPR
   ;
4. 
   to contact you in response to your inquiries, comments and suggestions
   in accordance with
   
   Article 6(1)(b) GDPR
   ;
5. 
   with your consent, to provide you with information, products, or
   services that we otherwise believe will interest you, including special
   opportunities from us and our third-party partners in accordance
   with 
   
   Article 6(1)(a) GDPR
   ;
6. 
   to contact you with administrative communications and, in our
   discretion, changes to our Privacy Policy, Terms of Use, or any of our
   other policies in accordance with
   
   Article 6(1)(c) GDPR
   ;
7. 
   for internal business purposes, such as to improve our Website or
   Application in accordance with
   
   Article 6(1)(b) GDPR
   ; 
8. 
   to issue invoices and collect fees in accordance with
   
   Article 6(1)(f),(b) GDPR
   ;
9. 
   to comply with our policies and obligations, including, but not limited
   to, disclosures and responses in response to any requests from law
   enforcement authorities and/or regulators in accordance with any
   applicable law, rule, regulation, judicial or governmental order in
   accordance with
   
   Article 6(1)(c),(b) GDPR
   .
2. 
   Your Personal Data, whether public or private, will not be sold,
   exchanged, transferred, or given to any other company for any reason
   whatsoever, without your consent, other than for the purpose of
   delivering the requested services and improving our services.
   

PROVIDING YOUR PERSONAL DATA TO THE THIRD PARTIES

1. 
   As a general principle, we collect and process Personal Data in order to
   facilitate or improve the Company’s services or offers. We do not
   sell your Personal Data or share it with third parties, except to the
   extent stated in this Privacy Policy.
   
2. 
   For behaviour statistics and business intelligence we use the services of
   Google LLC (“Google Analytics”), a company located in the
   United States. Your Personal Data that we may provide to Google Analytics
   may include your IP address, and that data is used by Google Analytics to
   generate information about your usage of our service.
   
3. 
   We may share your Personal Data with the following third parties:
   
1. 
   Third-party vendors providing services on our behalf, including
   advertising, analytics, research, customer service, service support,
   data storage, validation, security, fraud prevention, and legal
   services. Such third-party vendors have access to perform these services
   but are prohibited from using your Personal Data for other purposes;
   
2. 
   8.3.2. External services or authorities when such disclosure is
   necessary for compliance with a legal obligation to which we are
   subject, or in order to protect your vital interests and/or the vital
   interests of a third-party;
   
3. 
   8.3.3. Other third parties subject to your consent.
   
4. 
   When we disclose your Personal Data to a third party, we take all
   reasonable steps to ensure that those third parties are bound by
   confidentiality and privacy obligations with respect to the protection of
   your Personal Data. The disclosure is conducted in compliance with legal
   requirements, including entering into data processing agreements with the
   relevant third parties, to ensure that Personal Data is only processed in
   accordance with our instructions, applicable laws and regulations and for
   the purpose specified by us and to ensure adequate security measures.
   

STORAGE AND DELETION OF PERSONAL DATA

1. 
   The Company will retain your Personal Data for as long as we deem it
   necessary to enable you to use the Website and to provide Services to
   you, to comply with applicable laws (including those regarding document
   retention), resolve disputes with any parties and otherwise as necessary
   to allow us to conduct our business.
   
2. 
   The legal basis for retaining your Personal Data is the Company’s
   legitimate interest under
   
   GDPR Article 6(1)(f)
   
   to protect our rights in the light of potential legal disputes during the
   limitation period under law.
   
3. 
   If we have collected your Personal Data in relation to your inquiry to
   us, we retain your Personal Data for up to three (3) years from
   collection, unless the other provided by this Privacy Policy. 
   
4. 
   Notwithstanding anything to the contrary in this Section, we may retain
   your Personal Data where such retention is necessary for compliance with
   a legal obligation to which we are subject to, or in order to protect
   your vital interests or the vital interests of another natural person in
   accordance with
   
   GDPR Article 6(1)(c)
   .
5. 
   When the Company no longer needs to keep your Personal Data, it will
   securely delete or destroy it.
   

PROTECTION OF PERSONAL DATA

1. 
   Your Personal data integrity is of high concern to us. We follow the
   standard practices within the industry to protect the Personal Data that
   we collect and maintain, including using Transport Layer Security (TLS)
   to encrypt information as it travels over the internet. We have therefore
   implemented technology and security policies and procedures intended to
   reduce the risk of accidental destruction or loss, or the unauthorized
   disclosure or access to, such information, reasonably appropriate to the
   nature of the data concerned; unfortunately, however, no data
   transmission over the Internet can be guaranteed to be 100% secure.
   
2. 
   We implemented a number of additional security measures to ensure that
   your Personal Data is not lost, abused, or altered, including, but not
   limited to:
   
1. 
   Physical measures, which means that materials containing your Personal
   Data will be stored in a locked place.
   
2. 
   Electronic measures, which means that computer data containing your
   Personal Data will be stored in the computer systems and storage media
   that are subject to strict log-in restrictions.
   
3. 
   Management measures, which means that only authorized employees are
   permitted to come into contact with your Personal Data and such
   employees must comply with our internal confidentiality rules for
   Personal Data. We have also imposed strict physical access controls to
   buildings and files.
   
4. Technical measures.
3. 
   If you suspect that your Personal Data has been compromised, please
   immediately contact our Customer Support Team at
   
   info@quppyaml.com
   .

USER’S RIGHTS

1. 
   Users residing in certain countries, including the EU, are afforded
   certain rights regarding their personal information:
   
1. 
   the right to access:  you have the right to confirmation as to
   whether or not we process your Personal Data and, where we do, to access
   the Personal Data. Providing that the rights and freedoms of others are
   not affected, we will supply to you a copy of your Personal Data. The
   first copy will be provided free of charge, but additional copies may be
   subject to a reasonable fee;
   
2. 
   the right to object to processing: you have the right to object to us
   processing your Personal Data, citing personal reasons; however,
   understand that we may still process your Personal Data if we have
   lawful grounds to do so, but only if our interests in processing your
   Personal Data are not overridden by your rights, interests, or freedoms;
   
3. 
   the right to rectification: you have the right to have any inaccurate
   Personal Data about you rectified and, taking into account the purposes
   of the processing, to have any incomplete Personal Data about you
   completed;
   
4. 
   the right to data portability: you have the right to obtain and reuse
   your Personal Data for your own purposes across different services. It
   allows you to move, copy or transfer Personal Data easily from one IT
   environment to another in a safe and secure way, without hindrance to
   usability;
   
5. 
   the right to erasure: you have the right to request that the Company
   erase your Personal Data under certain conditions;
   
6. 
   the right to restrict processing: you have the right to request that the
   Company restrict the processing of your Personal Data under certain
   conditions;
   
7. 
   the right to withdraw consent: to the extent that the legal basis for
   our processing of your Personal Data is consent, you have the right to
   withdraw that consent at any time. However, withdrawal will not affect
   the lawfulness of processing of your Personal Data before the
   withdrawal.
   
2. 
   You may exercise any of your rights in relation to your Personal Data by
   contacting our Customer Support. You must note that prior to accessing
   and making changes to your Рersonal Data, we will need to verify your
   identity properly.
   
3. 
   We will aim to respond to your requests regarding your Personal Data
   within 1 (one) month of receipt of any such request.
   

INTERNATIONAL TRANSFER OF PERSONAL DATA

1. 
   We may need to transfer your Рersonal Data to countries which are located
   outside the European Economic Area (“EEA”), for the purpose
   of providing the Services to you. You may be located in a country outside
   of the EEA and therefore we may have no choice but to transfer your
   Personal Data outside of the EEA. 
   
2. 
   Any transfer of your personal information outside of the EEA will be
   subject to a GDPR-compliant guarantee (such a Model Contract Clause
   approved by the European Commission) that will safeguard your privacy
   rights and give you remedies in the unlikely event of a security breach.
   

COOKIES POLICY

1. 
   We use cookies and similar technologies like pixels, tags, and other
   identifiers in order to remember your preferences, to understand how our
   Website is used, and to customize our marketing offerings.
   
2. 
   A cookie is a small data file containing a string of characters that is
   sent to your computer when you visit a website. When you visit the
   websites again, the cookie allows that site to recognize your browser.
   The length of time a cookie will stay on your computer or mobile device
   depends on whether it is a “persistent” or
   “session” cookie. For further information regarding cookies,
   visit
   
   
   allaboutcookies.org
   
   .
3. 
   We use the following types of cookies on our Website: 
   
1. 
   Strictly necessary cookies: these are essential for you to browse our
   Website and use its features. Without these cookies, some online
   services cannot be provided.
   
2. 
   Performance cookies: these collect information about how you use our
   Website. This data may be used to help optimize our Website and make it
   easier for you to navigate.
   
3. 
   Functional cookies: these allow our Website to remember the choices you
   make while browsing the Website and to personalize your
   experience. 
   
4. 
   Third-party cookies: these are placed by websites and/or parties other
   than us. These cookies may be used on our Website to improve our
   services or to help us provide more relevant advertising. These cookies
   are subject to the respective privacy policies for the relevant external
   services.
   
5. 
   Analytics cookies: these are offered by services like Google Analytics,
   to help us understand how long a visitor stays on our Website, what
   pages they find most useful, and how they arrived at 
   
   
   https://quppyaml.com//
   
   .
4. 
   Most web browsers allow you to control cookies through their settings
   preferences. However, if you limit the ability of our Website to set
   cookies, you may impair your overall user experience, as it will no
   longer be personalized to you. 
   
5. 
   In addition to cookies, we sometimes use small graphics images known as
   pixels (also known as web beacons, clear GIFs, or pixel tags). We use
   pixels in our email communications to you (if you have selected to
   receive such communications) to help us to understand whether our email
   communication has been viewed. We also use third-party pixels (such as
   those from Google, YouTube, and other networks) to help us provide
   advertising that is relevant to your interests.
   

CHANGES TO THE PRIVACY POLICY

We may update this Privacy Policy from time to time and we encourage you
to periodically review this page. If we make any material changes in the
way we collect, use, and/or share your Personal Data, we will notify you
by posting notice of the changes in a clear and conspicuous manner on the
Wallet Checker Website at


https://quppyaml.com/

.

CONTACT INFORMATION

Should you have any questions regarding this Privacy Policy, please do not
hesitate to contact us at

info@quppyaml.com